I&S Staff,

Please see the article below regarding cybersecurity awareness which is pasted below – the recommendations should all sound very familiar, but are very good reminders of how we can stay diligent against cyber attacks.

As always, feel free to reach out to us with any questions or concerns – we can be reached via e-mail, Teams, in person or the “FACMAN IT HelpDesk” button on the internal website.

A note on links in e-mails – you can always copy-and-paste links into your browser’s address bar to , verify the link goes to a site you are familiar with before navigating there and once there, before entering any personal information or login/password, you can verify the security in your browser with the padlock icon:

padlock URL

Legitimate CU-related sites typically end with “Colorado.edu” or “cu.edu” while attackers may attempt to trick us with domains like “Colorado.edu.us” or “coloradoedu.com” although this can get tricky as services we have known contracts with like Zoom are legitimate and do not end in “Colorado.edu”, for example the following is also a legitimate site:

zoom

Recommendations to protect against potential attacks

As tensions continue to escalate between Russia and the Ukraine, the federal government is issuing urgent warnings about the potential for nation-state sponsored attacks against higher education and research. These warnings are serious in light of the recent Russian attacks against US defense contractors. 
 
Anyone doing business with federal government agencies (especially the Department of Defense and Department of Energy) should have heightened awareness and skepticism when receiving unexpected or uncharacteristic communications from colleagues or those who represent themselves as a member of a federal government agency. 
 
You are the first line of defense into CU’s IT infrastructure and you must have awareness in all communications you receive. Pay extra attention to the following: 

  • Email: Your CU email address, as well as any personal addresses, are the most common starting place for a targeted attack. 
    • Protect yourself: DO NOT FOLLOW LINKS contained in emails. If you feel the email is legitimate, navigate to the main website by typing in the primary site address and then navigate to the desired page/resource.    
    • Protect others: REPORT any suspected communications to your CU address by following our phishing guidance. Report suspicious outreach received at your personal email addresses by reporting them to your service provider via their published resources. 
  • Social Media: Beware of new outreach in any platforms you use (Twitter, Instagram, Snapchat, Facebook, etc.)  
    • Protect yourself: Verify the communication using a different contact method. Voice calling is particularly powerful in vetting outreach.      
    • Protect others: Don’t forward or share unvetted outreach or “recommended” content. 
  • Text Message: Beware of text messages from unknown phone numbers or groups.
    • Protect yourself: DO NOT FOLLOW LINKS contained in text messages and delete the message.  
    • Protect others: DO NOT FORWARD suspicious messages and delete them immediately.    

You can find many more cybersecurity best practices and resources on the Office of Information Security website:

https://www.cu.edu/security/awareness

OIT Phishing Guidance:

https://oit.colorado.edu/it-security/email-phishing/phishing-e-mails-report-suspicious-messages

Categories: