Campus Security Awareness Campaign 2017
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting www.educause.edu/securityawareness.
Compromised accounts happen. Quick identification and response can reduce the harm done to your account and your personal information. Below are some ready-made messages that you can customize to educate your community.
Get the Word Out
Newsletter or Website Content
Face it: Hackers Gonna Hack. How to know if you’ve been hacked?
- Your friends tell you. They’ve received a spammy or phishy e-mail from your account.
- Your phone tells you. Collection companies are calling about nonpayment. Battery and data usage are higher than normal. Charges for premium SMS numbers show up on your bill.
- Your browser tells you. Unwanted browser toolbars, homepages, or plugins appear unexpectedly. You’re seeing lots of pop-ups or web page redirects. Your online passwords aren’t working.
- Your software tells you. New accounts appear on your device. Antivirus messages report that the virus hasn’t been cleaned or quarantined. You see fake antivirus messages from software you don’t remember installing. Programs are running or requesting elevated privileges that you did not install. Programs randomly crash.
- Your bank tells you. You receive a message about insufficient funds due to unauthorized charges.
- Your mail tells you. You receive a notification from a company that has recently suffered a cybersecurity breach.
Shake it off. Following are the steps you can take to recover.
- Change your affected passwords using an unaffected device. Not sure which passwords are affected? It’s best to change them all.
- Update your mobile software and apps. Make sure you keep them up-to-date.
- Update your antivirus software. Then run a complete scan. Follow the instructions provided to quarantine or delete any infected files.
- Update your browser software and plugins. Check frequently for new updates and delete any unnecessary or obsolete plugins.
- Is your computer still acting wonky? It might be best to start from scratch with a complete reformat of your machine so you can ensure that all affected software is fixed.
- Self-report to credit agencies. If you believe your personally identifiable information has been affected, you don’t want to deal with identity theft on top of being hacked.
- Be prepared with backups. Don’t let the next compromise ruin your day. Backup your files frequently. Consider storing at least two separate backups: one on an external drive and one in cloud storage.
- Stay ahead of the hackers. Check the Have I been pwned website to see if your accounts were hacked in a known attack.
Source: STOP. THINK. CONNECT. Different Passwords
Figure 1. Use this image to support your message.
Social Posts
Note: These are Twitter-ready, meeting the 140-character length restriction.
- Have I been #hacked? Check your accounts here: https://haveibeenpwned.com/ #CyberAware
- Check your financial accounts & bank statements — unknown charges could mean you’ve been #hacked. #CyberAware
- Passwords not working? You may have been #hacked. Change online passwords from an unaffected device. #CyberAware
- Change your passwords often to limit the amount of time #hackers have your good password. #CyberAware
- Backup your data often. When you get #hacked, it’ll be a snap to recover. #CyberAware
E-Mail Signature
Ask staff members to add a tip to their e-mail signature block and a link to your institution’s information security page.
Example:
Jane Doe
Chief Information Security Office
XYZ CollegeHackers gonna hack. Here’s how to shake it off. Learn more. [Link “Learn more” to your institution’s information security awareness page or link to these NCSA tips on hacked accounts.]
Embed or Share Videos
What do to about hacked email (1:28 min)
How to deal with a hijacked computer (1:37 min)
Protect yourself from hackers by backing up your data (1:20 min)
Music video parody: "Hacker's Paradise" (2:24 min)
Resources
Share these resources with end users or use them to inform your awareness strategy.
- Use this free STOP. THINK. CONNECT. “Different Password for Every Online Account“ poster (see figure 1).
- Share the brief educational videos above.
- Review the FTC’s consumer information and resources about hacked e-mail.
- Learn how to regain control of compromised or hacked accounts with these tips from NCSA.
- Share this Wired article, “What to Do After You’ve Been Hacked.”
- Learn how to recover a compromised Gmail account from Google.
- Watch Dan Kern’s 14-minute training video, The USB Key Hack.
Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).
© 2017 EDUCAUSE. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.