As Cybersecurity Awareness Month draws to a close, we’re covering one last topic for October: policies. Although they’re not the most exciting topic to discuss, they are essential to the University. Boston University policies help connect our daily activities with the University’s mission by setting expectations and clarifying processes for individual members of our community.
There are hundreds of policies throughout the University. The first step to learning more about these policies is to know where to find them. The BU policies page is a comprehensive resource for all University policies. It’s extremely easy to navigate and you can filter by category including Privacy and Security. You can also see a list of the technology related policies on TechWeb.
We’re not going to list all the policies, but let’s highlight some of our favorite security policies for Cybersecurity Awareness Month:
Acceptable Use of Computing Services Policy Updated for 2023. This policy requires you to use computing services in an efficient, ethical, and legal manner in accordance with their intended use and your assigned access rights. This helps ensure that the University’s computing services remain available without interruption to all members of the community. All members of the BU community have agreed to this policy as a condition of using your BU Account.
Access to Electronic Information Policy This policy establishes the limited, exceptional situations in which access to a BU community’s members electronic information (email, calendar, files, or network access logs) can be accessed. It also states that BU does not routinely monitor this information!
Knowing where to find resources and policies is an essential piece of cybersecurity awareness. In the pursuit of stronger security for BU and beyond, we hope you take away useful information from our series.
LLMs: October 24, 2023
As we continue with our Cybersecurity Awareness Month series, let’s discus the latest buzz in Artificial Intelligence (AI), Large Language Models or LLMs and the security risks associated with using them.
LLMs are a type of AI that can perform natural language processing tasks by processing massive amounts of information to understand existing content and generate original content. LLMs can perform tasks such as generating, summarizing, or rewriting content, organizing content, and conversing naturally with a user. These became popular about a year ago with ChatGPT, but there are several available including Google Bard and Microsoft Copilot. You may even be using some behind the scenes that you don’t even know are there.
One significant concern you should have when using LLM technologies is the privacy of any data you put into the system. You should avoid sharing confidential or personally identifiable information with services like ChatGPT and Google Bard because every piece of information you provide to an LLM, including the questions you ask, are potentially added to its data bank! The information you provide may be discoverable by other consumers of the platform.
From a security perspective, if you install a mobile application on your device to access ChatGPT or other LLMs you should make sure you keep these clients, as well as your web browser, up to date. You should also be aware that malicious individuals may use ChatGPT’s ability to impersonate others, write flawless text, and create code to create better phishing messages, interact in a convincing way, and to create malicious programs. These may be used to conduct more sophisticated scams to get access to your account and/or money.
Finally, there are also concerns around the ethical use of LLM platforms. For insight on how LLMs affect higher education ethically, we consulted BU’s own Associate Professor of the Practice of Computing & Data Sciences, Kevin Gold. For more on our conversation with Professor Gold, visit bu.edu/infosec.
You can also register to attend this Thursday’s Provost Workshop: ChatGPT and other Generative AI (Oct. 26, 3-5 p.m. at Hiebert Lounge), or check out our Digital Learning & Innovation’s Generative AI in Education Info Series.
Internet of Things: October 12, 2023
The Internet of Things, or IoT, refers physical devices or “things” that contain sensors, software, and connectivity capabilities, allowing them to collect and exchange data with other devices over the Internet. These devices can be everyday items like wearable devices, household appliances, vehicles, and industrial equipment. Networking these devices together enhances efficiency, convenience, and functionality in various aspects of our lives, from smart homes and cities to healthcare and industry applications. If you own a FitBit, Apple Watch, Whoop, Google Home, or Phillips Hue lightbulb you are part of the IoT world. Have you stopped to think about how many IoT devices do you own?
With this convenience and connectivity comes risk. Because of IoT device’s connection to the Internet, they can become points of entry for cyber attacks. With the world of IoT devices expanding rapidly, securing these devices is crucial for mitigating cyber threats to your personal data.
Here are our top four tips for securing your IoT device:
- Update Often: Update your device right out of the box and continue to do so. Many data breaches are caused by simple cases of unpatched software. Schedule automatic updates whenever possible, and if not, make sure to check for updates regularly and apply these updates as soon as you can.
- Update default passwords and credentials: Many devices are shipped with a vendor-supplied default password. Cybercriminals can easily gain control of these devices. Update the login credentials, right out of the box!
- Connect to a secure network: Use a private, password protected wireless network whenever possible. For more information on allowed devices and registering a device at BU, visit Devices & Registration.
- Buy from a reputable source: We all want the best deal, but purchasing a device from a trustworthy brand will help ensure security and maintenance is a priority.Now that you can defend your coffee mug get ready to shred! Collect your sensitive documents, old hard drives, e-waste and more and join us next week, Tuesday October 17th to Thursday October 19th at our Fall Shred + Recycle Events.
Cybersecurity Awareness Month: October 3, 2023
Week 1: October 3, 2023
Cybersecurity Month Kicks Off!
As we usher in the month of October, the Boston University InformationSecurity Team would like to announce the commencement of CybersecurityAwareness Month. This initiative aims to elevate our collective awareness of cybersecurity issues and foster a safer digital environment for all members of the BU community. For more on the origin of CybersecurityMonth, visit our BU Cybersecurity Month page.
In an age where technology plays an integral role in how we interact with the University daily, it is imperative that we remain vigilant and proactive in safeguarding our digital assets and personal information.
Throughout the month of October, we will communicate to educate and empower our students, faculty, and staff to take control of their digital security and protect University Data.
Here’s how you can participate in Cybersecurity Awareness Month at BU:
- Take a BU security training: BU trainings in Cybersecurity Foundations, Phishing, and ransomware can be accessed via our BU Security Resources page.
- Login for a cybersecurity checkup: Visit the Cybersecurity Checkup App for more insight into you BU digital account!
- Shred with us: In partnership with BU Sustainability, BU InformationSecurity is excited to host the Fall Shred + Recycle events from October 17th to October 19th. Open to all faculty, staff, and students to safely & securely dispose of documents (any and all paperwork, especially those papers with personal or sensitive information), hard drives, and more! To read up on what you can shred + recycle visit the Fall Shred event.
For even more this month check out:
Our commitment to cybersecurity extends beyond October. We encourage everyone to adopt a proactive mindset when it comes to online security, and we will continue to provide resources and support throughout the year.
Stay secure, stay vigilant, and celebrate Cybersecurity Awareness Month with us by doing at least one thing to fine tune your cybersecurity sills at BU!
BU Information Security Team
