October 1 - What is the theme of this year's NCSAM event? Do Your Part. #Be CyberSmart
October 5 - What do you need to set up self-service password reset for your CatID? Either a cell phone that can receive SMS texts or a non-UNI email address. You should enroll yourself at https://java.access.uni.edu/Password/registration if you haven't already done so.
October 6 - UNI uses multi-factor authentication (MFA) to protect important resources with more than just a passphrase. What does UNI use for MFA? Duo
October 8 - Which of the following are requirements for your normal, non-admin CatID passphrase? Minimum length of 15 characters and Expires after one year are required. None of the others are requirements although we strongly suggest using multiple character sets. The maximum length is 30 due to limits on some systems using CatID. Passphrases cannot be reused and there is no limit on how soon you can change your passphrase again.
October 9 - You receive an email message that appears to be from your supervisor and asks "Are you available?" Select all statements that are almost certainly true.
The message is from an imposter.
The message is the start of a scam attempt.
If you respond, you will eventually be asked to purchase gift cards for the sender.
The others are almost certainly false:
The message really is from your supervisor (It didn't come from your supervisor's UNI address but from a gmail or other free account with the display name set to your supervisor's name. Your supervisor isn't involved.)
Your supervisor's account has been "hacked". (Your supervisor's account is never used, just your supervisor's name. Your supervisor isn't involved.)
Your supervisor needs your immediate assistance. (Your supervisor isn't the one sending the message, they don't even know their name is being used. Your supervisor isn't involved.)
If you respond, your computer will become infected from the message interchange. (While attachments and links have potential to infect your computer, ordinary text email messages can't do that.)
October 12 - If you fall victim to a phishing attack and provide your CatID credentials on a fake site, what is the first thing you should do? Change your CatID passphrase. While contacting the UNI Security office is also important and something you should definitely do, statistics show that the stolen password is often used by the criminals within five minutes! Don't delay in changing your passphrase. It may be the difference between a close call and a serious problem.
October 13 - When setting up a Zoom meeting with a group, which of these should you never do? Post the link for the meeting on social media so the attendees can find it easily. Almost everyone got this one correct. Well done!
October 15 - What is the URL for the UNI IT Information Security home page? https://it.uni.edu/information-security. There is also a shortcut that redirects to the Information Security home page, https://uni.edu/security
October 16 - Which of these communication methods is the most secure? Fax using analog telephone lines. Normal email messages are not secure. Email security can be improved with the use of encryption and digital signing of messages but those options are far from the norm.
October 19 - Which of these is most likely to cause a security incident? Unpatched software, by far. This is why IT is insistent on enabling automatic updates for managed workstations and why we license software to patch third-party software that isn't covered by the operating system. Another equally likely cause is people who are tricked into divulging their passwords to criminals via phishing and other social engineering methods. We have employed phishing education and security awareness training to counteract this criminal effort.
October 20 - The website stopthinkconnect.org contains basic tips and advice for staying safe online. What is their first tip? Keep a Clean Machine
October 22 - According to the National Cyber Security Alliance's "Remote Working Tip Sheet", what is the first security measure you should take to protect yourself from cybercriminals? Think before you click
October 23 - How many steps are in the FCC Smartphone Security Checker? 10 And TIL, there are a LOT of ways to express "10" as an answer. e.g., ten, Ten, ten steps, 10 steps, 10 Steps, 10 customized steps, 10 for Android, etc. Note to self: next time, state "digits only" or use multiple choice instead of short answer. :-}
October 26 - The National Cybersecurity Alliance has several videos available on YouTube. In "Security Awareness Episode 1: Passwords", they recommend Multi-Factor authentication, long memorable passwords, and what else? Select all correct answers. Don't use the same password everywhere and Use a password manager. This was a poorly worded question. The answers I was looking for were highlighted in the Best Practices shown in the video beginning at the 2:40 mark. But I didn't say that clearly and y'all didn't read my mind, so since all of the answer choices were mentioned in the video, everybody gets credit for this one regardless of what you put down for answers.
October 27 - LastPass is a popular and frequently recommended password manager. Their “Psychology of Passwords” report discusses the top 6 risky behaviors that make you a target online. What’s the 5th risky behavior they cite? We underestimate our risk
October 29 - Where can one find a listing of all UNI IT policies AND procedures? https://it.uni.edu/policies-procedures You can find this page by going to the IT home page (https://it.uni.edu) and searching for "policies". Other popular answers were https://policies.uni.edu (the official UNI policy library) and https://policies.uni.edu/chapter-14-information-technology (the Information Technology chapter of the official UNI policy library). Neither of those include IT procedures that supplement the IT policies.
October 30 - How many Information Security updates have been published on the UNI IT website? 44 But that number will go up soon. Check the IT homepage and the Information Security homepage often for useful information.
