The campus has recently been targeted by several social engineering attacks. Social engineering attacks utilize phone calls and emails to manipulate people into performing actions they should not do, such as using a web browser to visit an infected web site, installing software for purposes of providing “computer support,” or divulging confidential information.
Some short optional videos are available on the CSU, Chico Development and Training System (DTS) which provide additional details about these types of attacks as well as other information security topics: https://www.csuchico.edu/isec/tools_resources/sans_securing_the_human_security_training.shtml
Security Awareness Modules for Staff (Recommended Courses)
| Social Engineering 02:53
Many of today’s most common cyber-attacks are based on social engineering. As such, this module explains what social engineering is, how attackers fool people and what to look out for. We then demonstrate a common social engineering attack. We finish with how people can detect these attacks and how to respond to them. |
| Email & Messaging 04:52
One of the primary means of hacking people is through email. Email is used for both simple, large-scale attacks and more targeted spearphishing attacks. We explain how these attacks work, including recent examples of phishing, spearphishing, malicious attachments and other email-based attacks. We then explain how these types of attacks work for almost any type of messaging technology. We then explain how to detect and stop these attacks. |
| Mobile Device Security 03:40
Today’s mobile devices, including tablets and smartphones, are extremely powerful. However, they also come with a growing number of risks. In most cases, these devices have the same functionality, complexity and risks as a computer, but with the additional risk of being highly mobile and easy to lose. We cover how to use mobile devices safely and how to protect the data on them |
Security Awareness Modules for Faculty (Recommended Courses)
| Social Engineering 02:53
Many of today’s most common cyber-attacks are based on social engineering. As such, this module explains what social engineering is, how attackers fool people and what to look out for. We then demonstrate a common social engineering attack. We finish with how people can detect these attacks and how to respond to them. |
| Email & Messaging 04:52
One of the primary means of hacking people is through email. Email is used for both simple, large-scale attacks and more targeted spearphishing attacks. We explain how these attacks work, including recent examples of phishing, spearphishing, malicious attachments and other email-based attacks. We then explain how these types of attacks work for almost any type of messaging technology. We then explain how to detect and stop these attacks. |
| FERPA 04:32
The Family Educational Rights and Privacy Act, also known as FERPA, is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. This module explains the rules and regulations all school faculty, staff, contractors and student employees should follow when handling student information. This module is built on and requires people to watch the Data Security module first. |
More security information is available on the CSU, Chico Information Security (ISEC) website: http://www.csuchico.edu/isec
