Security Awareness Portal

  1. Home
  2. Security Awareness Portal
Security Awareness Program

A Security Awareness Program is a structured initiative aimed at educating and training individuals within organizations and educational institutions on how to protect themselves and their institutions from security threats like cyberattacks, data breaches, and insider threats. The primary goal is to foster a culture of security awareness, ensuring that staff, faculty, and students understand the importance of safeguarding sensitive information and adhering to best practices to minimize risks.

IT Policies

To see a list of all of our IT Policies, please visit the IT Policies page on Inside.

Do's

  • Use strong, unique passwords - Avoid using easily guessable information like birthdays or pet names. Consider using a password manager to generate and store complex passwords.
  • Enable two-factor authentication (2FA) - This adds an extra layer of security by requiring a code sent to your phone or another device to log in. To enable two-step verification in Google, click here.
  • Be cautious of attachments and links - Avoid opening attachments or clicking links from unknown or suspicious senders. If you must open an attachment, scan it with antivirus software first.
  • Verify sender addresses - Hover over the sender's name to check the actual email address. If it doesn't match the expected address, be cautious.
  • Report phishing attempts - If you receive a suspicious email, report it using the KnowBe4 Phish Alert Button in Gmail.
  • Keep your software updated - Ensure your operating system, and antivirus software are up-to-date with the latest security patches.
  • Educate yourself - Stay informed about the latest email scams and security threats.
  • When in doubt - Contact the CNIT Service Desk.

Don'ts

  • Reply to unsolicited emails - Avoid responding to emails from unknown or suspicious senders.
  • Share personal information - Never share sensitive information like credit card numbers or passwords in emails.
  • Open attachments from unknown senders - Only open attachments from trusted sources and scan them before opening.
  • Click on links in suspicious emails - Avoid clicking on links in emails from unknown or suspicious senders.
  • Ignore security warnings - If your email client or antivirus software issues a warning, take it seriously and investigate the issue.
  • Reuse passwords - Use unique passwords for each online account.
Phishing: Recognize and Report

Phishing is a type of email scam where the attacker sends emails that impersonate a company (often financial), a service desk, an employer, or someone that you already know and trust. The goal is to:

  • Steal personal information by tricking you into entering your username, password, PIN, or other sensitive information.
  • Install malware or viruses on your computer that can record keystrokes, capture saved or stored information, or destroy files.

For example, Heidelberg students, faculty, and staff may receive emails that appear to come from trusted sources like “CNIT,” “Oasis,” with a link to a website where you are asked to enter your username and password to “verify your account.”

How to Handle a Phishing Message:
  1. Identify the email as suspicious.
    Phishing messages usually have one or more of the following:
    • Spelling or grammatical errors. These should be immediate red flags.
    • Heightened urgency. Phishing attempts often try to get you to respond before you can think.
    • Generic signatures. A signature line with “CNIT Department” rather than a University’s official whose name you can verify.
    • A request for personal information from contacts you did not initiate.
  2.  If you think it’s suspicious, report it:
    • Use the KnowBe4 Phish Alert Button to report the message.
  3. If you have already clicked on a phishing link or have entered your information on a suspicious site:
    • Change your password in Oasis immediately.
    • Contact the CNIT Service Desk at 419-448-2088.