Category: Build a Resilient Cybersecurity Environment

Tech Resolutions For a Safer 2022

Posted on

Staying cyber secure is a great new year resolution that won’t have you counting calories or committing to more exercise!  By adopting some of the resolutions below, the UF community can make a huge difference to their overall cybersecurity safety (also known as your “security posture”).  Enhance your cyber footprint security by:

  1. Changing compromised passwords and creating different passwords for each account. Check for compromised passwords at https://haveibeenpwned.com.
  2. Activating multi-factor authentication (MFA) on critical accounts like email, banking, and social media. Find which sites you use support MFA by visiting https://2fa.directory.
  3. Deleting old social media accounts and other accounts you no longer use.
  4. Reviewing privacy and security settings annually on social media accounts and other sites at least once a year.
  5. Removing unused apps from mobile devices. Unused apps are like unused accounts–they store information that can be used against you if they’re compromised.
  6. Creating a guest network for visitors to your home. If you have smart devices like Ring or Nest, consider creating a guest network for those items. Then if the smart devices get compromised, your home network will still be protected.
  7. Thoroughly delete (“wipe”) all electronic devices before donating or disposing, or have them shredded by a trusted vendor. UF Surplus manages the secure disposal of electronic media and electronic waste of university technology.

For more ways to be cybersafe in 2022,  check out the email safety and computer protection boxes on UF’s Information Security Office website homepage.

Threat to Suspend Your Social Security Number is a SCAM

Posted on

Con artists pretending to be with the Social Security Administration (SSA) are utilizing email, text messages, and phone calls to scare people into providing money and/or personal information. Remember: The SSA will never threaten, scare, or pressure you to take an immediate action.

It is a SCAM if someone…
● Warns of imminent arrest or legal action
● Requests payment by gift card, prepaid debit card, internet currency, or mailing cash
● Pressures you for personal information
● Requests secrecy
● Threatens to seize your bank account
● Promises to increase your Social Security benefit
● Says they have evidence against you, or uses the name of a real SSA official

How to protect yourself from Social Security-related scams:
1. Stay calm. Do not provide money or personal information when you feel pressured, threatened, or scared.
2. Hang up on the caller or ignore the text or email.
3. Report Social Security-related scams. If you receive a suspicious call, text, or email that mentions Social Security, report it to the SSA Office of the Inspector General (OIG). Do not be embarrassed if you shared personal information or suffered a financial loss.

UF’s Information Security Office has an Identity Thefts and Scams webpage where you can learn more about the techniques used by cyber criminals.

Safe Travel is Smart Travel: Cyber Vigilance

Posted on

As flights and hotel bookings surge past pre-pandemic levels, travelers should prepare for a busy holiday season. Crowded airports can be an early holiday gift for identity thieves. Don’t let the chaos of the airport allow you to let your guard down. Gators, remember while traveling over the break period to:

Avoid public Wi-Fi. If you must use free Wi-Fi in airports, cafes, or in hotels, use a VPN to connect. Also, double-check the network’s name (SSID) before connecting. You could unknowingly connect to a spoofed network or someone else’s hotspot, which means what you type could be seen and copied by others.

Beware of vacation rental scams. While perusing Airbnb or Craigslist for a rental, be alert to an offer that’s too good to pass up. Before booking an accommodation online, research the address, owner’s name, and if the property reviews go back more than a few weeks. Check for multiple ways to contact the owner.

Disable auto-connect features. Most phones enable automatic connections for Wi-Fi, Bluetooth, and location services. These features allow others to track your location or send malicious files to your device. Keep these settings disabled when you are not using them!

Visit https://security.ufl.edu/resources/traveling-abroad/ for more cyber tips for travelers.

How To Shop Securely During Black Friday & Cyber Monday

Posted on

‘Tis the season for online shopping. Unfortunately, it’s also the season for holiday scams. With Black Friday and Cyber Monday deals right around the corner, it’s important to know what to look for when shopping for the perfect gift. Here are some tips so you don’t get Scrooged:

Pay with a secure method. Using a credit card provides extra protection for online purchases. Under the Fair Credit Billing Act (FCBA), credit card holders are allowed to dispute fraudulent charges, whereas with a debit card, the money comes directly out of a checking account. Remember to check your bank statements regularly for any unauthorized payments.

Research the seller. Before checking out, verify that the business is legitimate. Search the company’s name online, plus “scam,” to read what others are saying. If you’re unsure, check with the state attorney general or the local consumer protection agency to see if there are any filed complaints.

Don’t fall for fake ads. Fake advertisements lurk on legitimate platforms, including email, social media, and search engines. Think twice before clicking on ads. Go directly to the business’s website to verify that the offer is real.

For more cybersecurity tips, visit https://security.ufl.edu/.

Secure the Swamp Online Scavenger Hunt

Posted on

October 2021 marks the 18th year of Cybersecurity Awareness Month. With the increasing threat of cyberattacks to universities around the world, information security is more timely than ever. UF participates in the initiative every year to empower students, faculty, and staff to own their role in protecting themselves and the university.

This year’s campaign is centered on a “Secure the Swamp!” online scavenger hunt. Each week in October, UFIT will share tips on social media focusing on three themes: phishing, securing your remote work environment, and mobile device security. Students and employees can then test their cybersecurity knowledge by answering four questions on these topics. The hunt begins on Monday, October 25, at 8 a.m. and ends Friday, October 29, at 5 p.m. Participants will have the opportunity to win an exclusive “Secure the Swamp!” T-shirt.

Remember, the UF Information Security Office can’t protect UF by itself. It’s our shared responsibility to keep the university’s data and systems secure. Visit https://security.ufl.edu/ to participate in the scavenger hunt and find more resources. Also, follow UFIT on Twitter (@GoGatorsUFIT), Facebook (@GoGators.UFIT), Instagram (@gogators_ufit), and YouTube (/GoGatorsUFIT) for some clues!

