UO Cybersecurity Basics Training Overview

Introduction

UO Cybersecurity Basics is an online training available to all UO employees. This page provides information about the training and how to access it, and further information about cybersecurity awareness.

This training is part of the UO's security awareness training program, the ongoing effort to educate the UO community about policies, procedures, and best practices relating to information security.

UO Cybersecurity Basics Training

Access the UO Cybersecurity Basics training through MyTrack.

The training includes three brief, interactive modules:

Eligibility

  • This training is available to and strongly recommend for all UO employees — faculty, staff, graduate employees, and student employees.
  • Some departments or units across the university may use this training to satisfy regulatory requirements. If this training is mandatory for your position, your supervisor will inform you. Please ask your supervisor if you have any questions about what training is mandatory for your position at the university.  

Introduction to Cybersecurity

What is cybersecurity? It is the protection of computing systems and the data that they store or access.

Why isn't this just an IT problem?

The 90:10 rule illustrates this problem.

  • 10% of the safeguards are technical and require no user interaction.
  • 90% of all of the safeguards applied towards your computer depend on the computer user — a.k.a. you — to adhere to good computer security practices. 

For a non-technical example of the 90:10 rule, think about a lock on a door. The lock is the 10%. The user remembering to lock the lock, checking the lock, checking to see if the door is closed, making sure others lock the door, keeping control of the keys, etc., is the other 90%.

This means:

What can I do to help?

  • Learn good cybersecurity practices. Take the training and encourage others to do the same.
  • Report anything that seems unusual:
  • Use strong, unique passphrases.
  • Keep your computers and devices updated with the latest OS and security patches.
  • Don't click on suspicious or unsolicited links in email messages.
  • Make sure your computer is protected with up-to-date antivirus software.
  • Remember that information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept.
    • To help reduce the risk, look for https in the URL before entering any sensitive information.
    • Avoid standard, unencrypted email and unencrypted instant messaging if you are concerned about privacy.

Why should I care? There's nothing on my computer anyway...

Maybe you don't care if the data on your computer is stolen, or you think your computer isn't a target. However, often the hacker isn't even targeting you specifically. Most likely, they want access to a computer or online identity to monetize it, or to sell it to another cybercriminal. Here is a partial list of what cybercriminals may use a compromised computer for:

  • As a webserver.
    • Distribute illicit images or software.
    • Send spam or phishing messages to others.
    • Distribute malware.
  • As part of a botnet.
    • Generate large volumes of traffic to slow the network.
    • Become a CAPTCHA-solving zombie.
    • Generate cryptocurrency.
  • To hijack your online identity or sell your info.
    • Hijack your accounts for Twitter, Facebook, Instagram, Google, Microsoft 365, etc.
    • Hijack your online gaming characters.
    • Steal your online financial information.
    • Steal license keys from your software, games, or operating system.
  • For extortion.
    • Use webcam images to blackmail you.
    • Use ransomware to extort money from you.
    • To install fake security software.

Account Locks

Duck ID accounts that have known compromised passwords will be locked until the user is able to contact support.

  • The Information Security Office will make a good faith effort to identify and contact the system owner before this happens.
  • The Information Security Program Policy empowers the ISO to defend UO networks.

If the Information Security Office detects a device is compromised, even though it may not have sensitive information, it may be blocked or disconnected from the UO network.

What are the potential consequences for a security violation?

  • Risk to security and integrity of personal or confidential information.
    • E.g., identity theft, data corruption or destruction, lack of availability of critical information in an emergency, etc.
  • Loss of valuable university business information.
  • Loss of trust from the UO community and the public, embarrassment, bad publicity, media coverage, news reports.
  • Costly reporting requirements in the case of a compromise of certain types of personal, financial, and health information.
  • Internal disciplinary action(s) up to and including termination of employment, as well as possible penalties, prosecution and the potential for sanctions or lawsuits.

Additional Resources

Details

Article ID: 140418
Created
Mon 4/4/22 12:53 PM
Modified
Thu 10/27/22 2:10 PM

Related Articles (5)

This page provides tips to for protecting yourself against online scams related to COVID-19.
What is Doxxing, how do we avoid it, and respond if it should happen.
This article provides a high level overview of securing home networks with links to specific articles.
Creating a strong password might seem like a daunting task. Here are some recommendations that can help you.
This article describes the Security Awareness Program at the University of Oregon

Related Services / Offerings (1)

UO Staff, Faculty, and Students use this service for requesting help with the University of Oregon’s Security Awareness Program.