Introducing “The 4 Don’ts”
October is National Cybersecurity Awareness Month, a nationwide effort between government and industry to raise awareness about the importance of cybersecurity and help provide the resources we all need to be safer and more secure online. Everyone at FIT can play an important role to prevent a cyberattack here at the college or at home by following effective cybersecurity practices. As part of our focus on Cybersecurity Awareness Month, the Division of Information Technology is launching our new awareness campaign centered on “The Four Don’ts”.
The Four Don’ts include four easily identifiable icons to help the FIT community remember simple things they can do to stay cybersafe every day.
Don’t Assume that emails are benign. Instead, assume they might be harmful and let them earn your trust. One of the core tenets of any scam is that the victim is told they have to act before it’s too late, provoking a sense of urgency. Cybercriminals do this to force you to act before thinking about the inconsistencies of the request.
Don’t Open emails from unknown sources or if the email doesn’t make sense.
Pay close attention to the sender’s email address. Scammers often go to a lot of effort to make it seem like the email is genuine, but unless they’ve already compromised the organization’s email systems (which is very rare), they’ll have to use a different domain. A red flag would be using a popular email domain, such as Gmail, but it will come from an address that looks like, for example, ‘firstname.lastname@example.org’. This is a dead giveaway. If an organization or colleague is going to email you, they’d do it from a company account – in this case, something like email@example.com. Also, keep a lookout for fake emails from supposed retailers you don’t normally shop at or offers of deals that are too good to be true.
Don’t Download files or programs unless you’re 100% sure you trust the source. Take a close look at any email that contains an attachment, because cybercriminals often insert malware in them. If the email is unsolicited and contains an attachment, your alarm bells should be ringing. The best course of action: contact the sender via another channel to check whether it’s genuine and what is included in the attachment. Be wary of downloading freeware or add-ons on the internet. Only download apps and add-ons from reputable sources. If you are not sure, read the reviews and do the necessary research ahead of time.
Don’t Provide personal information in response to email unless you’re 100% sure you’ve verified the source. Identity theft occurs when someone gains access to your personal information and pretends to be you. Cybercriminals have a slew of tactics to steal your information, including what’s called “social engineering.” Social engineering is when the bad actor attempts to earn your trust by providing publicly-available information about you so that you provide more personal information that they can then use to open credit cards in your name or perform other identity
Keep an eye out for “The Four Don’ts” as a helpful reminder of what to watch out for.