Cybersecurity Awareness Month, 2023
October 2nd, 2023

Post

Dear Colleagues,

This October marks the 20th anniversary of in the US, the purpose of which is not only to raise consciousness about the subject but to encourage proactive behavior. 

The most important takeaway from Cybersecurity Awareness Month is the foundational concept that cybersecurity is everyone鈥檚 responsibility 鈥 a tenant that is echoed throughout ITS鈥 Office of Information Security

It is a cornerstone of cybersecurity for a very good reason: Cybercriminals continue to successfully prey on people鈥檚 good nature, which in turn accounts for the majority of data breaches.

According to the Verizon 2023 Data Breach Investigative Report, 74% of all breaches target humans as the attack vector by using social engineering and business email compromise (BEC) strategies. 

With that in mind, ITS would to remind everyone at 海角社区 that we should never use a non-海角社区email account (one that does not come from @lbcc.edu) for work-related business. This is especially important for those in positions of authority as people are more apt to respond to a manager鈥檚 request.

If you should ever receive an email from an external address that appears to be from a member of LBCCD and implies that it鈥檚 work-related 鈥 even if it鈥檚 just about a party or other seemingly innocuous event 鈥 please:

  1. Contact the potential colleague directly through official channels (work phone, @lbcc.edu email address, etc.) to inform them about the attempt, and
  2. Forward the original email to reportaphish@lbcc.edu so that it may be dealt with promptly. 

Reporting these types of emails is crucial because most responses to phishing attacks at 海角社区come from staff answering the ever-present 鈥淎re you busy?鈥, 鈥淗i鈥, or 鈥淯rgent鈥 scams that appear to come from people in managerial or other authoritative positions.

Fortunately, messages that do not come from @lbcc.edu accounts are easy to identify, even on your phone, due to the following message that is located at the top of the email:

Caution Email Header

Lastly, ITS would be remiss if it didn鈥檛 remind everyone that AR 6006 specifically prohibits the sharing of your password with anyone, including your superiors, your colleagues, those who may report to you, or even ITS.

 

If you have any questions regarding this or any other previous advisory, please feel free to email the Office of Information Security.