Security Awareness

The following information is critical to the security of everyone especially University data and personal security.

Much of the information on this page comes from CUNY Central's security page where there is additional and current data on the importance of being security-aware when dealing with computing in general.

CUNY's Cybersecurity Resources

CUNY’s Cybersecurity Resources:

<> How to Protect Yourself Against Secret Shopper, Personal Assistant, and Other Online Scams!
<> CUNY Issued Security Advisories
<> CUNY Information Security Guidelines for Working Remotely
<> CUNY’s Zoom Security Protocol
<> CUNY’s Online Security Awareness Course that is catered to CUNY students, faculty, and staff.
<> CUNY’s Security Policies & Procedures

Other Awareness Resources

CISA-backed nonprofit announces 'National Cybersecurity Education Month'

https://cyber.org

Below for k-12 but good awareness info on things for staff with kids in schools

https://www.congress.gov/bill/117th-congress/house-resolution/1154/text?r=2&s=1

FWIW, NYC DOE vendor breach example

http://www.nysed.gov/data-privacy-security/illuminate-education-breach-notice

Back to York Security Awareness page

Security Awareness Training

Security awareness training is recommended for all computer users at CUNY. This comprehensive online course will benefit your understanding of protecting non-public university data as well as personal data for computers and wireless devices. Please click on the link provided below in order to take this 30 minute course. All new employees must take this once employment begins.

Security Awareness Training

Information on CUNY Security

Advisory on types of scams

The following are reminders of the types of scams to stay vigilant while online:

Secret-Mystery Shopper / Personal Assistant Scams

Printable PDF version of the advisory:

Secret-Mystery Shopper/Personal assistant Scams PDF version

For more information on Cyber Security awareness visit this link.

If you believe you have been scammed or received an email that looks suspicious or are receiving phone calls attempting to get information from sources you do not know, contact the York College IT immediately at 718-262-5300

Security Advisories
These are the more recent security advisories. Every attempt will be made to post the more significant ones for IT use only

Helpful Tips on Security Awareness
The attached PDF has helpful tips for safeguarding against cyber attacks and helping you become more aware of what to do in order to minimize and or avoid compromising your personal or professional data.

Using Caution with Email Attachments & Links
While email attachments are a popular and common way to send and receive documents, they are also a common source of viruses and spam. While our ProofPoint appliance blocks most spam in email, and our virus detection software will screen most malicious attacks caution should still be used when opening attachments, even if they appear to have been sent by someone you know. This PDF from the US-CERT department outlines general guidelines that are part of best practices when it comes to security awareness with email attachments.

Cyber Dos and Don'ts
Office of Information Technology Services Cyber security information for safeguarding and using private, sensitive information and state resources.

All About Encryption
The following section is all about encryption and how it affects you if you are storing University non-public data on your local PC or removable devices

Passwords
These are some helpful best practices on using passwords

Ransomware Notice
Notification was sent November 20, 2014 to entire campus regarding malware making rounds

Cybertheft and Security Breaches
Vice-Chancellor and University CIO message on Cybertheft and Security Breaches

Non-Public University Data Security
The link here is to our yearly reminder for everyone regarding compliance with the Chancellor's office and the University CIO regarding any system, reports and business processes that contain and /or use non-public University information.

What Do I Need To Know?
The following PDF explains much of what you need to be aware of when it comes to security awareness on campus and off. Please review and follow up by going to the CUNY Central website at https://security.cuny.edu for the most current details on security awareness.

90 Day CUNY Central Password Policy Support
As you may be aware of there is a 90 password policy on all systems that require authentication for access. Since the policy was instituted York has attempted to make the process easier by implementing a self service approach to password resets and changes. The attached PDF covers the steps involved in changing your password as well as completing your challenge questions for future changes.

IT Procedures for theft or missing technology

York issued technology follows strict protocols in compliance with best practices for appropriate property management as set forth by the University. The Central office via audits tracks assets for maintaining compliance with city and state financial regulations. If a York issued asset is missing or believed to have been stolen there is a protocol for reporting that needs to be followed in order for the asset in question to be properly deposed and reported to the Central Office inventory system. When an asset is missing or stolen you must immediately notify your supervisor and IT department via an email. A form will be sent to you in order for you to provide details. This form will be sent along with the information in your email to Public Safety and the Property attendant at York. Your form will be attached to an incident which will be opened in the IT tracking system. You will receive a copy of the report which can than be used to justify replaced if needed. Any replacement cost that may be incurred is purely the decision of the Business Office following their own policies on these types of events. The form is available on this site for use as needed. This form can also be used for IT equipment that has sustained damage.