Information Security Awareness Month: October 2018
Week 4: Securing Your Devices
It is important these days to make sure that our devices are secure. Boston University has the Minimum Security Standards policy that defines the security requirements for devices that have University data on them. For personal devices that aren’t used for University business, here are some tips to help protect them and your personal information.
Keep your computer and applications updated. Patches or updates help resolve security flaws that you might have on your system, protecting you from malicious attempts to compromise your system. Patches should be applied on a fairly regular basis at a time that’s convenient for you.
Install antivirus software. You should install antivirus software on your personal devices. Antivirus isn’t just for laptops! It should be installed on your desktop computers, tablets, and phones! Boston University provides McAfee for free here.
Enable Encryption on your device. Your devices should be encrypted using the built in encryption feature included in your phone or computer’s operating system. For personal computers, On Mac there is FileVault and Windows there is Bitlocker.
Require a password when logging into your devices. It is always good to have a password required to login to your devices. If your device gets stolen and there isn’t a login password, then the thief would have access to all of your data immediately.
Use a secure connection (often called a “VPN”) to connect to the network. Using a secure connection provides an encrypted tunnel for information to travel from your computer and throughout the internet. This is important when you are working remotely or using public WiFi hotspots where data can potentially be read by malicious individuals if it isn’t encrypted.
Week 3: Know Your Data
At Boston University, our data can be classified into 4 groups:
Public Data: Data that is disclosed to anyone regardless of affiliation. Examples – The published BU Directory, public websites
Internal Data: information that is potentially sensitive and is not intended to be shared with the public. Examples – procedural documentation, memos, meeting minutes
Confidential Data: Information that, if made available to unauthorized parties, may adversely affect individuals or the business of Boston University. This classification also includes data that the University is required to keep confidential, either by law (e.g., FERPA) or under a confidentiality agreement with a third party. Examples – FERPA data, BUID, salary information
Restricted Use Data: Any information that BU has a contractual, legal, or regulatory obligation to safeguard in the most stringent manner. Examples – Passwords, Social Security numbers, Driver’s License numbers, Credit Card numbers, Financial Account Information, and HIPAA data
Details on how protect our data are spelling out in our Data Protection Standards.
- You can read more about data types and classification here
- Once you know how to classify your data, you can read our guidelines on how to properly secure your data here
You should think of your own personal data the same way. It is important to know what data should and should not be made public online. Always be mindful of what you consider your most sensitive data (social security number, banking info, passwords etc) and make sure you take extra precautions to secure this information.
Information that is most critical to you (your own confidential and restricted use data) should never be shared online publicly. Always keep your passwords private, and treat answers to your security questions the same. Always consider the information you’re sharing online, including family and other personal information, as it can potentially be accessed by anyone to try to gain unauthorized access to your accounts.
Week 2: How to Avoid Being Phished
Good morning! Welcome to Week 2 of Information Security Awareness Month! Don’t miss the cybersecurity-related events on campus this week. In addition to hosting our three shredding events, the IS&T Tech Fair, themed “Secure Your Digital Life”, takes place on Wednesday October 10th at the GSU.
Our tip for the week is how to avoid being phished.
A common tactic of cyber criminals is to send very legitimate looking emails that will request you to provide your personal information. These emails are “phishing” you to see if you will provide it. If you do reply to one of these messages and provide your password, you have given the sender access to sensitive information about yourself and enabled them to use your account for a variety of illicit purposes. Some phishing messages are very clever and even the sharpest eye may fall for one. If you think you may have responded to a phishing message, or that your account has been compromised in any way, the most important thing is to immediately change your password and contact the Incident Response Team at irt@bu.edu. They will help determine if your account has been used by someone else and follow-up with any appropriate actions as needed.
For more detailed information on spoofed messages and phishing schemes, please see https://www.bu.edu/tech/services/comm/email/unwanted-email/how-to-fight-phishing/
Week 1: Welcome to Information Security Awareness Month!
Welcome to Information Security Awareness Month!
Every year Information Services & Technology dedicates time to focus on Information Security in alignment with National Cyber Security Awareness Month. We would like to take this opportunity to remind you of some basic computer security good habits to practice, including keeping your devices secure.
If you’ve listened to the news recently you may have heard of the breach of over 50 million accounts at Facebook. Similar breaches have occurred over the past several years at Equifax, LinkedIn, Yahoo and more. If you’re using the same password for Facebook as your other online accounts (including your BU Login), it might be time to change them as a precaution! If you use the same password on multiple sites the risk is even higher!
Would you like to know if your username was included in one of the reported breaches? There are websites available to help you determine if your account was included in any known breaches, such as: https://haveibeenpwned.com/
(note – the Facebook breach is very recent. Affected accounts from that specific breach may not yet be available)
If you find that your BU account has been compromised, we recommend you report it to the Incident Response Team and change your BU account password immediately.
