January 2022 IT Security Newsletter

Share on

January 28 is Data Privacy Day and has become an annual effort to promote data privacy awareness and education. Sponsored by the National Cyber Security Alliance (NCSA), this year’s theme is A New Era in Privacy.

Please read below to learn more.

Data Privacy Day

Data Privacy Day, known as Data Protection Day internationally, has become a lot more important in the last few years as we have recognized General Data Protection Regulation (GDPR) in the European Union, as well as California Consumer Privacy Act (CCPA). These regulations are about giving individuals more control over their personally identifiable information (PII) instead of businesses making those decisions for them. One simple way to look at it is these regulations allow individuals to opt in to having their information shared, as opposed to having to opt out of having that information shared.

Data Privacy Day promotes activities that bring to light technology tools that promote the individual control over PII, encourage compliance with privacy laws and regulations, and create conversations with stakeholders who are looking to advance data protection and privacy. CCPA was signed into law on 09/13/2018, and became effective on 01/01/2020. In 2021, these 23 states introduced all-encompassing data privacy legislation:  Alabama, Alaska, Arizona, Colorado, Connecticut, Florida, Illinois, Kentucky, Maryland, Massachusetts, Minnesota, Mississippi, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, Texas, Utah, Virginia, Washington, and West Virginia. Of those 23 states, only Virginia and Colorado passed the legislation as law.

Data Privacy Day shows that the conversations are happening, but the Federal government has not acted to make this a national priority, so many states have taken it upon themselves to ensure that individual privacy is indeed protected. Unfortunately, the federal agencies who work with this kind of effort say that Congress is not planning to do anything anytime soon.

Now is the Time to Be Extra Vigilant

With the current Russia-Ukraine conflict, Russia has threatened cyber warfare if the US gets in Russia’s way. In fact, there have been reports that Russia is behind the massive cyberattack that took down many key government websites last week. And just this morning, the Department of Homeland Security says that the US is on “heightened alert” for a Russian cyberattack.

I want to remind everyone to be vigilant, especially at this time. We have seen how nation-state attacks have taken down critical infrastructure. Nation state actors work for a government to use cyber threats to disrupt or compromise governments, corporations, or individuals by gaining access to data and other valuable intelligence.

We know that ransomware most often comes from phishing attacks, spear phishing attacks, and bad (default) browser configurations. So please:

  1. Do NOT click on questionable links in emails you are not sure about.
  2. Do NOT open attachments in emails from anyone at all unless you are expecting it.
  3. Do NOT respond to any requests from anyone that appears to be a friend, coworker, supervisor, Department Head, Director, Dean, or even Senior Vice President and Senior Vice Chancellor asking you to do them a favor but only by replying to the email because they are not near a phone. If someone wants you to go buy gift cards, don’t do it!
  4. Do NOT use the same passwords for multiple accounts.
  5. Contact me if you have ANY doubts about an email or link.
  6. You can forward questionable emails to me because I promise I will give you advice without having to open the attachment.

I am so proud of the faculty and staff at the Institute, including CVM. I love it when you ask me what I think before you click or when you tell me what you think is wrong about an email but want to make sure. Please continue this and we will continue to be protecting the Institute’s assets and data!

Lunch & Learn Opportunities

I am planning to do some lunch and learn opportunities this year and I am wondering what you all think. Is there something in the world of cybersecurity you want to learn more about? I would love to get your thoughts on what you would like to learn, so send me an email and I will see what I get! I never forget that I am here for you and the Institute!

Thank you so much for all you do!!!