Given the extent of tragic news coming out of Ukraine in the wake of the Russian invasion, questions of cyber security may seem relatively minor. Nevertheless, we must pass along concerns about the heightened risk of cyber-attacks on US companies and government agencies (including SUNY institutions) at this moment. There also may be fallout from malware that has already been used to target Ukrainian organizations.
How does this relate to SUNY New Paltz, and what is ITS asking anyone to do about it?
Information Technology Services is always working to improve the security of College systems and services, as well as the data of students, faculty, staff, applicants, donors, and alumni.
We are asking the campus community to be even more cautious than usual while online now, by focusing on a few key fundamentals. These are best practices in relation to New Paltz computer accounts and systems as well as your personal accounts and devices.
- Think before you click: More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate but is actually a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If you receive a link you don’t recognize, trust your instincts, and think before you click.
- Update software regularly: ITS handles most software updates for campus computers and systems, so this is primarily advice for your personal devices. You can do this manually or, even easier, by turning on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops, and update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
- Use Multi-factor authentication (MFA): A password alone isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, you add another layer of protection to ensure only you can access your accounts. The College has already implemented this on our systems, and we encourage members of our community to add it to your personal accounts as well on many sites and services. Start with the most targeted accounts: email, social media, financial services, gaming, and online shopping.
For more information, see: