Cybersecurity Awareness

October 2023

National Cyber Security Awareness Month

Cyber Security is a topic of year-round importance.  October is the nationally-recognized month where Cyber Security Awareness is put into the spotlight, and the CSU system has made efforts to strengthen our bonds between campuses to offer great information and talks.

Our new systemwide Chief Information Security Officer, Josh Callahan, shared a short video we are encouraging everyone to view, which can be found here:  https://www.calstate.edu/impact-of-the-csu/technology/Pages/national-cyber-security-awareness-month.aspx

This year we are promoting webinars offered throughout the CSU system.  You can find the full list of presentations and registration links at the following site:  https://www.calstate.edu/impact-of-the-csu/technology/Pages/webinars.aspx

We want to highlight "Women In Cybersecurity (WICYS) Chat: Building A Culture Of Allyship", being held on October 17 at 1:30PM.  Information and registration is below:

 wicys_reg

On Tuesday, October 24, Dr. Levant Ertaul, Chair of Computer Science, will be providing a library lecture titled, "How Can I Protect Myself in Cyberspace? Can I Get Some Privacy, Please?".  The session runs from 12:15-1:15pm in 159 Mountain Lion Room of the CORE Building.  Details can be found on the library website.

We will be hosting Cyber Clinics again this year, where you can drop by for a casual conversation about cybersecurity topics.  Stay tuned for more information about how to participate in these clinics.

Cybersecurity Crossword Puzzle 2023

Cybersecurity Word Search 2023

 

October 2022

National Cyber Security Awareness Month

From our mobile devices to our campus workstations, anywhere we can connect to a network is a place we need to be cyber-aware.

Every Monday, we will send out an email highlighting a topic of consideration for the week. For 2022, we will be focusing on password strength, phishing-awareness, keeping our devices updated, and more. We will be sending out daily Tweets with a related tip, and we have some fun activities planned too. Cyber security training is an annual requirement, and this can help us keep those concepts fresh.

Our Cyber Clinics will be held weekly, where campus members can ask questions about securing their mobile devices, find out about the latest threats we are facing, and discuss cyber-related concerns. Stay tuned for more information about scheduling and how to participate in these clinics.

NCSAM Word Jumble 2022

NCSAM Crossword Puzzle 2022

February 2022

With recent events in the news between Ukraine and Russia, we know you have questions and concerns.  One of those may be about cybersecurity, and are you or the campus at risk?   We don’t have all the answers, nor do we know what will happen next.  We do know that, from a cybersecurity standpoint, it is important to focus on the fundamentals of security awareness, which are key to protecting yourself both at home and at work. While the sense of urgency may have changed, how cyber attackers target us has not.

By fundamentals, we mean focusing on these three key points. 

  • Phishing: Phishing and related scams are when cyber attackers attempt to trick or fool you into doing something you should not do.   Often these scams are sent as emails, but they can also try to trick you with text messaging, phone calls, or on social media.  Anytime someone is creating a tremendous sense of urgency and rushing you to take an action, or someone is promoting an offer that is too good to be true, this is most likely an attack.
  • Passwords: Strong passwords are the key to protecting your online, digital life.  Make sure each of your accounts is protected by a unique, long password. The longer your password the better.  To keep it simple, use passphrases, a type of password made up multiple words like “honey-butter-happy”.  Whenever possible, enable Multi-Factor Authentication (MFA) on your important accounts, as we have with Duo for your campus account.
  • Updating:  Keep your computers, devices and apps updated and current by enabling automatic updating on all your devices. Cyber attackers are constantly looking for new vulnerabilities in the devices and software you use.  Keeping them automatically updated makes sure these known weaknesses are fixed and your devices have the latest security features.

In addition, there is going to be a tremendous amount of false information spread on the Internet.  Do not trust or rely on information from new, unknown or random social media accounts, such as posts on LinkedIn, Instagram, Facebook or Twitter.  Many accounts on these sites were created for the sole purpose of putting out fake information.  Instead, follow only well-known, trusted news sources who verify the authenticity of information before they broadcast it.  Finally, if you wish to donate to any causes in support of recent events, once again make sure you are donating to a well-known, trusted charity.  There will be many scams attempting to trick people into donating to fake charities ran by cyber criminals. 

If you accidently send your account credentials via email, immediately change your password by following the steps listed at http://www.csueastbay.edu/netid/self-service.html.  Contact the ITS Service Desk at https://csueastbay.service-now.com/sp to submit a ticket or to speak with a technician.  If you receive an email that you believe could be a phishing message, forward it to the Information Security Office at iso@csueastbay.edu

 

October 2021

National Cyber Security Awareness Month

As we know by now, we are engaging with our work, our school, and our personal contacts from just about anywhere.  Knowing how to keep our devices and our data secure has never been more important.

