At Merrimack College, cybersecurity is a team effort where every community member plays a vital role in preventing cyber attacks.
October is Cybersecurity Awareness Month and we will be providing helpful tips all month long.
- Provide updated and accurate cybersecurity resources to the Merrimack College community.
- Develop and facilitate interactive workshops that inspire a desire to learn more about cybersecurity.
- Serve as a resource for the Merrimack community’s education on the latest cybersecurity trends and tactics.
Cybersecurity Awareness Month
Cybersecurity Awareness Month is an annual event in October created by the National Cyber Security Alliance and the Cybersecurity & Infrastructure Security Agency. The purpose of the campaign is to raise awareness about the importance of cybersecurity across the United States, ensuring that all Americans have the resources they need to be safer and more secure online.
This October’s Cybersecurity Awareness Month 2022 has the theme: “See Yourself in Cyber” and will be focusing on 4 topics: MFA, Passwords, Software Updates, and Phishing. The College’s commitment to cybersecurity continues into 2022 which is the second year that Merrimack College is a Cybersecurity Awareness Month Champion.
Merrimack College Themes
Merrimack College participated in the month with a different theme for each week of October.
Week One: Enable Multi-Factor Authentication (MFA)
What is MFA?
MFA is an additional piece of evidence that you are the person logging in to your account. There are 3 types of evidence that are listed below with examples:
1. Something You Know
- An extra PIN (personal identification number)
- The answer to an extra security question like, “What’s your favorite pet’s name?”
- An additional code either emailed to an account or texted to a mobile number
- A yes or no button or unique number generated by an authenticator app (like those from Microsoft, Google or Duo)
2. Something You Are
- A biometric identifier like facial recognition or a fingerprint
3. Something You Have
- A secure token, which is a separate piece of hardware (like a key fob that holds information), that verifies a person’s identity with a database or system
We have already enabled MFA for faculty and staff accounts. Stay tuned for more information on the rollout to students!
Week Two: Use a Strong Password and Password Manager
Strong Passwords and Password Managers
As computers get faster and more AI is used, passwords are faster to crack than ever. If you would like an idea of how long your password would take to break, visit The Hive Website.
Has it ever felt impossible to remember each of your passwords and to create new, unique and strong passwords? If so, you are in good company. There are programs called Password Managers that can randomly create new passwords and save them for you on your mobile device and in your browser in an encrypted vault that is protected by a single master password. Here is a beginner’s guide to selecting and setting up a password manager. Many browsers come with a type of password manager, but it can be helpful to have a manager that is not browser-specific.
Week Three: Update Your Software
Update Your Software
It can feel overwhelming to have to constantly keep your software and computer up to date. Updating your devices and software is a key step in protecting yourself from cyber attacks. Picture a group of hackers that works 24 hours a day and 7 days per week to find new ways of hacking you. To compensate for the relentless hacking attempts and newly discovered vulnerabilities your device and your software routinely make their software stronger and more impenetrable.
Putting off updates is like having a broken window in your home and advertising the break to a group of local thieves. Make yourself a difficult target and keep your devices and software updated. Check out this brief video that compares putting off updates to chores around the house.
Week Four: Recognize and Report Phishing
Recognize and Report Phishing
Phishing attempts are the largest and fastest growing form of cyber attacks in the world. They are three times more common than they were just two years ago. While phishing attempts have gotten more difficult to identify, there are certain characteristics that can indicate to you if something is a little fishy about an email you are sent.
- Time sensitive - the message indicates that this is an urgent matter in an attempt to have you bypass checking for verification.
- First-time or infrequent senders - be especially cautious when reading emails from a source outside of your domain (merrimack.edu).
- Bad spelling and grammar - generally important messages are carefully edited and collaborated on. If you notice spelling and grammar issues, that is a sign that the email is not authentic.
- Generic greetings - legitimate emails from your company are able to address you by name. If you open an email that reads “Dear sir or madam” or something similar, be very cautious.
- Mismatched email domains - the email claims to be from a reputable company but the email address does not match the company’s domain. For example, an email comes in from a fellow co-worker at Merrimack and it is from an email address that does not end in @merrimack.edu.
- Suspicious links or unexpected attachments - If an email is questionable, do not click on any links. You can hover your mouse over the link to see where the link will actually take you. If it does not look like a legitimate website it probably is not. If an email comes with an attachment that you were not expecting, do not download it. Contact IT for assistance.
To read more about protecting yourself from phishing, visit Microsoft’s website.