Cybersecurity Awareness Month (CSAM) is part of a global effort to recognize the importance of security in the digital space every October. For CSAM’s 20th anniversary, CU Boulder is joining the overall CU system in getting back to security basics, with an emphasis on security best practices that we should be doing all year long, for every device - work, school, or personal.
The week of October 16-20, CU system will be hosting three webinars for a week of talks and panels discussing work in the security space, ways to secure your university research (hosted by CU Boulder!) and a security roundtable on the state of security for individuals with security leadership from each CU institution. You can learn more about these webinars and how to sign up below.
For those unable to attend our webinars, we’re making sure that we’ve got up-to-date resources, raffles, and trainings focused on securing both your CU Boulder and at home data.
Check out the events and resources lined up to help you be safe and stay that way!
CU Boulder Event
Intersection Insecurity: The Collision of Research Grants, Data Protection Laws, and Information Security at CU Boulder
Tuesday, October 17, 1:00 to 2:00 p.m. MT
Research is foundational to the mission of CU. Regulations, laws, and grant providers have begun introducing strict cybersecurity requirements regarding data handling, storage, and access. Navigating this landscape is fraught with pitfalls, and the ability to rapidly demonstrate compliance can be the difference between winning or losing a grant. Attend a panel of subject matter experts from different departments at CU Boulder for a discussion about the challenges and opportunities we see ahead, as well as resources available to researchers to comply and adequately secure technology and intellectual property.
Recording of the session (session starts at 00:01:22)
Recording Passcode: Pc?1FQ2Y
- Greg Furlich - Research Associate, Center for National Security Initiatives
- Debbie Geha - IT Security Analyst, Security, Office of Information Technology
- Justin Mack - Research Security Coordinator, Research & Innovation Office
- Barbara Schnell - Associate Director of Secure Research Computing, Office of Information Technology
- Scott Maize - Associate Director of Information Security, Office of Information Technology
University of Colorado System Events
Interested in more security talks? Our peer campuses are putting together webinars available to the entire CU system – students, faculty, staff - for the week of October 16-18. Check out the available webinars on the Office of Information Security website.
Resources and Exercises To Keep You Secure
Every year, Cybersecurity Awareness Month has a focus on improving data security and protecting internet users around the world. This year focuses on reminding everyone of best practices around passwords, authentication, phishing, and keeping systems up to date. Check out the resources the university already has for you below.
Up Your Password Game with a Password Manager
Strong passwords are critical to protecting data. They are long, random, unique, and include all four character types (uppercase, lowercase, numbers, and symbols). Password managers are a powerful tool to help you create long, random, and unique passwords for each of your accounts, plus, they make storing passwords and user IDs easy and logging in a breeze. Visit OIT's Password Managers page to learn more.
Turn On Multi-Factor Authentication (MFA)
You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. Enable multi-factor authentication on all your online accounts that offer it, especially email, social media, and financial accounts and use authentication apps or hardware tokens for added security.
For personal use, we recommend making sure that email services and important accounts like the ones you use for banking and finance have MFA enabled.
- CU Boulder's Duo Multi-Factor Authentication page
- General Introduction to MFA from CISA.gov
- MFA for Google accounts
- MFA for Apple ID
Recognize & Report Phishing
Phishing emails, texts, and calls are the number one way that data gets compromised, backed by years of data breach research. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel – not by responding to the sender.
If you're not responding to phishing, you’ve already protected yourself, but you can help protect others by reporting phishing attempts! If you receive a phishing email at your university account, follow OIT's instructions for Reporting Phishing emails so that OIT Security can block it for others and protect your fellow faculty, staff, and students.
If you receive phishing to another account, there may be built-in features you can leverage, or you can forward to the impersonated company’s phishing mailbox - usually email@example.com.
How to report phishing to:
Ensuring your software is up to date is the best way to make sure you have the latest security patches and your devices are protected from the latest threats. Regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.
University-provided systems for your work as a faculty or staff member have software installed to help make sure you patch early and often. For legacy university devices and personal devices, we’ve included some links below to help:
- Automatic Updates for Windows 10
- Automatic Updates for macOS, iOS, tvOS
- Update Apple Apps
- Automatic Updates for Android
IT Security and Campus Security Resources
Looking for more information? Here are some CU Boulder resources to keep you safe year-round: