Annual Security Awareness Training
We are all subjected to phishing messages that aim to trick us into logging into fake websites in order to steal our credentials. When they succeed, they steal the contents of the mailbox and then use our accounts to phish others – including everyone in our contact lists. There was another fake message this morning - another “I need you to do something” (the gift card scam) pretending to be from the President.
Aside from keeping a sharp eye out for fakes, we recommend that you treat your mailbox like the one outside your front door - important stuff gets dropped off there, but you take it inside the house for safekeeping. Don’t leave important or sensitive documents in your mailbox.
Remember that your email account is where your online banking and online shopping accounts are homed - and your email account can be used to reset those passwords and gain access to those accounts.
The security and privacy of our online information is under greater threat than ever before. We are all responsible for safeguarding our faculty, staff, and students’ personal, private and sensitive information.You may think you are savvy enough that you would never fall for phishing - but so did all those unfortunate account holders who did fall for them. They are getting better and better at phishing, and not all are obvious fakes.
So what can you do?
New York State and SUNY require all employees to undergo annual Security Awareness training, and Purchase College uses an online self-paced package to deliver that training.
For this year, there is a training system (KnowBe4) which is much better than the previous system.
You will receive an email message from the KnowBe4 system inviting you to begin. The invitation will come from “KnowBe4 firstname.lastname@example.org” with the subject line “Please Start Your Security Awareness Training.”
You may also use this link to begin the training.
The link to the training will also appear in the “Quick Links” section of the Faculty/Staff Portal page.
The training takes about 40 minutes total, and does not need to be completed in one sitting. It consists of five short interactive videos designed to improve awareness of information security threats, and increase the likelihood that we will recognize those threats when we encounter them.
If you have trouble accessing the system, please contact the Helpdesk at 914-251-6465 so we can straighten it out.
Protect yourself – complete the training - and think twice before you click.
(Question Tip: using a “Found” USB stick is NOT in the cyber domain, that’s a human domain problem.)