Every year, October is National Cyber Security Awareness Month, sponsored by the National Cyber Security Alliance (www.staysafeonline.org). Throughout the month of October, the Office of Information Technology's Information Security staff ramps up their awareness and training efforts for the AU community at-large. There is something for everyone: training courses, posters, and general tips to protect yourself online. Below are common topics that will be mentioned in our communications to campus, if you ever have any questions, contact the IT Help Desk at x2550 and email@example.com.
Print Your Own Cyber Security Awareness Posters or Order Them from OIT
Support Cyber Security Awareness all year long by hanging posters around your office, building, or at home. Select any or all and send us your order (firstname.lastname@example.org subject: cyber posters). We will print copies and deliver them to you within 5 business days. Or print your own, 11 x17.
Phishing Scam Prevention Tips
Phishing scams that are looking to exploit your trust continue to grow in sophistication. This year alone, AU customers have received several messages purporting to be from AU offices or well-known external companies with which you might regularly interact. They can look very real and always have a sense of urgency. Some of these messages ask users to login using their credentials. Often times, these messages include simple links, which when clicked can download malware on to your computer, which can be used to gain access to your personal information.
AU receives an average of 75 reports of fraudulent or "phishing" emails per month. Recently, messages were sent to the campus community purporting to be from AU departments like Human Resources and the Office of Information Technology (OIT). One sophisticated phishing email, in particular, included links directing customers to an exact replica of the AU Portal Login page which, when logged into, forwarded the customer’s credentials to the attackers. As a result, there have been reports of two instances of unauthorized direct deposit changes for members of the AU community, which is similar to cases reported at the University of Michigan.
In light of the recent targeted attacks, it is critically important to be vigilant and make sure you validate the legitimacy of any request that asks you to log in or provide any personal information.
What can you do to avoid being a victim of malicious activity?
Contact the IT Help Desk immediately, if you are being asked for personal information, so we can confirm its legitimacy.
Avoid clicking on links embedded in emails.
Verify your personal information on the AU portal, including any financial information that you may have provided.
Delete unexpected emails asking you to supply personal information.
Be suspicious and change your password, if you suspect any malicious activity.
Open your web browser and type in the web address yourself, if you believe it is legitimate, rather than clicking on a link embedded in an email.
Phone the source to confirm its legitimacy.
Routinely check your credit reports and bank statements.
Remember that OIT will never ask you for your credentials or have you click a link in an email to log in.
AU will continue to assist individuals that are affected by phishing attacks, as well as work with authorities to prosecute the individuals associated with these crimes. If you believe you were victimized by any of the recent attacks, please contact Public Safety immediately. Please be extra careful.
Members of the community are encouraged to contact the IT Help Desk to schedule an IT security awareness presentation for their department or organization.
AMERICAN UNIVERSITY POLICIES CONCERNING IT SECURITY
Did you know that American University has a policies page? Navigate to www.american.edu/policies to find American University’s IT Security, Data Classification, Computer Use and Copyright policies. Almost all of the University-wide policies are listed on this page.
CYBER SECURITY ISN’T JUST FOR OCTOBER!
Staff And Faculty
American University staff and faculty have access to a host of Cyber Security-related content through AsuccessfulU! To access it, log into ASuccessfulU, and choose LEARNING from the navigation drop down. Look for content with titles beginning with “Reducing Your Digital Risk.”