Make Backing Up Files a Regular Part of Your Week

Posted on

While saving files to your computer’s local drive is convenient, if your device is lost, stolen, or damaged, your data could be unrecoverable. Instead, don’t just save to your device’s C: drive–use a GatorCloud service as part of your regular file backup plan! With GatorCloud, you can protect your files on Microsoft OneDrive, Google Suite, and Dropbox. Added bonuses: UF’s versions of these popular services come with additional free storage and enhanced security via the use of GatorLink credentials.

We all know someone whose laptop has been fried or stolen…but an “operator error” (i.e., ourselves) can lead to accidentally deleting or overwriting an important photo or file. Storing data on a UF cloud-based service keeps files from cluttering or overworking your computer’s hard drive. In addition to extra storage, UF’s versions of Dropbox, OneDrive, and Google Suite provides ways to collaborate and share files from any location, from any internet-connected device, at any time.

Ready to get started with GatorCloud? Visit cloud.it.ufl.edu and review the chart showing the features of each service. Anyone in the UF community with questions about setting up or using a GatorCloud applications may contact the UFIT Help Desk.

Campus-Wide Message: Ransomware and Phishing

Posted on

Vice President and CIO Elias Eldayrie emailed all UF faculty, students, and staff this morning with facts about ransomware and phishing. Eldayrie also listed some key success indicators for securing campus, like a decrease in compromised accounts and the increase in reporting potential phishing emails, made possible because of the campus’s buy-in and involvement on cybersecurity issues. The statistics Eldayrie shared are:

Unauthorized Account Usage
Since implementation of multi-factor authentication, UF has seen a 99.7% decrease in compromised accounts
Phishing
Since installation of the phish alert button into GatorMail, faculty, students, and staff have reported more than 14,500 suspicious emails, leading to fewer successful phishing attempts
IT Security Risks
Since launching the new risk assessment process in 2016, 5,200+ risk assessments have been submitted by faculty and staff prior to technology purchase, allowing for review of security gaps and risk

UFIT engages in year-round training and outreach to help UF better understand information security risks, like what to look for before clicking on links in emails–especially those with the [External Email] banner. President Fuchs also recorded a video about ransomware and phishing to support outreach efforts. View the President’s video here.

Additional resources to help our campus community securely teach, learn, research, and conduct university business are listed on https://security.ufl.edu/resources/.

UF’s Cyber Security Framework Program

Posted on

UF’s Information Security Office, in partnership with the Office of Internal Audit and Office of Compliance and Ethics Program, introduced the Cyber Security Framework Program (UFCSF) on July 1. Planned and implemented in response to an audit sponsored by Florida’s Board of Governors, the Cyber Security Framework Program heightens UF’s ability to identify, protect, detect, respond, and ultimately recover from cybersecurity incidents.

The Cyber Security Framework program will provide a high-level view of the operational maturity of units across campus, which are then rolled up into a university-wide maturity rating. This information collected will be used to:

Develop a unified view of the university’s information security environment
Discover gaps in enterprise cybersecurity processes and technology
Create university-wide solutions that reduce risk and increase cybersecurity maturity

The UFCSF program is modeled on the National Institute of Standards and Technology cybersecurity framework and tailored for the university’s OneIT model. Surveys are now being sent quarterly to UF’s 16 colleges and administrative units to evaluate their current processes for protecting computing assets and data, and for assessing risk. More information on the UF’s Cyber Security Framework program is online. Anyone with questions may email the UFCSF program team.

Install Patches [Updates] To Your Devices

Posted on

Whether you are a faculty member, student, or staff, inevitably you’ve worked more from home in the past 16 months than ever before. If you use a personally-owned laptop or PC not managed by UF technical staff, chances are your device(s) aren’t up to date. Outdated devices allow cybercriminals to exploit bugs, so it’s important to secure them. There is an easy way to protect personally-owned devices and the data on them: patching.

A patch, also called an update or software update depending on the device manufacturer, is released to fix security vulnerabilities and other bugs. Applying the update as soon as it’s released is important, because they are often in response to a known vulnerability or virus. Updates not only improve the security of your device, but often provide additional functionality, usability, or performance of features. All software has bugs, and manufacturers constantly identify and patch these–just as cybercriminals constantly look for bugs they can use to attack devices and steal data.

A good way to stay current with patches is to enable automatic updates. Read item #1 on https://security.ufl.edu/resources/protect-your-computer/ for simple instructions to enable automatic updates on Mac and Windows devices. Another good tip: Reboot your laptop, smartphone, PC, and other devices each week, rather than just closing the lid or logging off. Completely shutting down and restarting devices helps to install and apply updates. You can learn more tips on the Information Security Office website.

Encryption Feature Available in O365

Posted on

UF’s GatorMail (O365) service includes an easy and fast way to encrypt email. Encryption protects the privacy of an email message and its attachments by converting the contents from readable text into scrambled text. When you encrypt the email, only the recipient(s) who have the encryption key can unscramble the message and read what you sent. Anyone without the corresponding private key–like an unintended recipient or cyberthief–sees only indecipherable text. UFIT recently completed a project to migrate UF mailboxes to O365, known as GatorMail. Within GatorMail is a new button called Encrypt. (See story image.) Here’s how to use:

1. In an email message, choose Options on the navigation menu and select Encrypt.
2. Choose the encryption restrictions you want the message to have, such as Encrypt-Only or Do Not Forward.

Visit https://www.mail.ufl.edu/‘s “Managing Email” section for more information on how encryption works and other secure emailing tips.