Cybersecurity is a shared responsibility that affects all Americans, and everyone plays a part in keeping the Internet safe.

Please take these simple actions to help keep you, your identity, and your information safer online:

• Set strong passwords and don’t share them with anyone.
• Enable multi-factor authentication on your sensitive accounts. This requires you to use an additional piece of information to verify your identity (such as a PIN sent to your mobile device) to provide an added layer of security.
• Keep your operating system, browser, and other critical software optimized by installing updates.
• Maintain an open dialogue with your family, friends, and community about Internet safety.
• Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
• Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.

You can get more detailed explanations of each topic above at: https://www.dhs.gov/sites/default/files/publications/Week1TipCard-%20508%20compliant.pdf

In addition, Pennsylvania Highlands Community College went a step further and joined the Stop. Think. Connect. Academic Alliance which is a nationwide network of nonprofit colleges and universities committed to promoting safer online practices and encouraging user awareness to avoid harmful cyber-attacks.  You can also join the campaign! You can signup and get more information at:  https://www.dhs.gov/friends-campaign-program

As recent major cybersecurity incidents have shown, cyber criminals often rely on human error – like failing to install software patches, clicking on malicious links, and creating easy-to-guess passwords – to gain access to systems and information. Every one of us – from senior leadership to the newest employees – is responsible for keeping our organization’s information and systems secure. That’s why strong cybersecurity practices are so important.

Cybersecurity isn’t just the job of the IT department. Many of our jobs require the Internet, and anyone with access to our network is a potential point of vulnerability. Cyber criminals are becoming ever more advanced, and we must be vigilant to protect our data and systems from cyber threats.

October is National Cyber Security Awareness Month (NCSAM) and a good time to remind ourselves to be safe online. Below are simple steps you can take to be more cyber secure at work and at home:

• If you come across something suspicious in the cyber world, immediately report it to your IT department.
• Set strong passwords and change them regularly.
• Keep your usernames, passwords, or other computer/website access codes private.
• Only open emails and attachments from people you know.
• Do not install or connect any personal software or hardware to the organization’s network without permission from the IT department.
• Make electronic and physical backups or copies of all your important work. Do the same for your personal files on your home computer.
• When you work from home, secure your Internet connection by using a firewall, encrypting information, and hiding your Wi- Fi network.

You can get more details at:  https://www.dhs.gov/sites/default/files/publications/Week2TipCard-%20508%20compliant.pdf

Pennsylvania Highlands is committed to the cybersecurity of our organization and our employees. 

Information about organizational cybersecurity efforts

• College policies to be aware of regarding Cyber Security
  • Acceptable Use of Information Technology Resources
• Quick tips – Great guide at:  https://heimdalsecurity.com/blog/cyber-security-tips/
  • Allows lock your computer(s) and/or mobile devices when you are away from your desk
  • Never use a USB whose source you don’t know! It can be infected with malware that can even resist formatting.
  • Consider Two-Factor authentication – More info - https://heimdalsecurity.com/blog/start-using-two-factor-authentication/
  • Be careful on friend requests on Facebook, etc.  Don’t trust them if you truly don’t know them.
  • Be careful about Social Engineering – For instance, you get a phone call from someone claiming to be your bank and asking you to change your password – don’t do it!
  • Never leave your devices unattended
  • Use antivirus on your computer AND your smartphone
  • Don’t trust Popup notifications
  • Be Careful About Programs You Download and Run (and Stop Pirating Software)

Is your refrigerator putting your home network at risk? We live in a world of “smart” objects, where some things like thermostats, coffee pots, and refrigerators are connected to the Internet. We carry around smart devices like phones, and we even wear them in the form of fitness trackers and medical devices. This complicated Internet ecosystem offers us tremendous benefits, but it also poses unique risks.

As technology continues to evolve and advance through all aspects of our lives, it is critical to use Internet-connected devices in safe and secure ways. These devices pose various privacy and security challenges because they collect personal information about the user which could potentially be accessed by others. The user is responsible for understanding what information these devices collect and how it is being shared.

