About SF State's Security Awareness Program
The Information Security Awareness program for faculty and staff is designed to help employees understand and respond to cybersecurity threats.
- Advisory Messages – Will be sent monthly to faculty and staff who use Exchange. Each message will focus on a specific aspect of cybersecurity, and will include tips to prevent successful attacks.
- Phishing Training Exercises – Studies have indicated 91% of cyberattacks start with phishing. The phishing training is intended to help employees spot phishing attacks in their work and personal lives. Convincing phishing messages will be periodically sent to employees to illustrate the ways phishing messages are designed to trick people. The fake phishing messages will be based on real phishing messages, using similar techniques to trick the recipient. If you receive any phishing messages, please report them following the Report Phishing guide. Results of phishing training exercises will be used to assist individuals who may need additional training.
- In Person Training – Information Security team members are available to join formal and informal meetings to review and discuss cybersecurity topics, especially for high-risk areas. Examples of groups we have met with include: Human Resources, Student Health Services, Undergraduate Admissions, and the Campus Technology Council (CTC).
Security Awareness Advisory Topics
Each month a cybersecurity issue will be added, along with suggestions to manage the risk.
- Security Awareness - Meltdown and Spectre security vulnerabilities (Jan 2018)
- Security Awareness - Phishing (Nov 2017)
- Security Awareness - Malware Self-Defense (Dec 2017)
- Using the PhishMe Reporter to report phishing and spam
- How to report phishing and spam messages without PhishMe Reporter
- Advice for email senders to make email more trustworthy
- How to report phishing Websites
Future advisory topics not shown in order. Send suggestions for topics to: security@sfsu.edu
- Avoiding phishing scams / IRS scams
- Avoiding ransomware attacks
- Creating and storing passwords
- Information security is our shared responsibility
- Managing your online reputation
- Preventing device theft
- Protecting yourself from identity theft
- Securing mobile devices
- Securing your computer
- What is your personal backup plan?