Information Security – Page 2 – University of Florida Information Technology News

Help UF Win the Cyber State Championship!

Posted on October 9, 2023October 9, 2023

The Cyber Bowl is back! To spotlight Cybersecurity Awareness Month, UF has challenged nine other Florida universities to beat us on the virtual football field. The 2023 Cyber Bowl is an online competition, held Oct. 9 – Oct. 20. The Gators are competing for the title of State Champions against Florida State University, the University of Central Florida, the University of Miami, Florida Gulf Coast University, University of West Florida, University of North Florida, Florida International University, University of South Florida, and New College.

The Cyber Bowl consists of five questions, each related to social engineering. So, how do the Gators win?

The university with the highest percentage of faculty, students, and staff game players (based on their population number for each affiliation) wins. All that’s needed to register your entry in the game is a valid UFL.EDU email address. Every participating university is answering the same five questions. Just for playing in the Cyber Bowl, you’ll be entered to win a pair of tickets to the sold-out Florida-Florida State game on Nov. 25! UFIT will randomly select the winner from all game entries after the Cyber Bowl ends. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions.

To play, visit cyberbowl.security.ufl.edu anytime between Oct. 9 – Oct. 20 and answer the questions. Make sure to enter your GatorLink credentials at the end of the game, so your entry is counted for UF. Thank you for participating in this year’s Cyber Bowl… and GO GATORS!

Use Precaution When Opening Emails

Posted on September 7, 2023September 7, 2023

Emails with malware and dangerous links increase at the start of each semester. That’s why Vice President & CIO Elias Eldayrie sent a campus-wide communication this week, reminding the UF community to be extra vigilant before clicking on a link or opening an attachment in an email. Three ways you can contribute to a secure computing environment at UF are by taking the information security awareness training, reporting suspicious emails, and being mindful when opening an email marked [EXTERNAL EMAIL].

• Last year, 16,526 faculty and staff completed the Protecting UF: Information Security Awareness training. Additionally, 10,878 students completed Protecting UF’s phishing module. All training modules were updated this summer so be sure to complete it when you receive your annual reminder. Faculty, students, and staff can also take the training anytime of the year.

• Report suspicious messages in GatorMail with the phish alert report button. If an email seems suspicious, just highlight it and click on the phish alert report button in the top right of your email. This action sends the potentially dangerous email to UFIT so staff can investigate. In FY23, more than 48,000 emails were reported using this button.

Although 98.5% of phishing messages received from outside UF in FY23 were blocked, some still get through. Be vigilant about what emails you open, especially those flagged with [EXTERNAL EMAIL]. Dive deeper into cyber tips on https://security.ufl.edu/.

Why You Should Delete Old Apps and Files

Posted on August 31, 2023April 22, 2024

We store everything in our phones–saved media, files, and data stored inside apps. While this makes it convenient to document our life on social media or quickly retrieve a class file, it can also slow down your iPhone or Android device.

Even worse: A phone with tons of data and images stored on it is the holy grail for cybercriminals, who can hack into it and ransom your photos and personal information (like credit card numbers stored in an app) back to you. They can steal your identity and go shopping with your credit card or PayPal balance. They can decide to sell your data on the dark web. Whatever they do will severely disrupt your life. In addition to making sure you
use a strong password on your phone, it’s a good idea to delete any apps from your phone that are obsolete for your life now.

Your device will also run faster if unused apps and files are deleted. Most phones will list when you last visited each app. Did you download an app for a class or for a trip taken last year? If you don’t need it, delete it! Also, relocate content from your phone to an external storage service. Did you know that faculty, students, and staff get 5TB of OneDrive storage? Take advantage of this highly secure free cloud service today! Contact the UFIT Help Desk if you need assistance using OneDrive.

Restricted Data: Retention and Destruction

Posted on August 10, 2023

Restricted data is subject to retention and destruction standards imposed
by federal and state laws, regulatory mandates, and campus policies.
The UF data retention schedule is available on the Smathers Library site.

As important as it is for faculty and staff to know data retention standards, it’s equally important to know how to properly discard restricted data. Different media requires different destruction methods. For example, just throwing away paper records or deleting restricted data from a PC or other device does not meet university requirements. Paper records, CDs, and DVDs with restricted data cannot be reused and should be cross-cut shredded or incinerated. The sanitization and destruction standards policy should be mandatory reading for anyone in the UF community prior to working with or handling restricted data.

UF Property Surplus provides campus with secure media disposal services. They have two drop-off locations, at Building 811 off of Elmore Drive and at the UFIT Help Desk in the Hub. Faculty and staff who have questions about working with or properly disposing of restricted data are welcome to email UF’s Information Security Office.

Protecting Your Smartphone

Posted on July 31, 2023January 5, 2024

Mobile malware is malicious software that targets mobile devices. Widespread ownership and constant daily usage of smartphones make them an ideal target for cybercriminals trying to steal personal information, money, or gain control of a device. Zimperium’s 2023 Global Mobile Threat Report notes a 53% increase in malware affecting cellphones in 2022.

