Every once in a while I get affirmation that all that I do to try and keep all of you safe is working. This was one of those weeks. I would like to take a moment to toot the horn of Credit Registration.
They receive hundreds of emails from students and prospective students every week. The majority of the time they have no idea who they are talking to. To reduce the chances they will be cyberattack victims, they have put procedures into place that somewhat verify the sender’s identity. It isn’t fool proof, but it is a good balance between practicality and security. What is truly wonderful is their staff follow their procedures.
This week those procedures were tested and they passed. Congratulations Credit Registration!
The MRU community is made up of a diverse group of people. Some of you just like to forward suspicious emails to firstname.lastname@example.org without really doing much investigation on your own. Others like to make a game out of looking for phishing red flags. While still others follow email processing guidelines, just like I have asked. Thanks to all of you, my job is never dull.
That said, we thought it would be a good idea to give all of you one more tool to help with the challenging job of identifying phishing emails. IT Services is proud to announce the launch of the MRU Phish Bowl. The Phish Bowl contains a collection of all the phishing emails that we have received over the past few years. When you receive an email in your inbox and you aren’t quite sure if it is malicious, you can now search the Phish Bowl for it. If the exact email or a very similar one is posted then you know it is malicious and you can simply delete it.
Each post in the Phish Bowl shows you what the email looks like, points out the red flags and lets you know how to deal with similar emails in the future. Not only is it informative but it is also educational.
If an email doesn’t appear in the Phish Bowl, it doesn’t mean that the email is legitimate. You will still have to use the other strategies that you have been implementing to determine if it is malicious. The Phish Bowl is only an additional tool, not a replacement for your current vigilance.
The Phish Bowl is also helpful for those of you who are not sure if they should forward an email to email@example.com or not. If you do a search and find the email already listed, you know there is no need to report it. If it isn’t, then you know you may have a new nasty that needs to be reported.
We will be updating the Phish Bowl as new reports come in. You can access it here, or from the MRU Cybersecurity Hub at mru.ca/cybersecurity. Look for the Phish Bowl link in the section titled Stay Informed.
Last week we launched the Cybersecurity Survey. Unfortunately the survey contained an error that kept students from completing it. The survey is now fixed.
If you had tried to complete the survey but were unable to, please give it another try. Your entry into the $50 gift certificate to the Table is waiting.
Thank you for your patience. We apologize for the inconvenience.
It’s that time of year again when we look back at how we have done for the last 12 months and determine how we can improve. It is cybersecurity survey time!!! Yes, you read correctly the Cybersecurity Survey is ready for your input. Whoo hoo, I can just feel your excitement!
The good news is for completing the survey, you earn a contest entry code for the Cybersecurity Challenge. The better news is we have a sponsor for this year’s survey. I know there will be those of you who were looking forward to winning a grab bag of swag. However you sick folks are going to have to settle for a gift certificate from the Table. That’s right, the terrific folks at NetApp are donating a $50.00 gift certificate. !
To get your free food, you only need to take 5 to 10 min to complete the survey. Your feedback helps shape the cybersecurity awareness program for the next year. Remember we want to know what you ARE doing not what you should be doing. The survey is completely anonymous, so you are free to be 100% honest. The contest draw is independent of the survey so you can give us your anonymous feedback and still enter. You have until November 30, 2019 to complete the survey, we will do the draw that day. We look forward to hearing from you!
Cybersecurity Awareness Month begins October 1 and with it the Cybersecurity Challenge. There are a variety of activities planned for the month that staff, students and faculty can participate in. Each time a staff or faculty member participates in one, they earn a contest entry code. Each code earns them one chance to win a $250.00 gift certificate from Best Buy. Their entry also counts as one point for their team. The team with the most points wins the Golden Superhero Award!
Although students are welcome and encouraged to participate in cybersecurity activities, they cannot enter the draw. This year the challenge runs from October 1, 2019 to October 1, 2020. So you have a whole year to participate in activities and earn contest entry codes. Earn codes by:
- Reading the Cybersecurity Newsletter
- Random newsletters will contain codes throughout the year. Read the newsletter weekly to find the codes.
- Participating in a Main Street event
- Come down to Main Street and participate in that month’s activities. Everyone who participates gets a code and a spin of the prize wheel.
- Attending Lunch n Learns
- Come see speakers present cybersecurity topics. Codes will be given at the end of each talk.
- Attending a movie screening
- Come down to the Ideas Lounge in the Library and watch fascinating documentaries on cybersecurity. Codes will be given at the end of the film.
- Participating in Hack the Box
- Put together a team or participate on your own. Your code is locked inside the box. Can you solve the puzzles and hack your way in?
- Completing online Security Awareness Training or a Security Awareness Workshop
- You get the same code whether you attend a workshop or take the online training.
- Displaying a cybersecurity awareness sticker
- Send me a photo of where you have put your cybersecurity sticker. Your photo will be put on the CSAM website and you will receive a code in return.
- Reading the cybersecurity posters and slides
- Scan the posters and TV screens across campus to see if you can find the codes. There is a new one every quarter.
On Tuesday, October 1, grab your colleagues, fire up your team and start collecting codes! Then Every Monday, check the Leaderboard and find out who is the team to beat. For more details on the Challenge, visit Cybersecurity Hub.
It’s that time of the year again. Time for the old cybersecurity training to go down and the new one to go up. If you haven’t completed Basic IT Security Awareness 2019, you still have a couple more days to finish it up. Tomorrow evening it will be disabled and the grades will be archived. Sunday, September 1 the new course Cybersecurity Awareness Training 2020 will go live. This new course has great new videos and some updated content.
You have until June 30, 2020 to complete the new training course. At that time the course will be taken down. Please put this date into your calendar.
If you take PCI training, you do not have to complete this new course. Your PCI training contains the same cybersecurity information as this one does.
I hope you enjoy the new training course. If you have any questions, comments or concerns please contact me at firstname.lastname@example.org
Lucky me is going on vacation for a few weeks. While I am away, the newsletter will take a pause. I look forward to coming back fully rested and full of inspiration. Watch for new articles focused on busting cybersecurity myths when I return. Until then, stay safe out there.
As part of our continued efforts to ensure the Mount Royal University community receives accurate, helpful and timely information on how to stay cybersafe, the IT Security website has been renamed and redesigned. We are delighted to introduce you to the brand new Cybersecurity Hub!
Along with a new design comes a new URL. You will still be able to use mru.ca/itsecurity to find it, however mru.ca/cybersecurity will also take you there. Let us know what you think of the new design, leave your comments below.
We are always looking for ways to make the blog as helpful, useful and relevant as possible. As part of that we have decided to change it from the IT Security Blog to the Cybersecurity Blog.
By making the change we are hoping to clarify the purpose of the blog and make it easier for people to find it. The name of the blog isn’t all we are changing. The IT Security newsletter is also getting a new name and will now be called the Cybersecurity Newsletter.
The newsletter is also getting a slightly new look to bring it into line with our brand guidelines. You will now find the Mount Royal University logo on the left hand side.
Finally, we are also updating the IT Security website. We are changing the look, the name and expanding and reorganizing content. Look for an announcement coming soon.
Right now you are thinking, ya but they won’t want to go. They will think it’s lame. I have a solution…you register as well. You are cool (you have to be, you read this blog). If you register then everyone will because it’s something all the cool kids are doing. The best part is you get to grill me for 90 min and impress everyone with your extensive cyber security knowledge.