To promote cyber security awareness this year, the Information Security Office will be sending out daily Tweets (@CSUEB_ITS) with a tip to help keep you secure online.  Every Monday, we will send out an email highlighting a topic of consideration for the week.  Cyber security training is required for us all annually, and this is a way for us to keep those concepts fresh in mind.

Due to popularity, we will be hosting Cyber Clinics again this year, where campus community members can drop in and ask questions about securing their mobile devices, find out about the latest threats we are facing, or otherwise share cyber-related questions and concerns.  Stay tuned for more information about how to participate in these clinics.

 

August 2021

NSA Releases Guidance on Securing Wireless Devices While in Public 

The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public.  These recommendations apply to government teleworkers as well as the general public, and include steps you can immediately take. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.

Some of the key points:

  • Avoid connecting to public wifi, such as those offered by coffee shops or airports.
  • Turn off Bluetooth when you are not actively using it.
  • Keep your devices updated, and never unattended.
  • Reboot mobile phones periodically.
  • Use Multi-Factor Authentication wherever possible.

References:

The announcement and link to the full information sheet about securing wireless devices in public can be found at:

https://us-cert.cisa.gov/ncas/current-activity/2021/07/30/nsa-releases-guidance-securing-wireless-devices-while-public

 

December 2020

An Update on "Zoom-Bombing" Events

CSU East Bay Information Technology Solutions (ITS) has received alerts from the maker of Zoom that some meeting access credentials are being posted online, and that meeting hosts are not taking advantage of the security features built into Zoom.  Earlier this year, “Zoom-Bombing”, or hijacking of meetings by non-invited parties, became more prominent, and we are still seeing these actions occur in non-secured Zoom sessions.

The Information Security Office strongly recommends the following steps be taken to increase the security of your Zoom sessions:

  • Require registration, and allow only authenticated users to join your meeting.
  • Disable join before host, and use the “waiting room” feature to control attendees.
  • Do not share links to your session publicly (like using social media). Instead, send the link directly to specific users.
  • Keep your session private: require a meeting password.
  • Set screensharing to “Host Only”.
  • Put suspicious attendees “on hold”, blocking their audio and video connection without removing them from your session. Then, you can verify their identity, and re-add or drop them entirely.
  • Enable “Mute Upon Entry”.
  • Turn off file transfer and annotation, and disable private chat for your attendees.

Please note: during any online conferencing, be aware of what type of information is being shared.  While you may not be actively recording the Zoom meeting using the software directly, there is no method to determine another remote user is not recording their screen.  The CSU has “Data Classifications” that identify what types of information may fall into which category, so be thoughtful about what you might be discussing.

More information about securing your Zoom meetings can be found at https://support.zoom.us/hc/en-us/articles/360041848151-In-meeting-security-options.

 

October 2020

National Cyber Security Awareness Month - Home Edition

More than ever, this year is showing us all how important it is to stay safe and secure online, from wherever we may be connecting.

To promote cyber security awareness this year, the Information Security Office will be sending out daily Tweets (@CSUEB_ITS) with a tip to help keep you secure online.  Every Monday, we will send out an email highlighting a topic of consideration for the week.  Cyber security training is required for us all annually, and this is a way for us to keep those concepts fresh in mind.

Last year, we hosted in-person Cyber Clinics, where campus community members were able to drop by and ask questions about securing their mobile devices.  Due to popularity, we will be hosting these clinics via Zoom for an hour, every Wednesday throughout October.  Stay tuned for more information about how to connect into these virtual clinics.

 

 

July 2020

Scammers Exploit California's COVID-19 Contact Tracing Program

The CSU East Bay Information Security Office (ISO) has been informed of 

“California Connected”, California’s contact tracing program, is a confidential process used by public health departments to slow the spread of COVID-19.  Under this program, public health representatives will telephonically interact with those who have tested positive and alert anyone that may have been exposed, keeping personally identifiable information (PII) confidential.  Representatives will also inquire about symptoms, offer testing guidance, and discuss next steps like self-isolation and medical care.

Legitimate contact tracers may call, email, text, or visit your home to collect information.  They will only send you texts or email indicating when they will contact you and will not ask you to click or download anything.  The information that a legitimate contact tracer may ask you for include: your name and address, health information, and the names of places and people you have visited.