Vulnerabilities in the operating system and activities such as rooting or jailbreaking are the most common means for getting a malware infection. Never jailbreak or root your phone, because the device’s built-in security controls will be disabled. And do not download third-party apps from outside official Apple and Android stores because they are not vetted for malicious content.

Stay cyber-aware, Gators! Did you know anti-malware software is available for most smartphones? Spend 20 minutes to better protect your phone – along with your money and personal information – by reviewing these webpages:

1. Visit UFIT’s ‘protect my mobile device page’ and learn about enabling encryption, turning on automatic updates, and more.
2. Use the Security Checkup feature in DUO’s mobile app to review your phone’s security settings.

Updated Info Security Training for 2023

Posted on July 13, 2023July 16, 2023

Just in time for the new academic year! UF’s Information Security Office has updated its mandatory annual training. Faculty and staff will receive an email reminder on their one-year anniversary of their previous training completion date, but can take the training any time. There are six modules in the training and they take approximately 35-45 minutes to complete. Visit this page to take the training.

The number one cause for compromised GatorLink accounts is when a student, faculty, or staff member opens and responds to a phishing email.

Students can take the phishing module that’s part of the full training. The stand-alone phishing module is a great way to become better informed about how cyber-criminals operate. Now that you’ll be interacting with campus departments and faculty (who cyber-criminals will try to impersonate), students are strongly encouraged to learn how phishing works. Students can find the link to the phishing module training in the ONE.UF menu. The 15-20 minutes you invest in taking the phishing training can pay off in a big way when you learn how to spot and report malicious emails, instead of opening one and inadvertently bringing on a world of hurt on yourself…and potentially your university.

Increasing in Higher Ed: Malware Attacks

Posted on June 12, 2023

Malware attacks against higher education increased by 26% last year. With a reported 191+ million malware attacks in 2022 in the state of Florida alone, cyber-awareness is as important on college campuses as writing skills and advanced math knowledge. Cybercriminals frequently target universities through malware attacks to steal sensitive and restricted data, such as student and employee social security numbers, protected health information, and credit card information. Malware is malicious software or code that steals, encrypts, and/or deletes sensitive information after being introduced to a device through phishing emails, compromised flash drives, fraudulent websites, and peer-2-peer file sharing sites. According to SonicWall, the 10 most common malware file names are:

1. purchase order.exe
2. soa.exe
3. invoice.exe
4. swift copy.exe
5. quotation.exe
6. img-order-confirmation-pdf.exe
7. payment copy.exe
8. ziraat bankasi swift mesaji.exe
9. shipping documents.exe
10. new order.exe

If you receive what you think is a suspicious email or an email with one of these .exe files attached, do NOT open, reply, or click any embedded links or files. Report suspicious emails received in your GatorMail inbox using the phish alert button. Faculty, students, and staff can become better cyber equipped by taking the free training available through the UF Information Security Office.

How to Properly Dispose of Tech Waste

Posted on June 1, 2023

Have you ever wondered what happens to all the outdated tech devices that you throw away? When disposed of incorrectly, the old phones, tablets, laptops, and other gadgets you’ve replaced contribute to a growing problem: tech waste.

The World Health Organization reports 53.6 million tons of tech waste was generated in 2019. By 2030 it is estimated the annual amount will increase to 74.7 million tons! Tech waste can release hazardous chemicals into the environment, causing air, soil, and water pollution. The report also notes these chemicals, such as lead, mercury, and cadmium, can pose a significant risk to human health, including cancer and neurological damage.

There are safe ways to properly dispose of tech waste, such as donating, selling, recycling, or taking electronic devices to specific drop-off locations for e-waste. The City of Gainesville offers free appointments for large-sized electronic item collection. Smaller items can be dropped off at the Alachua County Household Hazardous Waste Collection Center. For campus departments and faculty, students, and staff, UF Property Surplus manages a secure disposal service of electronic media and electronic waste. Contact UF Surplus for service particulars: /https://www.fa.ufl.edu/directives/electronic-media-disposal/.

Let’s work to e-rase our e-waste, Gators!

Rescuing a Hacked Social Media Account

Posted on May 11, 2023

Social media is an essential part of our daily routine but it also exposes users to cyberthreats. Hackers can access personal information through tactics like creating fake login pages, impersonating brand representatives, pretending to be a hiring manager, or even posing as a good friend to trick us into providing login information. Hackers also exploit vulnerabilities such data breaches, weak passwords, and outdated software. A July 2022 NordVPN story revealed 37% of Americans surveyed have had a social media account hacked.

Social media platforms send alerts when login information is changed. If you receive an alert for an unrecognized change, change your password immediately. If you can’t access your account, contact the platform’s customer support and be ready to provide proof of ownership, like a valid state-issued ID.

Always allow software, app, and system security updates to run on your devices, Gators! Adding multi-factor authentication (MFA) to social media also strengthens your accounts’ security. (It’s a good idea to add MFA to all your online accounts, especially ones that store personal information and payment information.) Create different passwords for each platform and don’t use Gatorlink credentials (e.g., your UF email and password) on any social accounts. Check out UFIT’s tips for using MFA and social engineering website to learn how scammers try to seperate you from your money, accounts, and identity.

Safely Use Virtual Payment Apps

Posted on May 4, 2023

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.