Technology Update - Data Privacy Issue
January 26, 2023
DATA PRIVACY DAY
Data Privacy Day recognizes the importance of promoting privacy and protecting data from cyber threats. On January 28th, we commemorate the signing of the Convention 108, the first legally binding international treaty designed to raise awareness about privacy and data protection. This newsletter announces a cybersecurity t-shirt design contest and incoming phishing simulations. It also provides useful information to protect your privacy. For more information, visit the following websites: https://drexel.edu/it/security and https://drexel.edu/compliance-privacy-audit/privacy/data-privacy-week/.
Cybersecurity T-Shirt Design Contest!
The Information Security Office is pleased to announce a t-shirt design contest for Drexel students. The winning design(s) will appear on the front of t-shirts and/or other merchandise to be given out to Drexel students during future campus cybersecurity events, such as our table for National Cybersecurity Awareness month in October, and prizes will be awarded to the winner(s). For more information about the contest, please visit our cybersecurity t-shirt design contest webpage.
Catch the Phish!
Phishing attacks, including Business Email Compromises (BEC), are increasing in sophistication and frequency, and have become the greatest threat to the Drexel community. Bad actors use email and text messages to pose as trusted sources to trick our users into revealing sensitive information or carry out malicious actions — all of which often leads to financial loss, reputational damage, or regulatory violations. Many students, staff, and faculty, including some at Drexel University, fall for these scams and lose thousands of dollars and/or have their identities stolen.
To protect our community, the Information Security team plans to run quarterly employee phishing simulation campaigns throughout 2023. Phishing simulation campaigns consists of sending fake phishing emails to Drexel employees periodically. Employees that do not pass the simulation will receive training to strengthen their awareness and response to attacks.
If you suspect you received a phishing message in your Drexel email account, please report it to us. For more information on the various ways available to report these types of emails, visit: https://drexel.edu/it/security/report-abuse/.
New Year, New Security Practices
With the start of the new year, it is important to stay up to date on security practices in order to secure your personal data. To do so, our security team recommends the following practices:
- Use a unique password for Drexel accounts. Chegg, McGraw Hill, and other companies recently reported data breaches. Drexel faculty, staff, and students who used their Drexel passwords for those services exposed confidential University information unknowingly.
- Use multi-factor authentication for all your non-Drexel accounts. This, and critical thinking, are the two best ways to protect your online information.
- Report phishing emails. Help Drexel’s security team block phishing emails and prevent them from reaching your or your colleagues' mailboxes.
- Back up your data. Drexel’s OneDrive offers up to 5 TB of space to securely store your files.
- Take the DUST training. Upon completion of the DUST training, you will be equipped with the knowledge on how to defend against common cyberattacks.
ANOTHER ONE BYTES THE DUST
Get the knowledge you need to protect yourself and others against cyber threats such as phishing and job scams. Take the Drexel University's Security Training (D.U.S.T.) training and receive your SANS security training certificate! Students, faculty, and staff can request access by emailing email@example.com.
Information Security Resources
To stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at https://drexel.edu/it/security.
For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.
Report any cybersecurity incident to firstname.lastname@example.org.