University Information Services is proud to collaborate with campus OITs and the Office of Information Security on Cybersecurity Awareness Month, a global effort to help every day users learn how to protect sensitive information when using technology whenever and however they connect.

We each have a crucial role to play in cybersecurity. This year’s campaign focused on key security topics every CU employee should know about: Passwords, Multi-Factor Authentication, Phishing and Data Classification.

Passwords & Password Manager

Having unique, lengthy and complex passwords is one of the best ways to immediately improve your cybersecurity. Additionally, you can use a password manager to generate and securely store strong passwords so you don't have to remember them all.

Additional Password Resources:

• Do You Use Any of These Passwords?
• Tech Tips on Password Managers
• Five Reasons to Avoid Password Reuse
• Take the Password Test

Multi-Factor Authentication

Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to verify their identify by inputting an additional security key, such as a randomized code sent to their phone or generated by an app. This extra step ensures that it is twice as hard for someone to access your online account without authorization. When MFA is available, always turn it on because it is both easy to use and incredibly effective. Data shows us that over 99% of account hacks could have been prevented by use of MFA.

Additional MFA Resources:

• Tech Tip on MFA and Smart MFA
• Six Reasons You Need Multi-Factor Authentication

Phishing

Phishing is a tactic where a cybercriminal poses as a legitimate party in hopes of convincing individuals to engage with malicious content or voluntarily sharing sensitive information. Phishing remains one of the most popular tactics among cybercriminals today.

However, while phishing has gotten more sophisticated, keeping an eye out for typos, poor graphics, convoluted email address and other suspicious characteristics can be a telltale sign that the content is potentially coming from a fraudulent sender.

Additional Phishing Awareness Resources:

• Tech Tip: How to report any phishing emails to Microsoft
• Cybercriminals Like to Phish - Don't Take the Bait
• Phishing Scams FAQs

Data Classification

Correctly lassifying or labeling CU information helps determine the security requirements necessary to keep it safe. Information classified as Highly Confidential and Confidential must be protected from compromise, such as unauthorized or accidental access, use, modification, destruction, or disclosure. What type of information do you manage?

Additional Data Classification Resources:

• CU Data Classification
• Classify and Comply: Understanding your data is the first step to protecting it
• Incident Reporting

Looking Ahead

Cybercrimes continue to rise annually. Since our university runs on data, we rely on strong cybersecurity to protect that data. Every employee at CU has a role to play in that security — by employing MFA and signing onto the VPN daily, being vigilant about phishing emails, using strong passwords, and staying knowledgeable about the classification of the data they use.

Behind the scenes, UIS continues to mitigate security risks by installing critical patch updates, upgrading enterprise software and strengthening our network infrastructure. In collaboration with the campuses and the Office of Information Security, UIS is committed to keeping your data protected!