This October may be the United States’ 20th anniversary of Cybersecurity Awareness Month, but at Johnson & Wales University, every day is Cybersecurity Awareness Day.
That’s because JWU’s Chief Information Security Officer Nick Tella and his Information Security Services (ISS) team dedicate their time and efforts to the safety of our campus community.
The team oversees activities to identify, detect, protect, respond to and recover from adverse information security events that might affect our community. They do this through applying technologies and practices to mitigate and manage risks to University information and information systems.
The team also promotes, plans for, and guides the safe use of information and information technology while building awareness of cyber threats, appropriate behavior, and tools and practices in protecting our information assets.
Here are their tips for staying safe online every day:
Check for incorrect grammar, capitalization, verb tenses and generic greetings. "Our Information Security team reviews any emails that look suspicious and block them from going through our network and spreading through JWU’s community. If you do receive one, check to see if the email content comes from a legitimate address form the organization it’s supposed to be from," Tella advises.
He adds, "JWU has a form where you can report any incident to our team."
In fact, JWU’s ITSS team recently sent out a phishing expedition to check how cyber savvy our community is. The test was designed by Information Security Analyst Vishal Ojha, ’18 M.S., to check if JWU community members might fall for clicking on scam links.
Unfortunately, the test did get some nibbles. Owing to the power of financial aid, which JWU provides to 98.5% of its on-campus students, some people just couldn’t resist clicking on this enticing subject: “Student Loan Forgiveness.”
Paid advertisers on your favorite sites may not be what they seem, especially if a deal sounds too good to be true. Hover your cursor over links to be sure that links are really what they claim. If you see any inconsistencies, such as a misspelled brand name, they may directing you to a fraudulent website.
"If you’re entering sensitive data such as your credit card into a website, check its security certificate; the URL should begin with https:// and display a padlock symbol in the address and status bars. Anything on a website can be falsified. If it can’t be verified by the browser you’re using, it shouldn’t be trusted," advises Tella.
Unless you’re responding to a previously communicated deadline from JWU, your bank, etc., don’t give in to anyone trying to make you take immediate action such as completing a transaction or entering credentials. Scammers create a sense of urgency to get you to act before you can think the situation through and check if it’s genuine.
"There’s no emergency or special situation that should make you feel rushed, especially if it’s not following up on a prior communication with that individual or organization," Tella says.
Wildcats should know: there’s no situation where JWU will ask for your username or password via email or over the phone.
"Don’t believe any emails directing you to websites that ask for your JWU credentials," cautions Tella.
Your computer can get infected by malware when you click links, open attachments or download documents you weren’t expecting, even if they appear to be from someone you know. Keeping current with software updates helps prevent malware from infecting your computer.
"It can be a pain to install updates and restart your computer, but there’s good reason for that," Tella explains. "Software updates are vital to repairing flaws, remove vulnerabilities and add new features. Practice good cybersecurity by keeping all devices, software and web browsers up to date."
It might seem easier to set your dog’s name as your password for every account, but if a threat actor gets your password to one account, they might be able to use it to access other accounts with more sensitive data.
"It’s best to have long, complex and unique passwords for every site, and avoid repeating passwords across different sites," suggests Tella. "Even if a site doesn’t require you to do this, a best practice is to use at least 8 characters, a mix of both upper and lowercase letters, a mixture of letters and numbers, and at least one special character."
He adds, "Just avoid using "<" or ">" in your password, as those can cause problems in some browsers."
Want to stay current on JWU ITSS tips and news? Follow them on X (formerly known as Twitter).
Interested in learning how YOU could help keep our digital systems safe? Check out JWU's Cyber Threat Intelligence & Defense program.