October was declared Cybersecurity Awareness Month in 2004 to raise national awareness about the importance of cybersecurity. ACC celebrates the 20th annual occurrence by encouraging all ACC faculty, staff, and students to follow simple steps to stay safe online.
Below are four actions we should all take, not only during Cybersecurity Awareness Month but every day throughout the year.
1. Recognize & Report Phishing: Phishing emails, texts, and calls are the number one way data gets compromised. Be cautious of unsolicited emails, texts, or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary, and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel.
Spam and phishing emails might ask for information and typically require you to perform an action. They may ask you to click a link, open an attachment, or email them back private information, such as:
- Usernames and passwords, including password changes
- Social Security Numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Credit card numbers
- Your mother’s maiden name
- Your birthday
ACC and other reputable companies will not ask you for personal information, like your password, via email.
If the email looks suspicious, here are a few things to check for:
- Check that the email address and the sender’s name match.
- Check if the email is authenticated.
- Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site. Do NOT click any links or provide personal information until you’ve confirmed the email.
- Check the message headers to make sure the “from” header isn’t showing an incorrect name. Make sure to look for extra letters, different domain names, or even extra symbols. Austincc.edu vs. austincc.com, etc. (It should be austincc.edu.)
If you feel the email is phishing or spam:
- On the original email, select the three dots next to the “reply arrow” and select “report phishing or spam.” This reports it directly to Google, and they can take any appropriate action.
If you feel your email has been compromised, please contact ACC Support Desk at 512-223-TECH or firstname.lastname@example.org.
2. Turn on Multi-Factor Authentication (MFA): You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. Enable multi-factor authentication on all online accounts that offer it — especially email, social media, and financial accounts — and use authentication apps or hardware tokens for added security.
3. Update Software: Keeping your software up to date is the best way to ensure you have the latest security patches and updates on your devices. Regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.
- Update Your Browser
- Update your Operating Systems (Android) (Chromebook)
- Update and Install Windows Updates
4. Use Strong Authenticators: Authenticators are a new industry term for passwords that take into account MFA and are critical to protecting data. ACC takes information security very seriously, and our rules for authenticators are reflected in this:
Authenticators must be a minimum of eight characters in length and include at least one (1) or more of each of the following characters:
- Lowercase characters (abcd…)
- Uppercase characters (ABCD…)
- Numbers (0,1,2,3,4,5,6,7,8,9)
- Special characters (@#$%^&*( )_+!?)
Users must not create authenticators that contain any of the following weak characteristics:
- Names of family, pets, friends, coworkers, fantasy characters
- The words “Austin Community College District” name or any derivation
- Birthdays and other personal information such as addresses and phone numbers.
- Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Authenticators for users must be changed at least annually and must be changed immediately when there is a trigger event (e.g. opening a suspicious or phishing email; sharing of authenticators; external notification of breach; computer in use is infected with a virus).