Penn State shares tips for National Cybersecurity Awareness Month

Credit: Penn State / Penn StateCreative Commons

UNIVERSITY PARK, Pa. — Higher education institutions are frequently targeted by cybercriminals looking to gain unauthorized access to their vast amount of personal information and research data. With October marking another National Cybersecurity Awareness Month, Penn State has once again joined the nationwide effort to draw attention to ways we can better protect our important data and digital identities.

Rich Sparrow, acting chief information security officer at Penn State, noted that while some types of cyberattacks are increasing in higher education environments — including ransomware attacks and attempts to steal intellectual property — other types of attacks have decreased at Penn State due to steps the University has taken. Phishing scams, for instance, are less prevalent now that the University has transitioned to Office 365 and students, faculty and staff all use Two-Factor Authentication (2FA). Still, members of the University community are encouraged to remain vigilant.

“This is also where the personal piece comes into play,” Sparrow said. “Personal email accounts and other personal accounts remain particularly vulnerable. The tips we’re highlighting during this National Cybersecurity Awareness Month are things you should always pay attention to as a good digital citizen — not only in your work and studies at Penn State, but in all of your online activities.”

1. Watch out for phishing scams

Phishing scams attempt to steal personal data like credit card numbers, passwords, Social Security numbers and other information through sending fraudulent emails that appear to come from organizations you know and trust — like your bank, credit card company or school. Watch out for such emails, which can often include authentic-looking logos and links, and forward any suspicious emails you receive to your Penn State email account to

2. Secure your devices 

Smartphones and tablets are targets for criminals looking to steal your personal data. It’s important to keep your mobile devices protected by always enabling strong home screen passwords and locks, since these passwords can protect your data if the devices are ever misplaced or stolen. 

3. Prepare for ransomware attacks

Ransomware is a type of malware ("malicious software”) designed to block access to all or part of a computer system — including your photos, classwork and other personal documents — until a sum of money or “ransom” is paid. It displays a message that claims you can regain access to your files by paying the ransom, but there is no guarantee you will. Back up your data often to help recover from ransomware attacks.

4. Protect intellectual property

Intellectual property includes creations of the mind: inventions, research, literary and artistic works, symbols, names, images and designs, and trade secrets that may have patents, trademarks or copyrights. With ransomware and other types of security breaches increasing, it’s important to take steps to protect your valuable data by using strong passwords, encrypting data and limiting external sharing of data.

5. Practice password safety

It’s important to create strong passwords — or even better, pass phrases — for your Penn State Account and all other online accounts. Using 2FA also adds an extra layer of protection that makes it more difficult for someone else to log in to your accounts, and is always recommended if available. Learn more about password safety on the Office of Information Security website.

For more information on Penn State’s Office of Information Security, visit

Last Updated September 25, 2020