All month long we'll be sharing articles, tips, and tools that help everyone to secure our world. There are four simple steps that you can take to make a big difference.

• Install updates as soon as they're available.
• Make better passwords. Strong passwords stop hackers.
• Think before you click. Don't get hooked on a phishing scam.
• Use multiple factors. Multifactor authentication can keep you safe if some other security measure fails.

You can help us to spread the word this month by adding the following to your email signature:

Be Cyber Safe: Cybersecurity is everyone's responsibility.
Protect your personal information and university data.

October 2024 Articles

• Safer Sharing in SharePoint and Box
• Cybersecurity in the Age of Artificial Intelligence
• Essential Tips to Keep Your Accounts Secure
• Protect Yourself from Phishing at Work and at Home
• Update Your Software to Upgrade Your Security

Find more great cybersecurity tips from Weill Cornell Medicine Information Technologies & Services.

A Message from Robert Edamala, Chief Information Security Officer

Cybersecurity is our shared responsibility.

Greetings,

It’s that time of year! October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to share helpful resources everyone needs to stay safe and secure online.

The theme this year is Secure Our World. Throughout the month Cornell’s IT Security Office will share all the ways that you can protect yourself, your family, and the Cornell community from online threats year-round.

Cybercrime can do significant damage.

You have likely heard of the numerous cyberattacks affecting many large organizations. In recent months, the attack on Change Healthcare disrupted how pharmacies and hospitals process claims, and the attack on AT&T resulted in millions of account holders’ personal information (including Social Security numbers) being released on the dark web. Colleges and universities have also suffered attacks.

Cyberattacks can be sophisticated.

Cybercrime is a money maker. Cybercriminals are abundant worldwide, and will target anyone and everyone, including individuals like you and me. The advent of artificial intelligence – a tool designed to do great good for the world – can be abused to make scams and phishing attacks harder to detect. 

But we’re not defenseless. 

Fortunately, most attacks are easy to recognize. As a shared responsibility, here are a few ways we can protect ourselves and each other from cyberattacks:

• Watch out for, and do not approve, Duo two-step prompts you didn’t initiate. This likely means your NetID password has been stolen, so change it immediately and contact the IT Security Office.
• Be ever vigilant and report email scammers posing as a professor offering fake jobs, or a supervisor asking you to send money.
• Never share your NetID password or reuse your password on non-Cornell websites and watch out for phishing emails that attempt to steal your password. See the Phish Bowl for examples. 
• Keep your computers up-to-date and install antivirus software. Cornell employees should always use a Cornell-managed Certified Desktop computer that includes essential protections.
• Cornell faculty and staff can use Secure Connect to add an extra layer of security to their Cornell-managed and personal devices. There are many benefits to using passkeys, including keeping your accounts protected even if you've had your password stolen, or you've fallen for a phishing scam.
   

Please join me this month in securing our world. The more informed and empowered you and I are, the safer our community is. 

Thank you.

Robert Edamala

Chief Information Security Officer

Take Charge of Your Cybersecurity

Take these simple steps now—and all year long—to safeguard your personal information and university data.

• Help minimize the likelihood of a breach and learn more about cybersecurity at Cornell.
• Be sure to back up your data and update your software and apps often.
• Learn how to identify two-factor phishing attempts.
• Protect your personal and professional data from ransomware.