Welcome to Week 2 of Cybersecurity Month! This week, we're taking a hands-on approach to "Protecting Personal Information." Here's how you can put these cybersecurity principles into action.
Recognizing Phishing Scams
Phishing is a fraudulent attempt to obtain sensitive information, such as usernames, passwords, or credit card details, by disguising as a trustworthy entity in electronic communications, typically via email or fake websites.
Example: An individual receives an email that appears to be from Oxy, urging them to scan a provided QR code to confirm their two login portals, warning that failure to do so will result in the loss of their email access. Upon scanning, they are directed to a fake website that mimics the Oxy’s official portal, where they unknowingly enter their login credentials, which are then captured by the attacker.
-
Be vigilant when checking your email and alway check for for red flags, such as:
-
Unfamiliar senders
-
Unusual requests for personal information,
-
Vague questions or demands
-
Spelling and grammatical errors in emails.
-
-
If you suspect an email is phishing, report it to our ITS department immediately at helpdesk@oxy.edu. Do not open any attachments or follow suggested links from the suspicious email.
-
For more information about phishing please visit our website.
-
To access a video tutorial on improving your understanding of phishing, please follow this link to log in to our SANS Litmos training platform. You must login using your Oxy’s email and password first before clicking on the video link.
Social Engineering Awareness
Social engineering is the manipulation of individuals into divulging confidential information or performing actions that compromise security.
Example: An attacker posing as an IT technician calls an employee or student, claiming they need to "verify" their password for a system update. The unsuspecting employee or student shares the password, giving the attacker unauthorized access.
-
When receiving unexpected requests for sensitive information or actions, verify the source through a separate communication channel, such as a phone call.
-
Be cautious of unsolicited phone calls or messages requesting personal information or financial transactions.
-
If you encounter a potential social engineering attempt, report it to helpdesk@oxy.edu.
-
For more information about how to avoid social engineering attacks. Click here.
Protecting Your Data
Protecting your data involves implementing security measures and practices to safeguard academic, personal, and financial information from unauthorized access, breaches, and misuse, ensuring privacy and compliance with relevant regulations.
Example: A student named Sonny frequently accesses Oxy’s online portal to check grades and submit assignments. To protect his data: Sonny sets a strong, unique password for his account and updates it regularly. He activates two-factor authentication, adding an extra layer of security. He is cautious about sharing any academic or personal information over email or social media and verifies any requests for such details directly with Oxy’s administration.
-
Secure physical documents with sensitive information in locked cabinets or drawers.
-
When sharing sensitive information digitally, use secure methods such as encrypted email or password-protected files. You can download 7zip for free which can help password protect your attached documents. We recommend sending the password in a separate email.
-
Ensure that only authorized personnel have access to your records and academic data.
These actions may seem small, but they play a significant role in safeguarding our Oxy community's personal information. Remember, cybersecurity is a collective effort, and your proactive steps contribute to our overall security.