Cybersecurity Awareness Training

We all play a critical role in protecting the privacy of data.

Malicious actors are continually probing for weaknesses in our defenses.

Common methods for unauthorized access into our systems are via phishing e-mails, targeting accounts with insecure, reused passwords, and unsecured file storage and devices. Due to the frequency and severity of these attacks, both regulators and cyber liability insurers have mandated that organizations must provide cybersecurity awareness training.

On Friday, April 28, 2023, all CCE staff should have received two e-mails from campus about a required Cybersecurity Awareness training.  The first e-mail explained the how and why for this training.  The second e-mail was from Cornell CULearn with the link to the course.

The deadline to complete the training is June 16, 2023 but I strongly encourage everyone to take it ASAP.  It will take about 20 – 25 minutes to complete.

• If you cannot find the first e-mail in your Inbox, you can log in and view a copy at Verified Cornell Communications | IT@Cornell
  • Scroll down the list for:  “ITSO 100: Cybersecurity Awareness training due by June 16”
• If you cannot find the second e-mail with the course link:   Click here for a direct link to the CULearn Cybersecurity Awareness course

Course Tips:

• Cornell recommends using the Chrome web browser for CULearn courses.
• You may need to enable popups in your web browser to launch the course.
  • In the address bar, click Pop-up blocked .
  • Click the link for the pop-up you want to see.
  • To always see pop-ups for the site, select Always allow pop-ups and redirects from [site] and then Done.
• Quiz – You must achieve a score of 100% on the 5-question quiz to complete the course. You may take the quiz as many times as needed to achieve that score.
  • After receiving a perfect score on the quiz, be sure to scroll down and click Next to listen to the short farewell message and to access the link to the PDF with all the information reviewed during the course.
• Certificate of Completion – Please print or send a copy of the certificate to your supervisor.
  • After you have completed the course, you will receive a follow up e-mail with a link back to the course’s home page where you can click to print the certificate of completion.
  • OR you can log into CULearn at https://culearn.cornell.edu/
    • In the left column, under Completed Learning, click on the ITSO Cybersecurity Awareness course to view the course homepage and click on Print Certificate.

RELATED INFORMATION:

Limiting Access to Your Data:

The majority of our association and program files are saved to the file server.  Permissions are determined by Executive Directors and supervisors and implemented/maintained by IT staff.

BUT what about cloud storage?  I want to take a moment to encourage anyone who uses cloud storage (ex. Box Drive) to review the permissions on your shared folders and files.

• • Check ownership and collaborators to be sure it reflects who should have current access to that data.  Remove permissions that are no longer needed for each folder you have ownership of.
  • Box folders and permissions:  https://www.screencast.com/t/EVxeqVX4

“Certified Desktop”:

In the training, the instructor mentions “Certified Desktop” which is a package of security tools to protect Cornell University computers.
Currently, CCE computers do not have access to this full software suite so if you click on the “Certified Desktop Self-Check” link, it will show “no devices found”.

Below is a list of the individual tools within Certified Desktop that CCE does utilize right now to protect our computers:

• CrashPlan (formerly Code42) – Computer backup software
  • Provides secure, real-time backup, archiving, and versioning of files for computers. This helps protect us from ransomware attacks and fraud and streamlines the process of transitioning local files to a new computer.
• CrowdStrike — Advanced endpoint protection with antivirus and anti-malware
  • Software runs in real time and helps prevent malware installation.  It will also notify IT staff if there is potential malware on a computer.
• Spirion — Confidential data identification software
  • Software that allows you to manually scan your computer to identify and remove confidential data, such as Social Security, credit card, or bank account numbers.