Important alerts

Resolved: Voicemail Services Have Been Successfully Restored.

There were ongoing issues with the voicemail servers, resulting in failed attempts to call voicemail or reach certain call centers. This problem was directly related to CHG2001255…. [read more]

Information Messages

CS Gold Downtime – Monday, June 12 – From 11 PM to 12 AM

CS Gold Downtime – Monday, June 12 – From 11 PM to 12 AM… [read more]

As Cybersecurity Awareness Month draws to a close and Halloween can be felt right around the corner, it’s a great opportunity to talk malicious communications in disguise otherwise known as phishing. Much like the visitors who knock on our doors every October 31st, they wear a variety of costumes and can assume many forms: emails, texts, and phone calls. In this case though, they are all tricks and no treats.

Social engineering is the use of deception to manipulate individuals to act in a way that benefits the attacker, such as divulging confidential or personal information that may be used for fraudulent purposes. The most common form of social engineering is phishing. Phishing occurs when a bad actor poses as a trusted person, organization, or entity to steal personal information through maliciously crafted emails or websites.

Email is an effective way for criminals to send malware or scams to an unsuspecting victim and text-based threats are rising as more people do more on mobile devices. If you are even a little bit suspicious of a text message or email – do not click. Think before you click on any suspicious emails, links or attachments and make sure to report any suspicious emails to abuse@bu.edu.

Security Action to Take This Week: Check out the BU Phish Bowl for the latest emails scams that have been reported by our community. Being vigilant and knowing what is out there will prepare you for when a phish makes its way into your inbox. This website will show you actual (and timely) phishing scams that have made it onto our network so you can identify them and avoid getting hooked!

Resource of the Week: For more information on phishing, including how to spot a phish and related training opportunities, visit our BU Phish Guide.

Security Heroes: Check out this week’s honorees, students Priyanka Banerjee and Alexander Bulekov, and learn more by visiting the Security Hero website. Have a security hero we should hear about? Email us at buinfosec@bu.edu.

Join Us this Week: This Friday October 29, from 1 – 2:30pm, the School of Public health, BUMC IT and IS&T will host “Cyber Attacks & the Threat Landscape” led by Doug Domin, FBI Boston. Visit our site for more information and to register for this Zoom event.

Stay safe & phish-free!

Week 3: October 19, 2021

Week 3: October 19th, 2021

Terrier Cybersecurity Checkup

Students, Faculty & Staff,

You’ll often hear us promote taking an “active role in your own cybersecurity,” or as the Cybersecurity Awareness Month tag line states “Do your part #BeCyberSmart.” Taking an active role can be as simple as stopping and thinking before clicking on a link in an email, but this week we have something more to recommend: the Terrier Cybersecurity Checkup! The Terrier Cybersecurity Checkup website is exclusive to those who have a BU account. Our checkup will:

• Validate your Duo Devices This will display the device and phone numbers you have registered with Duo Two-factor Authentication at BU. Any old devices associated with your account? You may want to remove them and make sure all your information is up to date.

• Check your BU Password Health This will display the age of your BU password. The longer you keep the same password, the more likely it is to be captured or guessed. Had the same password for a year or more? It might be a good time to change it!

• Check for Data Breaches This will display anywhere that your BU email address has been known to be associated with a data breach. Has your account been part of a password data leak? You’ll want to update your password ASAP!

After reviewing the information provided, take action! Addressing even one of the findings will help protect you and Boston University.

Security Heroes: Check out this week’s honoree Lauren Kehoe, and learn more by visiting the Security Hero website. Have a security hero we should hear about? Email us at buinfosec@bu.edu.

Save the date and register: Friday October 29, 2021 from 1pm -2:30pm, the School of Public health, BUMC IT & IS&T will host “Cyber Attacks & the Threat Landscape” led by Doug Domin, FBI Boston. For more information and to register for this Zoom event visit: https://www.bu.edu/tech/support/information-security/cam/events/

Week 2: October 5, 2021

Week 2: October 13th, 2021

Ransomware

Let’s talk about Ransomware! Ransomware is a type of malicious software (or “malware”) designed to block access to your files and sometimes threatening to release your files to the public until a sum of money is paid.

