Cybersecurity Awareness Month - October 2021
Do Your Part. #Be CyberSmart!
October is Cybersecurity Awareness Month. We recognize the need for cybersecurity every day to keep our information safe, and this month we join others to celebrate cybersecurity by sharing tips to stay cyber safe. To turn away cyber attacks, a little knowledge teamed with critical thinking skills can go a long way!
This year's overarching theme, “Do Your Part. #BeCyberSmart.”, emphasizes the role that we each play in online safety and the importance of taking proactive steps to maintain cybersecurity at home or work.
During this awareness month, we will focus on the following themes. To read more about each theme, click on the theme's title.
As part of the University's effort to improve information security awareness, information security awareness training is now available to staff and faculty on the training page. Staff and faculty can access the available course modules from this page.
Thanks, and have a cyber secure October!
Be Cyber Smart
#CyberMonth #Cybersecurity #InformationSecurity
Facts and Figures
- Human error constitutes over 95% of data breaches. (IBM)
- The average cost of human error in cybersecurity breaches was reported as $3.33 million. (IBM)
Being cyber smart is not just for IT professionals! We all have a responsibility to employ good security practices to better secure the data, devices, and other IT resources we use. We contribute to a more secure digital environment by doing our part.
The following tips have been put together to remind us of how to maintain security on or offline:
- If you are not sure, think before you click on a link. Verify the sender before you take any action.
- Use strong passwords. Your password is personal to you, don't share!
- If available, use additional verification (multi-factor or two-factor authentication) for your user accounts.
- Use anti-virus and keep the software on your device up-to-date. Don't bypass vendor security setting on your device. Enable pin code on your device to prevent unauthorized access.
- Be sure you verify who you share information with and only share what is necessary.
- Store and share information using secure methods.
- Dispose of sensitive papers and unwanted devices securely.
- Use social media sensibly and keep your communication and data private.
- Verify the authenticity of the website you visit before you carry out any sensitive transactions.
- Only use secure Wi-Fi for sensitive online transactions.
To learn more about being #CyberSmart, visit our CyberSmart page.
Phight the Phish - think before you click!
#FightThePhish #Phishing #Ransomware #BeCyberSmart #CyberMonth
Facts and Figures
- 47% of phishing attacks resulted in account compromise. (Mimecast)
- 49% of phishing attacks resulted in malware infection. (Mimecast)
- 45% of the time, individuals provide their information to phishing sites. (ZDNet)
Phishing is a tactic used by cybercriminals to trick people into believing a message or information to make them divulge sensitive information or click on a malicious link. This could then be used by cybercriminals to carry out fraudulent or harmful activities, including gaining unauthorized access to IT systems and information, impersonating individuals for financial gain, carrying out a ransomware attack, etc.
Phishing attacks are carried out through various methods, including email, text messages, social media, and phone calls. Most phishing attacks share common characteristics of a need to respond urgently to a situation and often use familiarity or current issues to increase the likelihood of a victim falling for these scams. The goal is always to steal vital information or compromise an IT system that could then be used to carry out further attacks.
The theme, "Phight the Phish!" is dedicated to increasing awareness of phishing attacks, as they can occur anywhere, at home, work, or when traveling. It aims to highlight the dangers of phishing attacks and how you can identify and respond to them.
We have put together the following resources to help you identify and respond to phishing attempts appropriately.
Be a cyber hero and phight phishing to keep the information you use safe from cyber criminals!
Explore, Experience, Share
Facts and Figures
- 57% of cybersecurity professionals say a shortage of cybersecurity skills has impacted the organization they work for. (ZDNet)
- 80% of companies say they have a hard time finding and hiring security talent. (Gartner)
- By 2029, the cyber security job market is set to grow by 31%. (U.S. Bureau of Labor Statistics)
Explore, Experience, Share focuses on inspiring and promoting awareness and exploration of cybersecurity careers. In this month of cybersecurity awareness, we celebrate cybersecurity professionals, their contributions, and innovations by highlighting a few cybersecurity roles and what they do:
- Network Security Engineer: A network security engineer plays a significant role in securing the network of an organization. His or her role involves configuration, provisioning, and administration of several different components of a network, including security-related hardware and software to ensure that network communication and services are available to those who need it and to protect against cybercriminals. (Fieldengineer.com)
- Security Architect: Security architects think like hackers. They push existing computer and network security systems to their limits. Once security architects identify vulnerabilities in existing systems, they plan and implement architectural changes to boost security structures. These professionals often develop and implement entirely new security architectures. They blend knowledge of security hardware and software, organizational needs, and cybersecurity risks with organizational policies and industry standards to strengthen cybersecurity capabilities. (Cyberdegrees.org)
- Application Security Developer: An application security engineer ensures that every step of the software development lifecycle (SDLC) follows security best practices. They are also responsible for adhering to secure coding principles and aid in testing the application against security risks/parameters before an application is released to end-users.
- Security Systems Administrator: A security systems administrator handles all aspects of system security and protects the virtual data resources of a company. They are responsible for desktops, mobile, and network security, and are also responsible for installing, administering, and troubleshooting system and software issues. (Careerexplorer.com)
- Information Security Risk and Compliance Manager: The main task of this role is to uphold the ethical integrity of the organization and ensure that business operations comply with regulatory requirements. This role often focuses on the implementation of risk management processes that align with best-practice standards, which include but are not limited to policy development and implementation, awareness training, audit, incident management, compliance management, business continuity, and disaster recovery planning, etc.
To learn more about cybersecurity careers, see these video resources on a day in the life of cybersecurity practitioners who have a range of work roles
The National Institute of Standards and Technology partners with various organizations to provide cybersecurity education, training, and workforce development - National Initiative for Cybersecurity Education (NICE).
Building a cybersecurity workforce will enhance security!
Facts and Figures
- Out of 17 industries surveyed, the education sector ranked last in terms of cybersecurity preparedness. (stealthlabs.com)
- The education sector experienced almost 64% of all malware attacks or more than 6.2 million incidents in May 2021. (stealthlabs.com)
- Ransomware accounted for 32% of cybersecurity attacks on the education sector in the first half of 2021 compared to just 11% the year before. (helpnetsecurity.com)
- 30% of users in the education sector were victims of phishing. (stealthlabs.com)
The final week of Cybersecurity Awareness Month challenges us to always try to do our part and #BeCyberSmart. What we do today can affect the future of personal, consumer, and business cybersecurity.
Cybersecurity is a year-round effort and should be one of our first considerations when we handle data, buy new devices and connected services. It is not a one-off exercise but should be a habit, and our responsibility towards ourselves and those who trust us to keep their information safe.
Remember, #Be CyberSmart and keep #CybersecurityFirst in the office, at home, or when traveling.
See our CyberSmart page for good cybersecurity practices.
You will also find useful resources on the Illinois Department of Innovation & Technology website.
If you have any questions, please contact firstname.lastname@example.org.