Introduction
UO Cybersecurity Basics is an online training available to all UO employees. This page provides information about the training and how to access it, and further information about cybersecurity awareness.
This training is part of the UO's security awareness training program, the ongoing effort to educate the UO community about policies, procedures, and best practices relating to information security.
UO Cybersecurity Basics Training
Access the UO Cybersecurity Basics training through MyTrack.
The training includes three brief, interactive modules:
Eligibility
- This training is available to and strongly recommend for all UO employees — faculty, staff, graduate employees, and student employees.
- Some departments or units across the university may use this training to satisfy regulatory requirements. If this training is mandatory for your position, your supervisor will inform you. Please ask your supervisor if you have any questions about what training is mandatory for your position at the university.
Introduction to Cybersecurity
What is cybersecurity? It is the protection of computing systems and the data that they store or access.
Why isn't this just an IT problem?
The University of Oregon Information Security Office works hard to protect the university’s network and the privacy of its users; however, user action plays a significant role in impacting cybersecurity. Among other best practices, users should:
- Take cybersecurity awareness training.
- Be aware of malicious and scam phishing emails.
- Be cautious when clicking on links in emails or messages.
- Do not open email attachments received from unknown senders.
- Handle information appropriately.
- Don’t share sensitive information with parties who shouldn’t have it.
- Back up your sensitive data.
- Keep your operating system and application software up to date on all of the devices you use.
- Use a VPN while on public networks.
- Use strong, unique passwords for each online account.
- Enable two factor login for each of your online accounts.
This means:
What can I do to help?
- Learn good cybersecurity practices. Take the training and encourage others to do the same.
- Report anything that seems unusual:
- Use strong, unique passphrases.
- Keep your computers and devices updated with the latest OS and security patches.
- Don't click on suspicious or unsolicited links in email messages.
- Make sure your computer is protected with up-to-date antivirus software.
- Remember that information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept.
- To help reduce the risk, look for https in the URL before entering any sensitive information.
- Avoid standard, unencrypted email and unencrypted instant messaging if you are concerned about privacy.
Why should I care? There's nothing on my computer anyway...
Maybe you don't care if the data on your computer is stolen, or you think your computer isn't a target. However, often the hacker isn't even targeting you specifically. Most likely, they want access to a computer or online identity to monetize it, or to sell it to another cybercriminal. Here is a partial list of what cybercriminals may use a compromised computer for:
- As a web server.
- Distribute illicit images or software.
- Send spam or phishing messages to others.
- Distribute malware.
- As part of a botnet.
- Generate large volumes of traffic to slow the network.
- Become a CAPTCHA-solving zombie.
- Generate cryptocurrency.
- To hijack your online identity or sell your info.
- Hijack your accounts for Twitter, Facebook, Instagram, Google, Microsoft 365, etc.
- Hijack your online gaming characters.
- Steal your online financial information.
- Steal license keys from your software, games, or operating system.
- For extortion.
- Use webcam images to blackmail you.
- Use ransomware to extort money from you.
- To install fake security software.
Account Locks
Duck ID accounts that have known compromised passwords will be locked until the user is able to contact support.
- The Information Security Office will make a good faith effort to identify and contact the system owner before this happens.
- The Information Security Program Policy empowers the ISO to defend UO networks.
If the Information Security Office detects a device is compromised, even though it may not have sensitive information, it may be blocked or disconnected from the UO network.
What are the potential consequences for a security violation?
- Risk to security and integrity of personal or confidential information.
- I.e., identity theft, data corruption or destruction, lack of availability of critical information in an emergency, etc.
- Loss of valuable university business information.
- Loss of trust from the UO community and the public, embarrassment, bad publicity, media coverage, news reports.
- Costly reporting requirements in the case of a compromise of certain types of personal, financial, and health information.
- Internal disciplinary action(s) up to and including termination of employment, as well as possible penalties, prosecution and the potential for sanctions or lawsuits.
Additional Resources