Scammers are impersonating contact tracers so that they can profit from the COVID-19 pandemic.  Along with calls, scammers are sending out links in text messages about fictitious cases.  Scammers may ask for your Social Security Number, financial information, or other sensitive information not required for authentic contact tracing.

5tracer.png

References:

More information about the California Connected tracing program can be found at:

https://covid19.ca.gov/contact-tracing/

California Department of Public Health:

https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/Immunization/ncov2019.aspx

 

April 2020

Update on COVID-19 Spam and Phishing Attacks

The CSU East Bay Information Security Office (ISO) has been informed of new Spam and Phishing attempts using the current Coronavirus and COVID-19 pandemic as their theme.  Spam and Phishing emails are written to promote urgency and fear so that you will provide personal details before you take a moment to verify the credibility of the sender or the message.  Additionally, scammers will use robocalls and text messages to impersonate people you may know and trust, intent on getting you to reply. 

Some examples being reported include:

  • A cell phone scam with the caller claiming to be from the Center for Disease Control (CDC) and urging you to reserve a vaccine for COVID-19 by providing a credit card and/or social security number.
  • A website reporting “infected people” in your area if you enter in your Driver’s License number.
  • A text message offering free passes for Netflix during isolation at home, with a link that takes you to a website containing malware.
  • An offer to get your stimulus check “immediately”, but linking to a malicious website.

Bad actors use fairly similar patterns to compromise users, no matter if it is through email, text, or voice-message.  These attempts tend to fall into four categories, and here is how they can be identified:

  • Authority
    • Is the sender claiming to be someone official (e.g. from your bank, doctor, lawyer, or a government agency)? Criminals often pretend to be important people to convince you into doing what they want.
  • Urgency
    • Does the message state you have a limited time to respond (e.g. in 24 hours, or immediately)? Criminals will threaten you to “act now”, before you take the time to verify their claims.
  • Emotion
    • Does the message make you panic, fearful, or curious? Criminals can use threatening language, make false claims of support, or attempt to lead you on into finding out more, but only if you provide additional sensitive details.
  • Scarcity
    • Is the message offering something in short supply (e.g. medical equipment like masks, money, or even tickets to a sold-out concert)? Fear of missing out on a good deal or opportunity can make you respond quickly and without being skeptical of the source of the offer.

Scammers will take advantage of any opportunity to try and take personal information from you.  If you have any doubts or questions regarding the validity of an email, please contact the Information Security Office at iso@csueastbay.edu.

References:

More information about Phishing can be found at our page:

https://www.csueastbay.edu/security/protect-yourself-from-phishing.html

 

Protect Yourself From COVID-19 Spam and Phishing Attacks

The CSU East Bay Information Security Office (ISO) is aware of new Spam and Phishing attempts using the current Coronavirus and COVID-19 pandemic as their theme.  We see malicious attempts increase during any major event that dominates the news, be they weather-related (hurricane/tornado), or health-related (such as COVID-19).  Scammers will take advantage of any opportunity to try and take personal information from you.

Spam and Phishing emails often follow the same format, written to promote urgency and fear so that you will provide personal details before you take a moment to verify the credibility of the sender or the message.  Additionally, scammers will use robocalls and text messages to impersonate people you may know and trust, intent on getting you to reply.

The ISO recommends the following steps be taken to ensure your online security during these times:

  • Take extra care when handling email that references Coronavirus and/or COVID-19 in the subject line, attachment, or within links.
  • Take extra care with social media posts, calls, or texts that relate to COVID-19.
  • Do not click on links or open attachments in email received from non-campus or unexpected sources.
  • Check the email address of the sender. Legitimate email addresses from East Bay will be in the form of firstname.lastname@csueastbay.edu. Anything else should be considered suspicious.
  • Do not respond to any email or text message that you are not otherwise expecting.
  • Do not provide personal or financial information by email, and hang up on robocalls.
  • Keep your software updated. This includes laptops, desktops, and mobile devices such as smartphones.

If you have any doubts or questions regarding the validity of an email, please contact the Information Security Office at iso@csueastbay.edu.

References:

More information about Phishing can be found at our page:

https://www.csueastbay.edu/security/protect-yourself-from-phishing.html

Visit the Federal Trade Commission for information on Coronavirus scams:

https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing?utm_source=coronavirus

Further tips about safely handling email and attachments can be found at:

https://www.us-cert.gov/ncas/tips/ST04-010

Zoom-Bombing” - Protect Yourself While Teleconferencing with Zoom

The CSU East Bay Information Security Office (ISO) is following reports of hijacking being done to users of the Zoom teleconferencing application.  Instances of this activity, known as “Zoom-bombing”, have taken place across the country while communities are sheltering-in-place and moving to virtual conferencing services.

