Cybersecurity Awareness at CSU: A Community Commitment

Throughout September and October, the Division of Information Technology (DoIT) at Colorado State University (CSU) took significant strides to engage the campus community on the critical topic of cybersecurity awareness. With a series of events designed to educate and inform, DoIT emphasized the importance of safeguarding personal and institutional information in an increasingly digital world.

The “Secure CSU” Initiative

Across both the Fort Collins and Pueblo campuses, vibrant signs and informative flyers promoted the “Secure CSU” initiative. This campaign aimed to raise awareness about cybersecurity threats and best practices among students, faculty, and staff. A highlight of this initiative occurred during the home football game on September 14, where DoIT staff connected with hundreds of CSU supporters. This event provided a unique opportunity to discuss the importance of cybersecurity in a lively and engaging atmosphere, reinforcing the message that cybersecurity is a shared responsibility.

Cybersecurity Awareness Month

October is recognized as Cybersecurity Awareness Month, a time when organizations worldwide focus on educating individuals about the importance of cybersecurity. However, at CSU, the commitment to staying cybersecure extends beyond just one month. The university encourages its community to adopt a year-round approach to cybersecurity, emphasizing proactive measures that everyone can take to protect themselves and the institution.

Required Training for Faculty and Staff

To bolster the university’s cybersecurity posture, CSU mandates annual Cybersecurity Training for all faculty and staff. This training is accessible through the Cybersecurity Training and Awareness platform. The program is designed to enhance understanding of cybersecurity threats and share best practices for safeguarding personal and institutional data. By completing this training, faculty and staff become better equipped to recognize and respond to potential cyber threats.

Identifying Phishing Scams

One of the most prevalent cyber threats faced by individuals and organizations alike is phishing scams. These deceptive tactics are designed to trick users into revealing sensitive information. Here are some key indicators to help identify phishing attempts:

• Impersonation of Trusted Organizations: Attackers often masquerade as representatives from well-known companies or institutions to solicit sensitive information.
• Financial Risks: Sharing personal information with attackers can lead to significant financial loss. Remember, CSU will never request passwords, Social Security numbers, or other sensitive information via email.
• Appearance and Content: While some phishing emails may contain obvious errors, more sophisticated scams can appear legitimate. Be cautious of emails requesting you to open files, click links, or enter information.
• Caution with NetID Requests: Be particularly vigilant with emails that ask for your NetID.
• Job Scams: Students seeking employment should be aware of potential job-related scams.
• Verification: If an email seems suspicious, contact the sender directly instead of clicking any links. Engaging with a phishing email can lead to security breaches.

If you suspect you’ve received a phishing email, you can watch this brief video on how to report an Outlook email or follow these steps:

1. Right-click on the email to open the options menu.
2. Select the “Report” option.
3. Choose “Report Phishing.”

If you’re unsure whether an email is malicious, you can contact the Cybersecurity Team to report an incident. Additionally, you can view sample phishing emails and stay updated on current cybersecurity alerts by visiting the cybersecurity web page.

Multifactor Authentication

To further enhance account security, CSU employs Duo, a two-factor authentication system that requires an additional piece of information beyond your username and password. When accessing certain CSU System services—such as Microsoft 365 applications, university email accounts, CSU’s VPN, HR, and Banner—you’ll need to use a device (mobile phone or hardware token) to add an extra layer of security. This can be done through a push notification via the Duo Mobile App or by entering a generated code. For more information, check out this video.

Password Dos and Don’ts

A strong password is your first line of defense against cyber threats. Here are some tips for creating effective passwords:

Do:

• Use a mix of words, symbols, and numbers.
• Aim for passwords with at least 15 characters, as longer passwords are harder to crack. For example, a 6-character password can be broken in just 6 seconds.
• Enhance password strength by modifying phrases with numbers and symbols. For instance, “StarGateReady” could become “StarG8R3ady4499@”.
• Change your passwords regularly to maintain security.

Don’t:

• Avoid using easily accessible personal information, like your birthday or pet’s name.
• Steer clear of common keyboard patterns like “QWERTY” or “123456,” which can be cracked in under 6 seconds.
• Avoid reusing passwords across different accounts. If one gets compromised, all linked accounts are at risk.
• Never share your passwords. The IT help desk, IRS, or your bank will never ask for your password.

Conclusion

By staying vigilant and adopting best practices, we can all contribute to a safer digital environment at CSU. The “Secure CSU” initiative is a reminder that cybersecurity is not just the responsibility of IT professionals; it is a shared commitment among all members of the CSU community. Together, we can ensure that our personal and institutional information remains secure, fostering a culture of awareness and resilience against cyber threats.