Follow the simple tips below to secure any object or device that connects to the Internet and sends or receives data automatically: 

• Read privacy policies and know what information an app or device will collect to determine if you really want to share such information.
• Keep any device that connects to the Internet free from viruses and malware by updating the software regularly.
• Understand privacy settings to control how much information a device or app will display publicly about you.
• Set strong passwords and change them regularly.

 I encourage YOU ALL you watch this video – Anatomy of an IoT (Internet of Things) Attack - https://www.youtube.com/watch?v=GvLnb4YQHh0 and https://youtu.be/4gR562GW7TI

 A cyber security company sent me their scam of the week.  You must also be prepared for scammers trying to take advantage of horrific events and turning it into a money-making scheme.  More details about a particular scheme below.

 "Heads-up! Bad guys are exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to bogus Vegas Charities. 

Don't fall for any scams. If you want to make a donation, you can go to http://www.charitynavigator.org before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses. 

Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief... THINK BEFORE YOU CLICK.”

Cyber crime is now the number one threat to United States national security. As the number of large-scale data breaches and cyber attacks continue to rise year after year, there is an increasing need for educated and dedicated cyber professionals to protect our Nation, businesses, and individuals from cyber threats.

Pennsylvania Highlands Community College is joining with the Department of Homeland Security and its partners across the country to bring attention to the need for properly trained cybersecurity professionals capable of building and protecting secure Internet systems.  Click here to read more about our Computer Science (A.S.) program at Penn Highlands!

Do you have someone in your life who might be interested in a career in cyber? Someone who:

• Likes to see how things work, such as taking apart toys and electronics
• Enjoys looking at a problem from new angles and finding a different kind of solution
• Is enthusiastic and can adapt to an evolving subject matter

If so, you can direct this person to learn more about cybersecurity careers and studies at www.niccs.us-cert.gov.   There is a shortage of cybersecurity professionals and students and career changers are finding their way into this exciting and growing field. Test your cybersecurity aptitude with the SANS CyberTalent Aptitude Assessment and see if cybersecurity might be a good career choice for you.

Our everyday activities – like taking showers, watching televisions, driving cars, and using computers and smart phones – all depend on utility infrastructure, including electricity, gasoline, water, and telecommunications systems. These essential systems now run on digital networks, which means they are vulnerable to cyber attacks.

As large-scale cyber incidents continue to make headlines, it is more important than ever for all segments of the community to understand cyber threats and be safer and more secure online. Individuals can help keep critical infrastructure safe by practicing good cyber habits and by encouraging their utility companies to adhere to high cybersecurity standards.

Protecting our critical infrastructure means that our homes and businesses will have power, our transportation systems will take us where we need to go, and our communications systems will help us connect at work and at home. You can play a part in securing America’s critical infrastructure in the following ways:

• Read the privacy policy of a company or vendor and check out online reviews before purchasing a product or service.

• Make sure websites that ask for personal information (to pay a utility bill, for example) use encryption to secure their sites.
• Learn about steps to enhance security and resilience in local businesses and communities, and how to handle certain events.
• If you run a business, make a plan to protect your organization’s information from cyber threats.
• Report suspicious activity.

 We want more folks to use the Phish Alert button and less clicks on suspicious emails.

We are excited to announce a new tool to protect you and our institution from the vicious cyber-attacks that we all hear so much about!

We have new tool that is installed in Outlook and/or Office 365 email.  If you receive a suspicious email, you can report it by clicking on the Phish Alert button in Outlook or Office 365.   Phish Alert allows us ALL to take an active role in managing the problem of Phishing & other types of malicious emails.  This will provide IT with early warning of possible phishing attacks or malicious emails to take effective action to prevent security or network compromise. If you don’t see this tool in your Outlook, please restart Outlook and it should show up.  If not, please call the help desk.  Below are instructions on how to use the tool.

Office 365 and Outlook Web Users – Mostly students

You will see the Phish alert button as described below.  Simply click on that button then click Send to IT.

Microsoft Outlook Users – Mostly Staff and Faculty

You will see the button on the top right corner of Outlook.  Simply highlight the email and click the Phish Alert button. Once you do that, click Send to IT.

Mac Users – Outlook users can also use this method

Mac users can click on the Phish Alert button as shown below then send the email to IT.