October is Cybersecurity Awareness Month, and NAU is encouraging all community members to implement strong cybersecurity practices. While NAU’s Information Technology Services (ITS) works to strengthen and protect our campus community from all varieties of cybersecurity threats, we need your help and participation to be successful.
Cybersecurity threats are on the rise globally, and educational environments like ours are prime targets for many groups. In Verizon’s 2024 data breach investigation, they determined that 68% of breaches involved an individual falling victim to a scam or attack such as phishing or social engineering, and 62% of attacks were financially motivated with an average cost of $46,000 per breach. We need you to be vigilant. As much as ITS can do from a technical perspective, such as protecting our authentication with Two-Step Verification or providing flags on emails to indicate external senders, some things are still in your hands.
Cyberthreats like phishing, vishing and smishing target our society regularly and, in many cases, can only be detected by a human. Last year, more than 44% of campus employees interactively engaged with, replied to, clicked on or downloaded a document from phishing emails, including simulations provided by ITS. At the start of the Fall 2024 semester, we observed more than 22% of NAU employees interactively engaging with our phishing simulations and only 9% were reported appropriately. The importance of recognizing and reporting phishing emails is critical to campus security and represents one of the university’s top risks.
Employees are not the only targets of these types of attacks: ITS has seen a rise in job and internship scams targeting our student community this semester, and we encourage all students to be on the lookout and report these phishing emails. Remember, if it sounds too good to be true, it probably is.
It is important to recognize the difference between phishing and spam emails. Spam emails, such as those from online retailers, attempt to get you to spend money or support political candidates. You can unsubscribe from those. Phishing emails attempt to get you to hand over sensitive and private information, such as your passwords, two-step verification information or gift card codes. It is important to report these different forms of emails in the appropriate manner so that ITS security analysts can respond appropriately and in a timely manner. The loss of just one NAU account password could compromise both the affected user and the entire university, resulting in significant damages.
Attackers use compromised accounts to target other community members, leveraging their ill-gotten access to further infiltrate NAU and the surrounding community. Protecting your account not only protects yourself and your paycheck, but also protects those around you. Don’t let your account be used to take advantage of fellow students, employees or other university community members.
ITS strongly encourages you to take these steps to protect yourself:
- Use a strong and unique password or passphrase for critical sites such as banking and online shopping. Using strong authentication and unique (non-reused) passwords can go a long way to keeping your personal life safe from attackers. ITS recommends a minimum of a 12-character password or passphrase. Remember, you don’t need to make your password overly complex, but the longer your password is, the harder it is for an attacker to discover it.
- Enable multifactor authentication on any and every site where you are able. Protecting your banking, online shopping and even your social media, like TikTok, with multifactor authentication can help you protect your money and avoid any embarrassment from sensitive information getting out. That extra 15 seconds to accept a push notification, receive a text message or type in a unique code could be the difference between being secure and having an attacker take over your life.
- Keep your devices up to date and fully patched. Validate that you are keeping your computers, phones and software up to date. We all get annoyed when our electronics prompt us to update frequently, but these updates protect you from malicious entities. It is important to regularly apply updates and restart your devices to fully apply these patches. Although your Apple and Windows devices might not be acting slow or giving you trouble from not rebooting, the risk of not fully applying updates on these devices is very real and can have long term implications.
To learn more about phishing and reporting phishing at NAU, visit our website at https://nau.edu/Phishing.
Verizon 2024 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/