Carnegie Mellon University
National Cyber Security Awareness Month

Focusing on Our Shared Responsibility During 2016 National Cyber Security Awareness Month (NCSAM)

National Campaigns

National Cyber Security Awareness Month, observed each October, promotes safety on-line. This year’s theme is Our Shared Responsibility.  Stop. Think. Connect ( by the Department of Homeland Security, and Stay Safe Online ( by the National Cyber Security Alliance have much more information about sharing the responsibility of protecting our shared systems and networks in the world at large.

Carnegie Mellon's Campaign

A big part of our shared responsibility at Carnegie Mellon involves reporting concerns as quickly as possible.  The ISO depends on you to recognize and report the following issues. 

The ISO depends on you to recognize and report these issues.  If you notice any ransomware, phishing or malicious attachments, please forward the e-mail with the full headers to ISO at


Recently, many individuals on campus have been victims of ransomware.  Good preparation and backups can ensure that you don't fall victim to this threat. 


Phishing e-mails are also on the rise, and the security of CMU's systems can depend on your ability to spot a phish and report it.  Anti-phishing Phil and Phyllis are two games you can play to learn to spot phishing e-mails.  

Malicious Attachments

Malicious attachments are those that do something "bad" to your computer when you click on them or open them.  These are generally word documents with macros, HTML pages or PDF files.  They can install ransomware or other malware that can compromise the security of your system and your AndrewID.  If you don't recognize the sender of the e-mail or are not expecting an attachment from them, please consider whether you should click on it.  If you're not sure, please report it to ISO and we can help you determine if the attachment is malicious or not.

Two-factor Authentication

While two-factor authentication is not a panacea against phishing, it does make it harder for attackers to use compromised credentials.  Two-factor authentication is a combination of something you know (your password), and something you have (a token or one time key).  An attacker would need to have both pieces of information in order to log in as you.  Many services, such as Google, Apple, Facebook, many banks, and others support two-factor authentication, sometimes called two-step verification, in various ways.  Consider enabling two-factor authentication on all of your important accounts!

Closer to home, Computing Services is currently in the testing phases of Duo Security for two-factor authentication for expanded use throughout the university.  For more information about Duo and multi-factor authentication, see Multi-Factor Authentication in the January 2016 edition of Cursor on Computing Services’ website:

You can also see our presentation on what two-factor authentication is and how it will help secure our systems.

EDUCAUSE Webinar "Top Attack Techniques, Top Human Risks, and How to Create a CyberAware Culture"

EDUCAUSE Live! is a series of free, hour-long interactive webinars on critical information technology topics in higher education. In observance of National Cyber Security Awareness Month, EDUCAUSE offered a free Webinar on October 11, by Lance Spitzner and Johannes Ullrich from SANS, on Top Attack Techniques, Top Human Risks, and How to Create a CyberAware Culture at 1:00 - 2:00 p.m. ET. Registration is open to all university faculty, staff and students.

More information is available at