Cybersecurity Awareness Month 2025

Published on: October 01, 2025

October is Cybersecurity Awareness Month, a global effort to stay safe and protected when using technology and connecting online. UT Southwestern's Office of Information Security (InfoSec) has tips and guidance on how faculty, staff, and learners can keep their digital lives secure while protecting UTSW.

Phishing

Scams such as email phishing, vishing (recorded voice phishing), and smishing (SMS/text phishing) aim to steal sensitive data or money. UTSW employees are the first line of defense, so understanding how to recognize and report phishing is critical to protecting our community.

Why it's important

These attacks have grown to use increasingly sophisticated generative artificial intelligence (AI) to create complex and precise messages, including using convincing methods such as deepfakes. What makes these attacks dangerous is their ability to bypass security controls by targeting human psychology. Phishing emails can now mimic an institution's writing style and reference specific projects or relationships, making them nearly indistinguishable from legitimate communications.

Recognize phishing

Always verify unexpected requests for information or money.
Be suspicious of pretexting techniques in phishing scams – the sender will act as if they have met you or create a believable scenario (such as a research collaboration) that tricks you into sending sensitive information.
Stop and think before joining external communication channels such as WhatsApp or WeChat – UTSW business should be conducted only on UTSW-approved messaging platforms.
Double-check and examine email addresses, attachments, and QR codes carefully.
Be wary of messages creating urgency or threatening negative consequences.
Never click links in unexpected messages; instead, type URLs directly into your browser.
Watch for urgency, bad grammar, spelling errors, or inconsistent formatting.
Check for generic greetings such as “Dear Sir/Madam” instead of your name.
Be especially careful with messages about passwords, account verifications, or financial information.

Report suspicious activity

Click the “Report Phish” icon in Outlook.
informationsecurity@utsouthwestern.edu the UTSW Information Security team.

Phishing Basics

Software updates and device security

Outdated software exposes systems to known vulnerabilities. To reduce this risk, regularly update your personal devices, operating systems, applications, and browser extensions. Enable automatic updates whenever possible to receive timely notifications about new patches. When updates are available, act promptly; installing them is a critical step in maintaining system security and preventing potential breaches.

Mobile and laptop devices

The biggest security risk is leaving devices unattended in public places, such as at an airport, hotel, or restaurant, or inside a vehicle. In the event of a theft or loss of your personal or work devices, it is wise to use features to enable multifactor authentication (MFA) to secure your personal and work accounts.

For UTSW-owned devices

Use OneDrive and Teams storage to access data when you’re on the go.
Use only the (P:) drive to store data directly on the institution's laptop.

Visit the InfoSec laptop security page for detailed protection tips. In the event of a theft or loss of a UTSW device, please report the incident ASAP.

Full Details and File a Report

Data protection and privacy

Personally identifiable information (PII) and protected health information (PHI) must be handled with care to prevent unauthorized access, identity theft, and costly data breaches. To reduce risk, always follow the principle of data minimization: Share only what’s necessary for the task at hand.

Use encryption whenever possible to protect data.

Do your part

Ensuring information security is a shared responsibility across our organization. Everyone plays a vital role in safeguarding our systems, data, and operations by remaining vigilant, adhering to established protocols, and responding appropriately to potential threats.