The mission of the Information Security Office (ISO) is to assure the security of the College's Information Technology (IT) resources and the existence of a safe computing environment in which the college community can teach, learn, and conduct research.
ISO's core mission is to prevent the loss of availability, the loss of integrity, and the loss of confidentiality for systems and data. The ISO department's aim is to prevent the harm or destruction of computer networks, applications, devices, and data and to protect the College and individuals from cyber-attacks.
- CUNY Security Policies: CUNY Information Security (CIS)
- CUNY issued Security Advisories
- CUNY Cybersecurity Awareness Training
Medgar Evers College | Information Security
1638 Bedford Avenue, Brooklyn, NY 11225
Launch National Cyber security Awareness Month - October 2022
Week 2 (Oct 10–Oct 14) – Using strong passwords and a password manager
Week 3 (Oct 17–Oct 21) – Updating your software
Week 4 (Oct 24–Oct 28) – Recognizing and reporting phishing
- 43% of adults have shared their password with someone. (Google)
- Just 20% of Android devices use the latest and safest OS version. (Symantec)
- 72% of respondents reported that they checked to see whether messages were legitimate (i.e., phishing or a scam) compared to 10% who reported not doing so. (NCA)
- Phishing attacks in data breaches increased 11% from 2019 to 2020. (Verizon)
Cybersecurity Awareness Course in Blackboard
CUNY has launched a 25-minute interactive Cybersecurity Awareness for Students that is tailored to CUNY students and features a CUNY student. This course helps you gain a comprehensive understanding of the cybersecurity risks we all face, along with some best practices for safeguarding your data, so you can avoid opening the wrong link or attachment. You can find this course in Blackboard under your Organizations section.
Phishing attacks, spam, and hacked accounts have unfortunately become common occurrences in higher education. Articles on Best Colleges and Inside Higher Education websites note that colleges and students are a favorite target for scams, harvesting personal information, and ransomware attacks. Increasing awareness about online risks is your, and the University’s, best defense against cyber threats and protecting online information and data.
Please spend 25 minutes to learn how you can protect yourself against online threats. This brief time investment could protect you from serious financial, privacy or data loss consequences later on.
Log in to Blackboard to take the course.
University’s Policy on Acceptable Use of Computer Resources
- You are required to abide by the University’s Policy on Acceptable Use of Computer Resources. See: Acceptable Use of Computer Resources
- If your job requires using or managing confidential data and systems please also review the University’s Information Technology Security Procedures. See: IT Security Procedures
- Be aware of other information security policies, procedures, and advisories which can be found on the MEC IT Security web site. The CUNY Information Security web site can be found following the link to CUNY Issued Security Advisories.
- Protect your computer system and electronic data from unauthorized use, malicious programs and theft.
- Report to your supervisor any security policy violations, security flaws/weaknesses you discover or any suspicious activity by unauthorized individuals in your work area.
- If your job requires you to use and store personally identifiable information, such as Social Security numbers, on your office computer, use encryption to protect the data. Please contact your local IT Personnel, the Service Desk at 718-270-6262, or visit the IT Security web site for step-by-step instructions on implementing proper encryption of your data. You must be authorized to do so by filling in the form for Authorization to Use and Store Non-Public University Information.
- Be aware of personal identifiers, such as:
- Social Security
- Driver's License
- non-driver identification card
- Credit or debit card numbers.
- These items must not be stored, transported, or taken home on portable devices (e.g., laptops, flash drives, and external hard disks) of any type without specific approval of the Dean or Vice President overseeing your area and the Chief Information Officer and the Vice President of Administration. Where approval is granted, additional password protection and encryption of data are required.
- Use software products that are currently maintained by their publisher and keep the software products updated with critical security patches.
- Use secure passwords that cannot be easily guessed and do not share your password.
- Storage devices (hard disks, tape, diskette, CDs, DVDs, cell phones, digital copiers or other devices) that contain Non-Public University Information must be securely overwritten or physically destroyed in a manner that prevents unauthorized disclosure.
- Delete unneeded electronic information which contains personal identifiers.
- Ensure critical data files are backed up and the backups are securely stored in another location.
- Physically secure your computer by using security cables and locking building/office doors and windows.
- Complete the Security Awareness Program. It is approximately 30 minutes in length, covering the basics of why information security is important and best practices. Everyone at Medgar Evers College who handles confidential data is required to enroll and complete this training. All others are strongly urged to do the same. When you connect to this site, please enter your name, email address and select Medgar Evers College from the pull-down menu.
PRACTICE ONLINE SAFETY
Malicious cyber threats actors are capitalizing on the global attention surrounding the novel 2019 Coronavirus (COVID-19) to facilitate scams, distribute malware, and send phishing emails.
Please be extra vigilant while accessing your email and browsing the internet. Only reference know official resources on COVID-19 information.
- Background: some marketing/merchandising companies hire “secret” or “mystery” shoppers as a quality assurance measure. Such anonymous shoppers make a particular purchase in a store and then report on the experience. Typically, the shopper is reimbursed and sometimes the shopper keeps the purchase and/or receives a small payment
- In these scams, students are emailed a secret shopper employment offer, sometimes from a fellow student’s compromised email account Information Security Computing and Information Services Information Security Manager’s Meeting
- If a student responds, they will typically be asked to purchase gift cards and provide the card codes with the promise of reimbursement/payment
- Of course the reimbursement never comes
- The fact that legitimate secret shopper jobs exist bolsters the credibility of the scam. The offer email may also refer to a CUNY “job placement” office.
- Educate students of the scam through advisory communications
- Work with student groups, Student Affairs, etc., to get the word out https://www.consumer.ftc.gov/articles/0053-mystery-shopper-scams