Each virtual teleconference application has its own unique settings and configurations, with Zoom being no different.  The ISO recommends the following steps be taken to increase the security of your Zoom sessions:

  • Require registration, and allow only authenticated users to join your meeting.
  • Disable join before host, and use the “waiting room” feature to control attendees.
  • Do not share links to your session publicly (like using social media). Instead, send the link directly to specific users.
  • Keep your session private: require a meeting password.
  • Set screensharing to “Host Only”.
  • Put suspicious attendees “on hold”, blocking their audio and video connection without removing them from your session. Then, you can verify their identity, and re-add or drop them entirely.
  • Enable “Mute Upon Entry”.
  • Turn off file transfer and annotation, and disable private chat for your attendees.

Please note: during any online conferencing, be aware of what type of information is being shared.  While you may not be actively recording the Zoom meeting using the software directly, there is no method to determine another remote user is not recording their screen.  The CSU has “Data Classifications” that identify what types of information may fall into which category, so be thoughtful about what you might be discussing. 

If you have any questions about securing Zoom, please contact the Information Security Office at iso@csueastbay.edu.

References:

Data Classifications:

https://www.csueastbay.edu/security/information-security-policy/level-1-data-examples.html

More information about Zoom can be found here:

https://support.zoom.us/hc/en-us/articles/206080966

 

October 2019

Seminar on Cybersecurity and Privacy

"Are We All Living In Glass Houses? Can I Get Some Privacy, Please?"

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cyber Security and Privacy on Monday, October 28th from 12:00 to 1:00 PM in the Biella Room, LI 2126. He will be discussing vulnerabilities and security issues in cyberspace. Pizza will be provided during this lunch time event.

 

Other National Cyber Security Awareness Month Events

To promote cyber security awareness this year, the Information Security Office will be hosting a U-Hour presentation on "Social Engineering & Trust Online".  This presentation will discuss modern methods used to socially engineer people online, why trust is becoming harder to guarantee, and how to improve your defenses.

The U-Hour presentation will be held on:

  • Oct 8 from 12:15pm - 1:15pm in UU-102 (old uu)

Additionally, we will hold "Cyber Clinics" in LI 2501.  Campus members are welcome to drop by these casual sessions with questions about mobile devices (phones, tablets, etc.) and get tips on how to keep them secure and private.

Throughout the month, we will send out a tweet with a tip to help keep you secure online.  Also, each Monday starting on the 7th, be sure to look for a Cyber Security Mad Lib to share out and enjoy.  Our Twitter account is @CSUEB_ITS.

 

October 2018

Seminar on Cybersecurity and Privacy

"Are We All Living In Glass Houses? Can I Get Some Privacy, Please?"

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cybersecurity and Privacy on Monday, October 29th from 12:15 to 1:30 PM in the Biella Room, LI 2126. He will be discussing vulnerabilities and security issues in cyberspace. Pizza will be provided during this lunch time event.

 

October 2016

As part of an effort to promote cyber security awareness at the University, the Information Security Office (ISO) at Cal State East Bay is hosting several events in October, for National Cyber Security Awareness month. Starting with a booth at Al Fresco, where students received information on how to protect themselves online and participated in a quiz about cyber security to win a prize.

Seminar on Cybersecurity and Privacy

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cybersecurity and Privacy on Thursday, October 27th from 12 to 1 PM in the Library Biella Room. He will be discussing vulnerabilities and security issues in cyberspace. PIZZA will be provided during this lunch time event.

2016 Cyber Security Seminar

The FBI movies on cyber security awareness:

The Company Man: Protecting America's Secrets - A short film aimed at educating anyone with a trade secret about the threat and how they can help mitigate it. Based on an actual case, The Company Man: Protecting America's Secrets illustrates how one U.S. company was targeted by foreign actors and how that company worked with the FBI to resolve the problem and bring the perpetrators to justice.

View this movie online FBI The Company Man Movie.

Game of Pawns - To help raise awareness of the foreign intelligence recruitment threat to U.S. college students while studying overseas, the FBI offers a variety of useful resources, including the below interview with a former student caught up in illegal activity.

View this movie online FBI Game of Pawns Movie.

 

Who should I contact if I have more questions?

Please contact the Information Security Office at: iso@csueastbay.edu