Cybersecurity Awareness
Using Strong Passwords and a Password Manager
Week 1 is focused on “Use Strong Passwords and a Password Manager.” Strong passwords should be long, random, unique to each application/service, and incorporate all four character types: uppercase, lowercase, numbers, and symbols. Password managers are an essential tool to help you generate and securely store strong passwords for each of your accounts.
Password Resources
- You can find more information on passwords and password managers on the National Cybersecurity Awareness Alliance site
- Secure Our World: Passwords Tip Sheet (CISA)
- Tips for Stronger Passwords (Consumer Reports)
Helpful Password Tips
- Make passwords long: At least 13 characters (the longer, the better!)
- Use random strings or passphrases: Mix letters, numbers, and symbols or use unrelated words
- Create unique passwords for each account: Never reuse passwords across different accounts
- Use complex combinations: Upper- and lower-case letters, numbers, and special characters
- Use a password manager: Simplifies password management, storing unique, complex passwords securely
Turn on Multi-Factor Authentication (MFA)
Week 2 is focused on “Turn on Multi-Factor Authentication (MFA).” A password alone isn’t enough to fully secure your online accounts. Activating MFA greatly reduces your chances of being hacked. Be sure to enable MFA on all accounts that support it, particularly for email, social media, and financial platforms. At CUNY, Microsoft MFA already serves as an additional layer of cybersecurity protection when accessing your Microsoft Office 365 account and for secure remote access to CUNY network resources.
Multi-Factor Authentication (MFA) Resources
- You can find more information on Turn on Multi-Factor Authentication on the National Cybersecurity Awareness Alliance site
- Secure Our World: MFA Tip Sheet (CISA)
- Check this 2factorauth web page to find out which websites do or do not have multi-factor authentication available
- Training and documentation resources are available on the CUNY MFA web page
Multi-Factor Authentication (MFA) Facts and Figures
The National Cybersecurity Alliance 2023 Oh, Behave! report lists the following cybersecurity survey responses:
- Only 40% of people use Multi-Factor Authentication (MFA), even though it is a highly effective security measure
- 34% of people started using MFA after receiving cybersecurity training
- Younger generations (Gen Z and Millennials) are more likely to have heard of and use MFA, with 77% awareness, while 37% of Baby Boomers and 41% of the Silent Generation have never heard of it
- 79% of respondents were familiar with multifactor authentication and 70% of those who have heard of MFA know how to use it
Helpful Cybersecurity Tips
- CUNY requires that all students, faculty and employees follow these Cybersecurity Best Practices
- Protect yourself against secret shopper, personal assistant and other online scams
- Follow CUNY’s Best Practices for Secure Learning, Teaching and Working Remotely
- When using Zoom, follow CUNY’s Zoom Security Protocols
- CUNY students may already be enrolled by their college in CUNY’s online cybersecurity awareness course through their learning management system (Blackboard). The course duration for students is 25 minutes. Faculty and staff can take CUNY’s online cybersecurity awareness course through the Blackboard learning management system under Organizations. The course duration for faculty and staff is 40 minutes.
Recognizing and Reporting Phishing
Week 3 is focused on “Recognizing and Reporting Phishing.” Stay alert for unexpected messages requesting personal information. Refrain from sharing personal or sensitive information like bank account numbers, social security numbers, or student IDs, with unfamiliar sources. If you encounter phishing attempts, report them and delete the message. Always be cautious and take a moment to assess before clicking on links or attachments.
Recognizing and Reporting Phishing Resources
- Learn how to Recognize and Report Phishing on the National Cybersecurity Awareness Alliance site
- Secure Our World: Phishing Tip Sheet (CISA)
- How to Recognize and Avoid Phishing Scams (Federal Trade Commission)
Helpful Cybersecurity Tips
- Pause Before Clicking: Take a few seconds to verify if the email is legitimate before clicking any links or attachments
- Watch for Urgent or Alarming Language: Be cautious of emails pressuring you to act quickly or making threatening demands
- Check for Spelling and Grammar Errors: Phishing emails often contain mistakes or poorly written content
- Verify the Sender’s Email Address: Look closely at the sender’s email for minor misspellings or unusual domain names
- Avoid Sharing Personal Information: Legitimate companies won’t ask for sensitive details via email–ignore such requests
Recognizing and Reporting Phishing Facts and Figures
In response to the National Cybersecurity Alliance 2023 Oh, Behave! report:
- 69% of people feel confident in their ability to identify phishing attempts
- 51% of Americans actively report cybercrimes, with phishing being a common target
- Despite this, over 25% of people still struggle to identify or are unaware of phishing
- 44% of participants frequently report phishing emails using the “spam” or “report phishing” button
Update Your Software
The fourth and final week is focused on “Update Your Software.” Keeping your software updated is essential to ensure all your devices have the latest security patches and fixes. If automatic updates are not an option, make it a habit to manually check for updates regularly.
Update Your Software Resources
- You can find more information on Update Your Software on the National Cybersecurity Awareness Alliance site
- Secure Our World: Software Updates Tip Sheet (CISA)
- Understanding Patches and Software Updates (CISA)
Helpful Cybersecurity Tips
- Enable Automatic Updates: Set your devices to automatically download and install updates; schedule restarts for convenient times
- Download from Trusted Sources: Only obtain updates from verified websites or official app stores to avoid malware
- Beware of Phishing Attempts: Ignore suspicious pop-ups urging you to download updates or call a number; close the browser instead
- Make Updating a Habit: Regularly check for updates if not automatic; aim for monthly checks, or weekly if possible
Update Your Software Facts and Figures
The National Cybersecurity Alliance 2023 Oh, Behave! report lists the following cybersecurity survey responses:
- Only 36% of people always install software updates when they become available. This leaves a majority not consistently keeping their systems up to date
- 65% of participants know they should keep their devices updated, but not everyone follows through immediately
- Around 60% noted they either “always” or “very often” install updates when notified about them
Facts and Figures
The National Cybersecurity Alliance 2023 Oh, Behave! report lists the following cybersecurity survey responses:
- Only 38% of people use unique passwords for all their accounts
- 60% of people use strong passwords, indicating a gap in password security practices
- 46% of people create passwords that are 9 to 11 characters long, shorter than the recommended 13 characters
Our emails and supporting information are available from the National Cyber Security Awareness Month (NCSAM) page on the CUNY web site. We also provide a growing security resources list on the OUCH! website to read recent security articles or subscribe to the world’s leading, free security awareness newsletter designed for technology users.
If you have any questions about any of this information, please contact your college's Information Security Manager.