Decorative photo: someone reading their email.

Recommendations to protect against potential attacks

Submitted by stauffeg on

With Russian aggression against the Ukraine increasing, the federal government is issuing urgent warnings about the potential for nation-state sponsored attacks against higher education and research. These warnings are serious in light of the recent Russian attacks against US defense contractors. 
 
Anyone doing business with federal government agencies (especially the Department of Defense and Department of Energy) should have heightened awareness and skepticism when receiving unexpected or uncharacteristic communications from colleagues or those who represent themselves as a member of a federal government agency. 
 
You are the first line of defense into CU’s IT infrastructure and you must have awareness in all communications you receive. Pay extra attention to the following: 

  • Email: Your CU email address, as well as any personal addresses, are the most common starting place for a targeted attack. 
    • Protect yourself: DO NOT FOLLOW LINKS contained in emails. If you feel the email is legitimate, navigate to the main website by typing in the primary site address and then navigate to the desired page/resource.    
    • Protect others: REPORT any suspected communications to your CU address by following our phishing guidance. Report suspicious outreach received at your personal email addresses by reporting them to your service provider via their published resources. 
  • Social Media: Beware of new outreach in any platforms you use (Twitter, Instagram, Snapchat, Facebook, etc.)  
    • Protect yourself: Verify the communication using a different contact method. Voice calling is particularly powerful in vetting outreach.      
    • Protect others: Don’t forward or share unvetted outreach or “recommended” content. 
  • Text Message: Beware of text messages from unknown phone numbers or groups.
    • Protect yourself: DO NOT FOLLOW LINKS contained in text messages and delete the message.  
    • Protect others: DO NOT FORWARD suspicious messages and delete them immediately.    

Note that the Cybersecurity & Infrastructure Security Agency (CISA) has issued a “Shields Up” alert for all private and public organizations in the United States

You can find many more cybersecurity best practices and resources on the Office of Information Security website.