Information Technology » Information Security

Information Security

The mission of the Information Security Office (ISO) is to assure the security of the College’s Information Technology (IT) resources and the existence of a safe computing environment in which the college community can teach, learn, and conduct research.

ISO’s core mission is to prevent the loss of availability, the loss of integrity, and the loss of confidentiality for systems and data. The ISO department’s aim is to prevent the harm or destruction of computer networks, applications, devices, and data and to protect the College and individuals from cyber-attacks.

Contact Us:

Medgar Evers College | Information Security
1638 Bedford Avenue, Brooklyn, NY 11225

Launch National Cyber security Awareness Month – October 2022

October is Cybersecurity Awareness Month, a global effort to help everyone to stay safer and more secure online when using technology whenever and however they connect. CUNY is once again participating in the National Cybersecurity Awareness Month (NCSAM) program, run by the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security, to create awareness about cybersecurity. This year’s theme is “See Yourself in Cyber. #BeCyberSmart.” and focuses on the following four key behaviors to protect yourself online:
Week 1 (Oct 3–Oct 7) – Enabling Multi-factor Authentication (MFA)
Week 2 (Oct 10–Oct 14) – Using strong passwords and a password manager
Week 3 (Oct 17–Oct 21) – Updating your software
Week 4 (Oct 24–Oct 28) – Recognizing and reporting phishing
Facts and Figures:

  • 43% of adults have shared their password with someone. (Google)
  • Just 20% of Android devices use the latest and safest OS version. (Symantec)
  • 72% of respondents reported that they checked to see whether messages were legitimate (i.e., phishing or a scam) compared to 10% who reported not doing so. (NCA)
  • Phishing attacks in data breaches increased 11% from 2019 to 2020. (Verizon)

Cybersecurity Awareness Course in Blackboard


CUNY has launched a 25-minute interactive Cybersecurity Awareness for Students that is tailored to CUNY students and features a CUNY student. This course helps you gain a comprehensive understanding of the cybersecurity risks we all face, along with some best practices for safeguarding your data, so you can avoid opening the wrong link or attachment. You can find this course in Blackboard under your Organizations section.

Phishing attacks, spam, and hacked accounts have unfortunately become common occurrences in higher education. Articles on Best Colleges and Inside Higher Education websites note that colleges and students are a favorite target for scams,harvesting personal information, and ransomware attacks. Increasing awareness about online risks is your, and the University’s, best defense against cyber threats and protecting online information and data.

Please spend 25 minutes to learn how you can protect yourself against online threats. This brief time investment could protect you from serious financial, privacy or data loss consequences later on.

Log in to Blackboard to take the course.

University’s Policy on Acceptable Use of Computer Resources

  • You are required to abide by the University’s Policy on Acceptable Use of Computer Resources. See: Acceptable Use of Computer Resources
  • If your job requires using or managing confidential data and systems please also review the University’s Information Technology Security Procedures. See: IT Security Procedures
  • Be aware of other information security policies, procedures, and advisories which can be found on the MEC IT Security web site. The CUNY Information Security web site can be found following the link to CUNY Issued Security Advisories.
  • Protect your computer system and electronic data from unauthorized use, malicious programs and theft.
  • Report to your supervisor any security policy violations, security flaws/weaknesses you discover or any suspicious activity by unauthorized individuals in your work area.
  • If your job requires you to use and store personally identifiable information, such as Social Security numbers, on your office computer, use encryption to protect the data. Please contact your local IT Personnel, the Service Desk at 718-270-6262, or visit the IT Security web site for step-by-step instructions on implementing proper encryption of your data. You must be authorized to do so by filling in the form for Authorization to Use and Store Non-Public University Information.
  • Be aware of personal identifiers, such as:
    • Social Security
    • Driver’s License
    • non-driver identification card
    • Credit or debit card numbers.
  • These items must not be stored, transported, or taken home on portable devices (e.g., laptops, flash drives, and external hard disks) of any type without specific approval of the Dean or Vice President overseeing your area and the Chief Information Officer and the Vice President of Administration. Where approval is granted, additional password protection and encryption of data are required.

