UF Information Security Office – Page 3 – University of Florida Information Technology News

Secure the Swamp Online Scavenger Hunt

Posted on September 30, 2021October 2, 2022

October 2021 marks the 18th year of Cybersecurity Awareness Month. With the increasing threat of cyberattacks to universities around the world, information security is more timely than ever. UF participates in the initiative every year to empower students, faculty, and staff to own their role in protecting themselves and the university.

This year’s campaign is centered on a “Secure the Swamp!” online scavenger hunt. Each week in October, UFIT will share tips on social media focusing on three themes: phishing, securing your remote work environment, and mobile device security. Students and employees can then test their cybersecurity knowledge by answering four questions on these topics. The hunt begins on Monday, October 25, at 8 a.m. and ends Friday, October 29, at 5 p.m. Participants will have the opportunity to win an exclusive “Secure the Swamp!” T-shirt.

Remember, the UF Information Security Office can’t protect UF by itself. It’s our shared responsibility to keep the university’s data and systems secure. Visit https://security.ufl.edu/ to participate in the scavenger hunt and find more resources. Also, follow UFIT on Twitter (@GoGatorsUFIT), Facebook (@GoGators.UFIT), Instagram (@gogators_ufit), and YouTube (/GoGatorsUFIT) for some clues!

UF’s Cyber Security Framework Program

Posted on August 12, 2021October 2, 2022

UF’s Information Security Office, in partnership with the Office of Internal Audit and Office of Compliance and Ethics Program, introduced the Cyber Security Framework Program (UFCSF) on July 1. Planned and implemented in response to an audit sponsored by Florida’s Board of Governors, the Cyber Security Framework Program heightens UF’s ability to identify, protect, detect, respond, and ultimately recover from cybersecurity incidents.

The Cyber Security Framework program will provide a high-level view of the operational maturity of units across campus, which are then rolled up into a university-wide maturity rating. This information collected will be used to:

• Develop a unified view of the university’s information security environment
• Discover gaps in enterprise cybersecurity processes and technology
• Create university-wide solutions that reduce risk and increase cybersecurity maturity

The UFCSF program is modeled on the National Institute of Standards and Technology cybersecurity framework and tailored for the university’s OneIT model. Surveys are now being sent quarterly to UF’s 16 colleges and administrative units to evaluate their current processes for protecting computing assets and data, and for assessing risk. More information on the UF’s Cyber Security Framework program is online. Anyone with questions may email the UFCSF program team.

Tips for Multi-Factor Authentication Efficiency

Posted on August 2, 2021October 2, 2022

Since UF adopted multi-factor authentication (MFA), the number of compromised GatorLink accounts has decreased by 99.7%. Using the multi-factor authentication app provides additional protection to the university’s systems and services. This means your personal information as well as your research files, proposals, and all university data, is better secured.

Tips to enhance your MFA experience:

1. Add a second device to your MFA account, in case your primary device is lost or stolen. UFIT created a short video explaining how to add a device.
2. Use a passcode to authenticate even without an internet connection or cell service. Open the Duo app, then tap the University of Florida drop-down tab on the home screen. Type in the six-digit code provided when logging into UF services.
3. Check the “Remember Me” option to not be prompted to authenticate for 10 hours, as long as you’re using the same browser on the same device.

Visit it.ufl.edu/2fa or contact the UF Computing Help Desk (helpdesk@ufl.edu, 352-392-HELP/4357, 132 Hub) for assistance using multi-factor authentication.

Fake Emails from “UF Faculty” Targeting Students

Posted on July 12, 2021October 2, 2022

Students are reporting suspicious emails in their Gmail or other non-UF inboxes, claiming to be from instructors. These phishing scams enable cybercriminals posing as faculty to convince students to deposit fake checks or send gift cards. Because students often handle email on their phones–where full email addresses are obscured–it isn’t immediately apparent that the email is a phish.

Impostor emails attempt to lure students with high-paying job opportunities and often come from faculty members the student doesn’t know. Cybercriminals can find enough information online to impersonate faculty without having to hack into their UF account. The proliferation of these scams is a great reminder to always be cautious when clicking on any email, no matter who they seem to come from.

Remember:
1. Even if a phishing email doesn’t include a malicious link or attachment, it’s still just as dangerous if you respond.
2. The [External Email] tag will appear in the body of emails originating from outside the university, alerting you that it may well be malicious.

If you think an email in your Gmail or non-UF inbox is a phish, forward the message as an attachment to abuse@ufl.edu.

Cybercriminals Target UF International Community

Posted on May 13, 2021October 2, 2022

UF’s 5,712 international students, along with our international faculty and staff population, are prime targets for criminals who want to leverage their immigration status to steal money and sensitive data.

The UF International Center (UFIC) reported several cases of phishing emails and phone calls from cybercriminals posing as representatives of the U.S. Department of Homeland Security or U.S. Immigration and Customs Enforcement. Scams include threats of deportation, visa revocation, or phony visa lottery acceptances. The fake messages are schemes to solicit money or sensitive information (e.g. Social Security numbers, credit card information, etc.).

“We cannot emphasize enough how important it is for our international students to be aware of scams and phishing attempts that can impact their legal status, identity, and financial future,” said Debra Anderson, director of International Student Support Services for UFIC.

Everyone, regardless of visa status, should think twice before automatically clicking on an email attachment. U.S. government agencies never demand immediate payment over the phone or via email. In fact, contact with U.S. agencies involved in immigration issues always starts with a letter, not a phone call or an email. If you think an email in your GatorMail is suspicious, report it with the Phish Alert Button so UF’s Information Security Office can investigate further.

Protecting UF: Mandatory Information Security Training

Posted on September 21, 2020October 2, 2022

In 2019, audits were conducted of the state’s 12 public universities. The report recommended that the University of Florida enhance its existing information security awareness program with mandatory annual faculty and staff training. This summer, UFIT developed a new training program to meet the Florida Board of Governors recommendation.

“Protecting UF: Information Security Training” consists of four modules: phishing awareness, restricted data, cloud and sharing tools, and general safeguards. Training takes approximately 30-40 minutes to complete and is mandatory for faculty and staff. Emails will deploy from the myTraining portal in the next few days notifying the UF community that training is available. Training must be completed by the close of the fall 2020 semester, with the annual reminder date for re-certification based upon the initial completion date. As part of the Protecting UF program, in January all enrolled students will see a “to do” reminder in ONE.UF to take the phishing awareness training.

This effort is part of a larger program to inform the UF community on how to protect teaching, learning, research, and online activities. Please visit the Information Security Office website for additional information on this training and other security topics.

Simple Changes to be More Cybersecure

Posted on September 14, 2020October 2, 2022

Checking the age of your passwords and reviewing an email link or attachment before opening it can go a long way in protecting yourself from a cyber attack. It’s the world we now live in, so here are some reminders that could save you a lot of heartache and financial and/or identity problems:

1. Check before you click.
Never click on links or open attachments without inspecting the email first. With the enormous volume of malicious emails created and sent every day, being cautious is crucial. Always hover over the email address and look for signs of a scam.
2. Protect and update your passwords.
When was the last time you updated your passwords? Experts recommend updating them every 60 days! Not only should you update passwords, but you should use a passPHRASE. The longer your passwords are, the better.
3. Never leave your electronic devices unattended.
As tempting as it is to ask someone to watch your laptop while in Marston, don’t take this risk. Always take your portable items with you, even if it’s just “for a minute” while you are at the reference desk.

For more ways to be cyber aware, read the Psychology of Phishing story on UFIT News or visit the Information Security Office website.