Cybercriminals have been ramping up their tactics to take advantage of those who do not have adequate security measures while at home. Network Security alone is no longer sufficient, you are our best defense! We urge you to become knowledgeable and learn how to thwart these cyber threats that not only causes harm to your identity but to university resources as well.

To assist you during this transition, we have created the guideline below on how to implement cybersecurity measures while working remotely.

Beware

The top 3 risks you should be mindful of include:

  1. Social Engineering

    Since the COVID-19 pandemic, attackers have launched many variations of social engineering attacks. These attacks are often associated with phishing, which uses email. However, social engineering can also be conducted via calls, automated calls/responses, text messages, social media and in person (face- to- face). As a result, we encourage you to stay vigilant and alert to avoid becoming a victim of social engineering or phishing.

    The various COVID-19 related phishing emails include those providing CDC alerts, health advice, and workplace policy. We are often familiar with phishing emails including links but attackers have gone back to old tactics of including malicious attachments to emails. In a phishing email appearing to be from the World Health Organization (WHO), the malicious attachment is a keylogger, allowing attackers to capture screenshots and data from browsers and email clients. As the pandemic worsens, the FBI has noticed phishing emails requesting for verification of personal information in order to receive an economic stimulus check. While economic stimulus checks are to be issued, the government is not sending emails or any communication requesting personal or banking information. Many people have been falling victim thinking that they must provide their direct deposit information in order to receive the relief. However, the most recent direct deposit information the IRS has for you from your 2018 or 2019 taxes will be used. If no direct deposit information is available, the relief would be sent in the form of a physical check via mail at the last known home address. It is important to note that this particular attack is not only occurring via email but phone calls, text and physical mail. If you anticipate receiving the relief check via mail, it is advised that you remove mail from your mailbox on a daily basis and as quickly as possible to prevent mail theft. Although we are in a crisis, precautions to safeguard your personal information should still be practiced. Attackers tend to use times like these, when we are seeking information or are most vulnerable, in hopes of us not implementing our usual cybersecurity measures to target our personal information.

    In addition to phishing emails, attackers have created malicious webpages such as providing a live map for COVID-19, which seem harmless in nature, but rather infecting your system with an information stealing program that can steal sensitive data. Remember that FIU will NEVER ask for your username, password or sensitive information via email. Learn more about social engineering and phishing.

    Below are some examples:

    For information and updates regarding COVID-19, it is recommended to visit trusted websites such as the Center for Disease Control (CDC), World Health Organization (WHO) and FIU’s Coronavirus Updates.

  2. Updates

    To avoid your machines from getting comprised, it is important to keep your devices and applications updated with the latest software and patches. Updates and patches are not only focused on providing additional features, but rather implementing security to mitigate flaws that can be exploited by attackers to gain access to your device. We recommend that you avoid delaying these updates.

  3. Passwords

    All precautions, security measures and policies relating to passwords should be followed more closely while working remotely. Passwords should never be shared or written anywhere. For additional security, use Two-Factor Authentication (2FA), which adds another layer of security to your accounts. If your password is ever compromised, 2FA can prevent an attacker from gaining access because in addition to your password 2FA requires your phone to gain access. In the event that your password is compromised you should change it immediately.

Prepare

In order to stay up to date with the latest security threats – especially when working remotely --we encourage everyone to complete the mandatory Cybersecurity Awareness Training, which is a great resource on the topics such as social engineering, phishing and much more.

Support

Even though you may be working remotely, an incident or suspicious event may still occur. The Division of IT will be here to support you! For incident response email security@fiu.edu.

If you suspect a phishing email, you can easily report it via the Phish Alert button available in your FIUmail.

Resources

Even though you may be working remotely, an incident or suspicious event may still occur. The Division of IT will be here to support you! For incident response email security@fiu.edu.

Below are resources from FIU and external sources relating to cybersecurity and staying secure.