  • Use software products that are currently maintained by their publisher and keep the software products updated with critical security patches.
  • Use secure passwords that cannot be easily guessed and do not share your password.
  • Storage devices (hard disks, tape, diskette, CDs, DVDs, cell phones, digital copiers or other devices) that contain Non-Public University Information must be securely overwritten or physically destroyed in a manner that prevents unauthorized disclosure.

  • Delete unneeded electronic information which contains personal identifiers.
  • Ensure critical data files are backed up and the backups are securely stored in another location.
  • Physically secure your computer by using security cables and locking building/office doors and windows.
  • Complete the Security Awareness Program. It is approximately 30 minutes in length, covering the basics of why information security is important and best practices. Everyone at Medgar Evers College who handles confidential data is required to enroll and complete this training. All others are strongly urged to do the same. When you connect to this site, please enter your name, email address and select Medgar Evers College from the pull-down menu.


Malicious cyber threats actors are capitalizing on the global attention surrounding the novel 2019 Coronavirus (COVID-19) to facilitate scams, distribute malware, and send phishing emails.

Please be extra vigilant while accessing your email and browsing the internet. Only reference know official resources on COVID-19 information.

I would like to warn our users regarding a phishing email containing a link to a malicious website targeting the capture of CUNYfirst credentials. The fraudulent email was received on another campus. Please report to if you receive such email and please don’t click on the link. If you responded to the phish by clicking on the link and, you must change your CUNYfirst password immediately by going to and clicking on “Manage your CUNY Login Account” link. The link to the malicious website (defanged) is: hXXps:// CUNYfirst Scams (pdf)

CIS is advising the CUNY community regarding so-called “Secret Shopper” and “Gift Card” scams. Please familiarize yourself with these scams. Security Threat Identification / Symptoms Email containing an offer of employment to be a “secret shopper” or “personal assistant.” Such unsolicited offers are scams. Sometimes the message is sent from a CUNY email address whose account has been compromised, or references a CUNY “job placement” office, to lend “legitimacy” to the email. Recommended User Action DO NOT reply to unexpected or unusual email from any sender DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services DO change ALL your passwords if you suspect any account you have access to may be compromised DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen DO remember that official communications should not solicit personal information by email DO complete the 40-minute information security awareness training located at Secret-Mystery Shopper Scams (pdf)

A malicious website is pretending to be the live map for Coronavirus COVID-19 Global Cases by John Hopkins University and is directing users to visit a malware website. Visiting this website infects the user’s computer or mobile device with the AZORult trojan, an information-stealing program which can exfiltrate a variety of sensitive data from the user’s computer. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Anyone searching the Internet for a Coronavirus map could unwittingly navigate to this malicious website, and their data be compromised. Please be extra vigilant while accessing your email and browsing the Internet. COVID-19 Scams and Threats

Several students have been victimized by a “Secret Shopper” or Gift Card scams

  • Background: some marketing/merchandising companies hire “secret” or “mystery” shoppers as a quality assurance measure. Such anonymous shoppers make a particular purchase in a store and then report on the experience. Typically, the shopper is reimbursed and sometimes the shopper keeps the purchase and/or receives a small payment
  • In these scams, students are emailed a secret shopper employment offer, sometimes from a fellow student’s compromised email account Information Security Computing and Information Services Information Security Manager’s Meeting
  • If a student responds, they will typically be asked to purchase gift cards and provide the card codes with the promise of reimbursement/payment
  • Of course the reimbursement never comes
  • The fact that legitimate secret shopper jobs exist bolsters the credibility of the scam. The offer email may also refer to a CUNY “job placement” office.

What can we do?

  • Educate students of the scam through advisory communications
  • Work with student groups, Student Affairs, etc., to get the word out

Phishing Campaigns Scams (pdf)