Cybersecurity Guidance From Enterprise Risk Management and Division of Information Technology

By DoIT Communications

Enterprise Risk Management and Division of Information Technology

Date Released: 2/25/2022


To the Campus Community:


            No doubt you are paying close attention to the geopolitical world scene, and the many new and rapid developments being reported in the news related to the tensions in Europe. In light of these developments, we can expect to see an uptick in cybersecurity risk and attacks in the United States and potentially here at Stony Brook. Even if we are not directly targeted, we may potentially be affected by the downstream impact of a cloud vendor or service provider being attacked. Fraudsters from all over the world are opportunistic, so we can expect fake fundraising campaigns for Ukraine and other similar attacks to be prevalent as well. With that in mind, it's important to remain extra vigilant in the coming days and weeks as we monitor this delicate situation. 


What can we do to stay cyber-safe? 

Simply put, do the same things we have always done, but with renewed determination:

  1. Be on guard against incoming phishing attacks* and report them as soon as they are received. 

  2. If you observe something unusual, submit a request to have the appropriate IT professional or Information Security team review. 

  3. Review the student and faculty/staff safe computing guide.

  4. Faculty and staff should complete and review any assigned information security training.

  5. If Duo prompts you to authorize a login you did not initiate, flag the login as fraudulent via the Duo smartphone app.

  6. Confirm that critical data is adequately backed up and consider how you could maintain critical functions even if some services are offline for a period of time.


*If you fall victim to a phishing attack and realize after the fact, immediately change your NetID password and open a ticket for further assistance via


Thank you for your diligence and attention to this matter.

Lawrence M. Zacarese

Vice President for Enterprise Risk Management

Chief Security Officer


Matt Nappi

Chief Information Security Officer

Assistant Vice President