DATA PRIVACY DAY

On January 28th, Data Privacy Day, we commemorate the signing of the Convention 108, the first legally binding international treaty designed to raise awareness about privacy and data protection. Although privacy and information security may conflict at times, there is no informational privacy without information security. If hackers access our information without permission, we lose our privacy regardless of legal protections. Around campus, bad actors occasionally break through our spam defenses or avoid them by sending text messages, addressing emails to personal accounts, and connecting via social networks to scam students with fake job offers. Cyber criminals also target faculty, staff, students, and business partners by phishing them, breaking into their email accounts, and using those accounts to trick others into sending money or information. Think critically. Protect your colleagues and loved ones.

Increasing AI Threats

The FBI is warning individuals and businesses about cybercriminals utilizing artificial intelligence (AI) to carry out scams and large-scale attacks. With the assistance of AI, cybercriminals create more realistic phishing emails, deepfakes, and other fraud tactics faster reducing the time and effort needed to execute their attack while making it harder for their targets to detect. As a result, it is extremely important to be aware of how to protect yourself from these scams and attacks. To help reduce the risk of falling victim to AI-powered cybercrime the FBI recommends:

• Use caution when receiving unsolicited emails, messages, or phone calls, especially those asking for sensitive information and verify the source before sharing any information
• Use strong security measures like multi-factor authentication
• Stay informed of new scams and consult with cybersecurity experts on any questions

If you ever suspect you or someone you know has fallen victim to a scam or attack you can submit a cyber complaint to the FBI at www.ic3.gov.

Don't Take the Bait: Stay Phish Free! 

Increased frequency and sophistication of phishing attacks pose a great threat to the Drexel community. Unfortunately, many members of the community fall prey to these scams, leading to significant financial losses and the theft of personal information. A concerning trend involves fake job offers, including those falsely claiming to originate from our own faculty. These scams often entice individuals with attractive job opportunities but are designed to steal personal or financial information.

To strengthen security, the Information Security team conducts quarterly phishing simulation exercises. These simulations involve sending simulated phishing emails to Drexel employees to assess their ability to spot potential threats. Employees who fail to identify these simulated attacks must complete additional training to improve their awareness and response to such risks.

If you suspect you have received a phishing email in your Drexel account, please report it right away. For guidance on how to report suspicious emails, visit: drexel.edu/it/security/report-abuse/.

Secure & Share: The Importance Of Data

According to the 2024 Verizon Data Breach Report, the education sector saw a significant rise in miscellaneous errors over the past two years, with misdelivery or mishandling of data being the most prevalent issue. To mitigate these risks, it is essential to implement strict data management practices.

• Understand your audience when sharing a file or folder in your OneDrive or SharePoint library
• Manage Access to your files and folders to ensure only the right people have access
• Periodically monitor the activity on shared files to ensure no unauthorized actions are performed
• Securely share your SharePoint site with external parties
• When using AI tools, such as Grammarly or ChatGPT, it is crucial to recognize that data shared with these tools may be stored, retained, or even used to train the AI. For this reason, individuals are strictly prohibited from entering university confidential, proprietary, or sensitive information (e.g., PII or PHI) into these applications unless:
  
  
  • The tool has been reviewed per ISR-3 by the Third-Party Risk Management Program
  • Drexel University has a contract in place with the application's vendor.

By practicing secure data management and following these steps, you help ensure sensitive information remains protected which is foundational to maintaining data privacy. For more information, follow Drexel’s Microsoft 365 News and Updates.

Dust Up on Your Cyber Knowledge

Get the knowledge you need to protect yourself and others against cyber threats such as phishing and job scams. Take the Drexel University Security Training (D.U.S.T.) training and receive your SANS security training certificate! Students, faculty, and staff can sign up by going to drexel.edu/it/security/awareness-program/dust-self-enrollment/.

Information Security Resources

Stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at drexel.edu/it/security.

For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.

Report any cybersecurity incident to informationsecurity@drexel.edu.