Much of the information on this page comes from CUNY Central's security page where there is additional and current data on the importance of being security-aware when dealing with computing in general.
CUNY’s Cybersecurity Resources:
<> How to Protect Yourself Against Secret Shopper, Personal Assistant, and Other Online Scams!
<> CUNY Issued Security Advisories
<> CUNY Information Security Guidelines for Working Remotely
<> CUNY’s Zoom Security Protocol
<> CUNY’s Online Security Awareness Course that is catered to CUNY students, faculty, and staff.
<> CUNY’s Security Policies & Procedures
Other Awareness Resources
CISA-backed nonprofit announces 'National Cybersecurity Education Month'
Below for k-12 but good awareness info on things for staff with kids in schools
FWIW, NYC DOE vendor breach example
Back to York Security Awareness page
Security awareness training is recommended for all computer users at CUNY. This comprehensive online course will benefit your understanding of protecting non-public university data as well as personal data for computers and wireless devices. Please click on the link provided below in order to take this 30 minute course. All new employees must take this once employment begins.
These are the more recent security advisories. Every attempt will be made to post the more significant ones for IT use only
Helpful Tips on Security Awareness
The attached PDF has helpful tips for safeguarding against cyber attacks and helping you become more aware of what to do in order to minimize and or avoid compromising your personal or professional data.
Using Caution with Email Attachments & Links
While email attachments are a popular and common way to send and receive documents, they are also a common source of viruses and spam. While our ProofPoint appliance blocks most spam in email, and our virus detection software will screen most malicious attacks caution should still be used when opening attachments, even if they appear to have been sent by someone you know. This PDF from the US-CERT department outlines general guidelines that are part of best practices when it comes to security awareness with email attachments.
Cyber Dos and Don'ts
Office of Information Technology Services Cyber security information for safeguarding and using private, sensitive information and state resources.
All About Encryption
The following section is all about encryption and how it affects you if you are storing University non-public data on your local PC or removable devices
These are some helpful best practices on using passwords
Notification was sent November 20, 2014 to entire campus regarding malware making rounds
Cybertheft and Security Breaches
Vice-Chancellor and University CIO message on Cybertheft and Security Breaches
Non-Public University Data Security
The link here is to our yearly reminder for everyone regarding compliance with the Chancellor's office and the University CIO regarding any system, reports and business processes that contain and /or use non-public University information.
What Do I Need To Know?
The following PDF explains much of what you need to be aware of when it comes to security awareness on campus and off. Please review and follow up by going to the CUNY Central website at https://security.cuny.edu for the most current details on security awareness.
90 Day CUNY Central Password Policy Support
As you may be aware of there is a 90 password policy on all systems that require authentication for access. Since the policy was instituted York has attempted to make the process easier by implementing a self service approach to password resets and changes. The attached PDF covers the steps involved in changing your password as well as completing your challenge questions for future changes.
York issued technology follows strict protocols in compliance with best practices for appropriate property management as set forth by the University. The Central office via audits tracks assets for maintaining compliance with city and state financial regulations. If a York issued asset is missing or believed to have been stolen there is a protocol for reporting that needs to be followed in order for the asset in question to be properly deposed and reported to the Central Office inventory system. When an asset is missing or stolen you must immediately notify your supervisor and IT department via an email. A form will be sent to you in order for you to provide details. This form will be sent along with the information in your email to Public Safety and the Property attendant at York. Your form will be attached to an incident which will be opened in the IT tracking system. You will receive a copy of the report which can than be used to justify replaced if needed. Any replacement cost that may be incurred is purely the decision of the Business Office following their own policies on these types of events. The form is available on this site for use as needed. This form can also be used for IT equipment that has sustained damage.