Ransomware targets individuals as well as organizations of all sizes. Ransomware attacks are becoming more common in the United States. They accounted for 30% of all U.S.-based cyberattacks reported to and confirmed by Verizon data breach researchers in 2020, more than double the rate for the world.

The chances of infection can be significantly reduced by using antivirus or end point protection software such as Crowdstrike. Ransomware infections can occur in various ways, such as software downloads through an attachment or via hyperlinks, making it essential to stop and think before opening an attachment or clicking on a link.

Security Action to Take This Week Download Crowdstrike End Point Protection to help protect yourself from ransomware. It’s free of charge for all students, faculty, and staff for their personal laptop or desktop computers. Crowdstrike is the next generation of antivirus protection replacing McAfee. Note: If you’re using a BU managed device, we’re already protecting you!

Here are some tips to keep you safe from Ransomware:

Keep all software up to date, including operating systems and applications.

Back up your data regularly.

Don’t open attachments or links from unknown sources.

Use multifactor authentication (a reminder from last week).

Report it! Contact the IT Help Center (or your college or department’s local IT support) before taking any action if you find yourself victim to a ransomware scam.

Resource of the Week: Leverage our Ransomware Guide slide deck to educate yourself or your team.

Security Heroes: Check out this week’s honorees Billy Hajjar & Heather Gillis, and learn more by visiting the Security Hero website. Have a security hero we should hear about? Email us at buinfosec@bu.edu.

Don’t forget: Today and Thursday the Shred + Recycle Event is happening! For more information on this event and Cybersecurity Awareness Month visit bu.edu/infosec.

Week 1: October 5, 2021

Week 1: October 5, 2021

Multifactor Authentication

Dear Faculty, Staff, & Students,

Happy October! Every October, in alignment with Cybersecurity Awareness Month, the BU Information Security Team reaches out weekly to communicate a security topic of importance to the BU community. Let’s kick off the month with our first suggestion on how you can participate in Cybersecurity Awareness Month and help protect yourself and Boston University.

Security Action to Take This Week: Add multifactor authentication to your online accounts whenever possible.

At BU, we’re protecting our online system and accounts with Duo Two-Factor, and you’re probably already using it! It’s extremely easy to use and adds a significant amount of protection to your account. Multifactor authentication protects your passwords. If your password is hacked through phishing, data leaks or guessing – multifactor authentication steps in to save the day and shut down unauthorized access to your account.

Here are some tips to take advantage of multifactor authentication at BU:

Use the Duo App: Using the Duo App for your smartphone is the best and most secure option. It’s simple and easy to use, provides clear information about the source of the request, and it saves the university money over the phone call and text options. Download Duo at the Apple App Store or Google Play and start using it ASAP!

Make sure your information is up to date: It’s critical to ensure that you know what devices and phone numbers Duo has associated with your account. To view this information, run the Terrier Cybersecurity Checkupand make sure devices are up to date and activated. Be sure to remove any that you no longer use or own.

Contact the IT Help Center if you lose your mobile device: The IT Help Center can remove your connected device ensuring someone isn’t able to access your accounts if they have possession of your phone or tablet.

It’s important to not only use multifactor for work or school, but to use it on all your personal accounts. If personal accounts are breached, it can also impact all our other online accounts. We can’t list everything you might use, but here are some support pages for using multifactor authentication with popular social media services:

Facebook

Instagram

Twitter

LinkedIn

Snapchat

Your most important online account might be your bank! Most banks now offer some form of enhanced login security. Contact your bank for more information.

Resource of the Week: Check out Boston University Security 101 a guide for protecting yourself and educating your team on cybersecurity best practices including multifactor authentication.

Security Hero: Check out this week’s honoree Tasha Coughlin and learn more by visiting the Security Hero website. Have a security hero we should hear about? Email us to nominate them at buinfosec@bu.edu.

Don’t forget: The Shred + Recycle Event takes place next week starting on Tuesday October 12th. For more information on this event and Cybersecurity Awareness Month visit bu.edu/infosec