This message was sent to the Rockefeller community from the Office of the Executive President on March 25, 2020 at 3:49 p.m.
Subject: Updates on Information Technology resources and cybersecurity
Dear Rockefeller colleagues,
I hope this message finds you and yours well.
As a result of COVID-19, the Rockefeller community, like many of our peers in academia and research, has rapidly transitioned to a remote work environment. This necessitates increased reliance on remote access technologies like Zoom, Virtual Private Networking (VPN), and other productivity and communications tools, which many of us are using for the first time. In addition, the unprecedented speed of this transition has increased the demand on the university’s personnel, including the information technology and cybersecurity staff, potentially affecting their ability to rapidly detect and respond to cyberattacks. Although our dedicated IT staff is available to help, there are also some best practices and common self-help reminders to keep in mind—the cybersecurity equivalent of “wash your hands regularly,” if you will.
Shifts in internet usage embolden cybercriminals, who are always looking to capitalize on periods of change and uncertainty. Not surprisingly, Rockefeller is experiencing increased levels of cyberattacks—especially phishing attacks.Our defenses are currently protecting the university, and our information security team continues to closely monitor our network. However, maintaining the integrity of our electronic assets and systems is a team effort, and we ask everyone to be especially vigilant during this time. More information about our information security resources and initiatives can be found here.
Please review these practices to minimize your—and the university’s—exposure to risk:
- Think before you click! If someone sends you a link to a website that you wish to visit, whenever possible open a new browser window and type the name of the website instead of clicking on the link provided in the e-mail.
- Be especially aware and suspicious of emails such as those posing to be from the World Health Organization or the Centers for Disease Control. The hyperlinks in these emails can be malicious or attempt to seek donations for fraudulent organizations. One click can compromise your identity and potentially the university’s network.
- Be cautious about opening attachments that you aren’t expecting, especially from unknown sources.
- Be suspicious of phone calls and e-mails that ask you to reveal information about yourself. There have been recent reports of scammers posing as the health department. Never give out your social security, financial, or other private information.
- Rockefeller personnel will never ask for your credentials (passphrase).
- Ensure that your systems, applications, and mobile devices are patched, up to date, and meet the university’s security guidelines.
- Ensure that your data is backed up.
- Be sure to review the university’s IT resources web page on how to work remotely, including instructions on how to access and use DUO, VPN, and Zoom to conduct virtual meetings. Confirm that critical applications such as Zoom are up to date and use a meeting password.
If you have any questions regarding these guidelines and practices or need help in implementing them, please contact the help desk via e-mail at email@example.com or phone 212-327-8940.
Thank you for your continued diligence and support. In more ways than ever, we are truly in this together.
Timothy P. O’Connor
Executive Vice President
The Rockefeller University