NYCHA Now

NYCHANow chronicles the hard work of the men and women who make the New York City Housing Authority run, reporting the latest news and happenings.

NYCHA Now
IT News and Notes October 2023 

October Is Cybersecurity Awareness Month 

Vincent Echavaria

Cybersecurity Awareness Month Turns 20! 

This October marks the 20th year of Cybersecurity Awareness Month. The campaign is a collaborative effort between government and industry to ensure web users have the resources they need to stay safe and secure online. According to the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance, some key actions that everyone should take include:  

  • Enabling multi-factor authentication (MFA);  
  • Using strong passwords;  
  • Recognizing and reporting phishing; and  
  • Updating their software. 

Security Culture – A Shared Responsibility 

This year’s campaign theme, “Security Culture – A Shared Responsibility,” is about knowing how adopting secure behaviors online benefits individuals both personally and professionally. Working together to adopt responsible practices helps strengthen NYCHA’s cybersecurity. When you take control of how you behave online, you’re playing a part in creating a strong security culture at home and at work.  

Building a Strong Security Culture 

Fostering a strong security culture at NYCHA starts with everyone understanding their role in safeguarding against cyber threats and being committed to acting. For instance, by reporting a suspicious email instead of deleting or ignoring it, you actively contribute to building the security culture at NYCHA. 

Learning about cybersecurity best practices is another way to build a security culture. All NYCHA employees are encouraged to complete the cybersecurity awareness online training offered through our partner organization, the NYC Office of Technology and Innovation’s Cyber Command. You should have already received an email from no-reply@training.knowbe4.com​ about your training (you can also click here to access the training). As you become more comfortable with cybersecurity best practices, you’ll be able to spot attempted cyber attacks and know how to respond.  

Spotting Online “Fakes” 

Cyber threats are very real and they usually seek the path of least resistance – 70 percent of data breaches start with phishing or social engineering! With cyber threats, they’ll fake it till they break in. 

Armed with some basic awareness of cyber threats, you can protect yourself, your agency, and even your family. For example, if you receive a random email from a vendor or City employee you don’t know, don’t automatically assume it is legitimate – especially if it has an attachment, link, or phone number. Here are four questions you can ask yourself to detect a potential scam: 

  • Did the message arrive unexpectedly? 
  • Is it the first time the sender has asked you to perform the requested action? 
  • Does the request include a stressor, such as “you need to do this now?” 
  • Can performing the request harm your interests?  

When You Report, We Get Stronger 

Report a suspicious email immediately. Reporting phishing attempts is crucial because it allows for timely identification and response to potential security threats within NYCHA. 

  • Use the Phish Alert Button (or forward the email as an attachment to phish@oti.nyc.gov) anytime you sense an email is suspicious.  
  • There are no negative consequences for reporting an email – even if it turns out to be legitimate.  
  • If an email is legitimate, the sender will usually follow up with you in a couple of days. You can also contact them in person to be sure.  

Enjoy Safe Scanning 

A QR code simplifies tasks by enabling easy and quick access to information, websites, or services through a simple smartphone scan. However, the use of QR codes can pose security risks for an organization – so it is important to keep your data secure by following these tips: 

  • Use the built-in QR code scanner in your device’s camera app. If your device doesn’t have a built-in scanner, only download a trusted third-party scanning app from your device’s official app store. 
  • Check for physical tampering before you scan. Cybercriminals can generate malicious QR codes and print them as stickers to cover up legitimate ones. 
  • Review the link displayed on your device’s scanning app before you click. Look for spelling errors, misplaced characters, and shortened web addresses, which are signs of a malicious website. 
  • Be cautious when entering sensitive information. If you’re directed to a website by a QR code and asked to enter sensitive or personal information, make sure it is legitimate. If you’re not sure, don’t enter the information. 

NYC Secure App 

For increased security, you can download the NYC Secure App on your personal mobile devices by visiting secure.nyc. NYC Secure is a free, New York City-funded mobile app that will alert you if your mobile device or tablet encounters threats such as a potentially unsecure Wi-Fi network and will offer recommendations on how to address the threats. The app was designed with your privacy in mind. No information about you leaves the device.