CSUN is rising to meet new cybersecurity challenges head-on by developing new policies and implementing hardware & software designed to protect information. Cyber Criminals attack organizations or individuals to disrupt daily operations, or for financial gain. Personally Identifiable Information (PII), and Sensitive Personal Information (SPI) such as Social Security number, credit card number, driver's license number, etc. This is some of the most valued and sought after information by Cyber Criminals. When this information is combined, they represent an individual’s identity.
Here are some tips to keep you safe:
Social Engineering
“Social Engineering” is a new word to enter our lexicon in the past few years. Social Engineering is the process of a malicious actor utilizing deception, manipulation, or coercion to try and obtain sensitive, confidential, or personal information for nefarious purposes.
These actors may use email, text, phone, or in-person tactics to obtain this information. CSUN and its community should stay vigilant to these types of attacks. Here are some ways to protect yourself from these types of attacks:
- Email: Do not respond and be sure to delete emails from unknown senders with password reset links, soliciting money (e.g., gift cards), or foreign lottery or sweepstakes winner, as these are often fraudulent.
- Phone/Text: Be cautious of phone calls from individuals requesting payment. Malicious actors today can spoof phone numbers and will misrepresent themselves as banking or merchant institutions.
- In-person: When approached be cautious of individuals who ask for personal information, payment information, or other sensitive material. For students, faculty, and staff who work in secure environments behind doors which require a key or card entrance, be aware of individuals who may follow you in. If the individual states they represent an entity or are there to see someone, ask for identification, or verify if the individual represents the entity. Ask them to wait outside while you confirm their identity or notify the individual they are there to see.
Ransomware
Ransomware is malicious software which takes over a computer and locks it. In most cases, users are presented with a screen displaying a message requesting you to pay a fee to unlock the computer. If this occurs, do not to pay the ransom. To mitigate this type of attack, maintain regular backups of your system to revert to if necessary. It is important to be careful with software you download onto your computer. Avoid clicking on internet ads (click bait) as these may contain malicious links which may start automatic downloads containing malware.
Remote Access
Users should avoid giving remote access out to their computers. Malicious actors often misrepresent themselves as IT Help, software, or antivirus vendors. These malicious actors request to log in to your machine with the intention to cause harm. Avoid giving remote access to your computer unless you are familiar with the source.
Physical Controls
It's best practice to lock PII & SPI data in cabinets, or secure locations to avoid theft. If you are in an area with public access or frequented by many people, locking sensitive information is important. Ensure areas with access to machines such as servers containing sensitive information are properly secured. Maintaining access logs to these areas is recommended.
Data Storage and Retention
Maintaining sensitive PII & SPI information is a risk. If this information is revealed through an attack, it can present long-term risks. It is important to minimize retention of this information as much as possible.
