National Cyber Security Awareness Month
October is National Cyber Security Awareness Month! With help from our partners at KnowBe4, we dedicate every October to further educating the Wayne State University community about cyber security. The resources on this page have been collected to help you better understand actions you can take on your own to secure your data and devices. All year long, the C&IT Information Security Office works tirelessly to protect the university's systems, software, and sensitive data in its daily operations.
|University Information Security Standards protect your info, devices, and the entire Wayne State community.||Our secure email system keeps you safe from scammers and users have the power to report phishing scams too.||We partner with vendors like DUO Security (two-factor authentication) |
and Global Protect (VPN) to enforce extra layers of security surrounding sensitive data. We encourage all Warriors to consider how they can protect their own data. Being informed and extra cautious online can help us protect the Wayne State communityand it can also keep you safe outside of the Wayne State network.
Quick response codes or QR codes have become a regular part of our everyday lives—but are they safe?
While they are convenient for various applications, QR codes come with certain vulnerabilities and security concerns.
Here's a brief overview of some of the key vulnerabilities associated with QR codes:
- Malicious Codes: Anyone can create QR codes, including cybercriminals. When scanned, they can lead to phishing attacks, malware downloads, or other security breaches.
- URL Spoofing: A QR code can be created with URLs that look legit but actually redirect users to fake websites intended to steal sensitive information, such as log-in credentials. Users should exercise caution when scanning QR codes, especially in untrusted or unfamiliar contexts.
- Pay attention to any sites that require payment, credentials, or your personal information. Scanning QR codes that you find out in the wild can put your device and your information at risk. Malicious actors can use them to trick you into giving away information or allowing device access.
- Only scan codes from trusted entities and in familiar spaces. Look for an accompanying direct URL that you can type into your mobile web browser.
It is just as important to be mindful of the QR codes you create. While they are an easy way to lighten your workload or reach your intended audience, how you create them and share them is important.
Always thoroughly research web services and apps before using them to generate a QR code. These codes can easily be manipulated and abused.
- For extra security, make sure you publish URLs with codes that you use so your users have multiple options and peace of mind interacting with you.
Phishing is a prevalent and persistent cybersecurity threat, and it's particularly relevant to National Cyber Security Awareness Month (NCSAM)
What is phishing?
The purpose of phishing is to trick individuals into divulging sensitive information, such as login credentials, personal information, or financial data. In many cases, they impersonate trusted entities such as banks, universities, or popular online services.
Common phishing methods
- Emails: Phishers send deceptive emails from seemingly trustworthy sources urging recipients to download malicious attachments or click on links that lead to fake websites.
- Text Messages (Smishing): You may also receive fake alerts or offers through text messages that lead to malicious websites or request personal information.
- Social Engineering: Cybercriminals may pose as university officials or classmates to trick students into divulging sensitive information.
How to recognize phishing
- Be cautious of unsolicited emails or messages, especially if they ask for personal information.
- Check for misspelled words, unusual sender addresses, or generic greetings, as these are common signs of phishing.
- Hover over links to see where they lead before clicking. Ensure the URL matches the legitimate website.
- Use strong, unique passwords for each online account.
- Enable two-factor authentication (2FA) whenever possible.
- Install reputable antivirus software to protect against malware.
- Be cautious about sharing personal information online and limit what you post on social media.
A data breach occurs when unauthorized individuals or entities gain illicit access to sensitive, confidential, or personal information. These breaches can materialize through many avenues, such as hacking, malware infiltration, social engineering, or even the physical theft of hardware. The ramifications of such security breaches are profound, encompassing financial losses, identity theft, privacy violations, and the tarnishing of one's reputation.
How to prevent data breaches
To safeguard your university account and personal information from a potential data breach, keep the following considerations in mind:
- Create strong passwords
- Enable two-factor authentication (2fa)
- Keep your software and systems updated Updated:
- Beware of Phishing scams
- Use secure networks
- Protect your physical devices
- Limit personal data sharing
- Educate yourself
If you have reason to believe that your Wayne State account or related personal information has been compromised, immediately change your password and call the C&IT Help Desk at 313-577-4357 so we can secure your account and escalate the situation to our Information Security Office as appropriate. Immediately changing your password will help keep malicious actors out of your account if your credentials have been 'compromised'. Similarly, contacting C&IT will help us secure sensitive data by temporarily altering your account system and service access if necessary so we can protect you and the university from a breach of information.
Placing fraud alert on your credit
To protect yourself from the possibility of identity theft due to a breach, immediately place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect you were a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts, but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety 90 days.
Contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. You will then receive letters from the agencies with instructions on how to obtain a free copy of your credit report from each.
- Equifax: 888-766-0008 or fraudalert.equifax.com
- Experian: 888-397-3742 or experian.com
- TransUnion: 800-680-7289 or transunion.com
Obtain a copy of your credit report
Even if you do not find signs of fraud on your credit reports, we recommend that you remain vigilant in reviewing your credit reports from the three major credit reporting agencies. You may obtain a free copy of your credit report once every 12 months by visiting annualcreditreport.com, calling toll-free 877-322-8228, or completing an Annual Credit Request Form at ftc.gov/bcp/menus/consumer/credit/rights.shtm and mailing it to Annual Credit Report Request Service, P.O. Box 1025281 Atlanta, GA 30348-5283.
Resources and guides
Policies and Standards
Data breach prevention