Cybersecurity Awareness Month, 2023
October 2nd, 2023
This October marks the 20th anniversary of Cybersecurity Awareness Month in the US, the purpose of which is not only to raise consciousness about the subject but to encourage proactive behavior.
The most important takeaway from Cybersecurity Awareness Month is the foundational concept that cybersecurity is everyone’s responsibility — a tenant that is echoed throughout ITS’ Office of Information Security.
It is a cornerstone of cybersecurity for a very good reason: Cybercriminals continue to successfully prey on people’s good nature, which in turn accounts for the majority of data breaches.
According to the Verizon 2023 Data Breach Investigative Report, 74% of all breaches target humans as the attack vector by using social engineering and business email compromise (BEC) strategies.
With that in mind, ITS would to remind everyone at Long Beach City College that we should never use a non-LBCC email account (one that does not come from @lbcc.edu) for work-related business. This is especially important for those in positions of authority as people are more apt to respond to a manager’s request.
If you should ever receive an email from an external address that appears to be from a member of LBCCD and implies that it’s work-related — even if it’s just about a party or other seemingly innocuous event — please:
- Contact the potential colleague directly through official channels (work phone, @lbcc.edu email address, etc.) to inform them about the attempt, and
- Forward the original email to firstname.lastname@example.org so that it may be dealt with in a timely manner.
Reporting these types of emails is crucial because most responses to phishing attacks at LBCC come from staff answering the ever-present “Are you busy?”, “Hi”, or “Urgent” scams that appear to come from people in managerial or other authoritative positions.
Fortunately, messages that do not come from @lbcc.edu accounts are easy to identify, even on your phone, due to the following message that is located at the top of the email:
Lastly, ITS would be remiss if it didn’t remind everyone that AR 6006 specifically prohibits the sharing of your password with anyone, including your superiors, your colleagues, those who may report to you, or even ITS.