Travel Security

December 9, 2025

  • Update Everything: Make sure your devices and apps are running the latest software and security patches.
  • Back It Up: Save important files to secure cloud storage or an external drive before you leave. Check out BU’s cloud file storage options.
  • Skip Public Wi-Fi: Use your phone’s hotspot or a trusted VPN instead of airport, hotel, or café Wi-Fi.
  • Protect Your Devices: Enable password or biometric (fingerprint) locks and set up remote wipe features in case something gets lost.
  • Turn Off When Not in Use: Disable Bluetooth, Wi-Fi, and location services when you don’t need them.Think Before You Share
    Be mindful about posting travel plans or location updates on social media. Oversharing can inadvertently reveal personal details—or even hint that you’re away from home.

    Bonus Tip: Consider an RFID-blocking wallet or bag to protect cards and passports from digital skimming.

    No matter where your holidays take you, staying alert and proactive can help you avoid digital headaches along the way. For more cybersecurity resources, visit BU Global Programs’ Using Technology Abroad page or visit our Securing Your Devices page.

    Stay safe online—and happy holidays!

BU Security Advisory

December 3, 2025

  • BU Posting: Make a Difference from Home
  • BU Posting: Remote, Flexible Opportunity with BIS
  • BU Assistance Program: Support for All Employees
  • Unsolicited or Too-Good-to-Be-True Offers If you didn’t apply for the job or the pay seems unusually high for the work described, it’s a major red flag.
  • Pressure to Act Quickly Scammers often push you to respond immediately or accept the offer right away. Real employers give you time to review details and ask questions.
  • Requests for Personal or Financial Information Legitimate employers, including anyone from BU, will never ask you to provide bank info, Social Security numbers, or copies of your ID via email or text during early outreach and they will never ask for payment to secure a position.
  • Be cautious of ALL unsolicited job offers sent to your inbox.
  • Verify all job postings with the source directly. For students, visit the Student Employment Office and check out the BU Center for Career Development page on Avoiding Job Scams. Faculty and staff can visit and contact the BU Human Resources page.
  • Never share personal or financial details over email with unknown senders.
  • Report suspicious emails by forwarding to abuse@bu.edu.If you have already responded to one of these messages, please stop communication immediately, and contact ithelp@bu.edu or 617-353-HELP for assistance. If you’ve provided banking and financial information, contact your bank right away.

    Stay vigilant—scammers count on distraction during the holidays and new semester. We appreciate your help in keeping our community secure.

BU Holiday Phish Guide

November 18, 2025

  • Fake Shopping Sites: Scammers are masters of disguise—especially when it comes to fake retail websites offering “flash sales” or 90% off deals. Always double-check the URL before entering your payment info. If it looks fishy, it probably is!
  • Delivery Scams: “Your package couldn’t be delivered!” emails and texts may actually be bait. Don’t click those tracking links—go straight to the retailer’s or carrier’s official website to check your order status.
  • Gift Card Grinches: If your “boss” or “professor” emails asking you to buy gift cards, step away from the checkout. Always verify suspicious requests through another channel—no one needs iTunes cards that badly.
  • Festive Freebies: Online giveaways, prize notifications, and “free” streaming offers are often just hooks for malware or identity theft. Skip the too-jolly-to-be-true offers.
  • Shop Smart: Type in store URLs yourself instead of clicking links in emails or ads. Look for the padlock icon 🔒 in your browser before entering payment info, and avoid shopping on public Wi-Fi.
  • Got a shiny new phone, laptop, or smartwatch: Before you dive in, update it! Install software updates right away to patch any security holes.
  • Spread Cheer, Not Malware: Share these tips with classmates, colleagues, and family—because nothing says “happy holidays” like keeping everyone’s data safe and sound!

We’re always here for you, explore cybersecurity tips and resources on the Information Security page or reach out to us at buinfosec@bu.edu.

Sustainable Cybersecurity Habits

October 28, 2025

As we wrap up Cybersecurity Awareness Month, this week’s theme is about building sustainable, practical cybersecurity habits that students, faculty, and staff can use every day.

Strong cybersecurity isn’t about one-time actions—it’s about consistent, mindful choices that help safeguard your personal information, research, and the University’s digital community.

Here are a few everyday habits to keep your online life secure:

  • Pause before you share: Think carefully about what personal or institutional information you post or send online.
  • Use secure networks: Connect to BU’s official Wi-Fi (eduroam)

or the BU VPN when off-campus and avoid public Wi-Fi for sensitive work.

  • Check your accounts regularly: Review your sign-ins and account activity for anything unusual.
  • Back up your data: Save copies of important files to secure cloud storage or encrypted drives. Check out BU’s cloud file storageoptions.
  • Lock your devices: Even a few minutes unattended can expose your information—always lock your screen when stepping away.

Some tips from the team:
“Really pay attention to websites you visit before entering your username and password and always keep your computers and devices updated and patched,”  Tom Grundig, Director, Information Security.

“When handling other people’s data, think of it as your own, and treat it with the same care you would expect,” Eric Jacobsen, Assistant Vice President & CISO.

These small, repeatable habits make a big difference. By staying aware and intentional, you help protect not just your own information—but the entire BU community.

We’re always here for you, explore cybersecurity tips and resources on the Information Security page or reach out to us at buinfosec@bu.edu.

Phishing & Social Engineering

October 21, 2025

Phishing remains one of the most common—and costly—cybersecurity threats facing universities today. Attackers continue to refine their tactics, making messages look more convincing than ever. In 2025, phishing scams increasingly use AI-driven language, impersonate trusted colleagues, and even mimic familiar platforms and services. Their goal is simple: to trick you into clicking, sharing sensitive information, or downloading harmful files.

At Boston University, we are committed to protecting our community and our shared digital environment. You play a vital role in that effort. By staying alert and practicing safe online habits, you help safeguard not only your personal information but also our collective research, academics, and data.

How to Spot and Stop Phishing in 2025:

  • Check the sender carefully.Look for subtle misspellings or unusual addresses.
  • Watch for unfamiliar senders. If you see a notice like “You don’t often get mail from this sender”in your email, take extra caution—this alert means the message is coming from someone outside your usual contacts and could be a phishing attempt.
  • Pause before you click.Hover over links to preview their destination.
  • Watch for urgency.Scammers often push you to “act now” to create pressure.
  • Report suspicious emails.Forward them to abuse@bu.edu so IS&T can take appropriate action and look for reported phish in the BU Phish Bowl!
  • Trust your instincts.If something feels off, it probably is.

Phish tactic to watch out for in 2025: Attackers are using malicious SVG image files that look harmless but contain hidden code to steal login credentials by redirecting users to fake campus or research portals. Treat SVGs like active files, not pictures—avoid opening unexpected attachments and never sign in through a file that opens a login page.

Together, we can stay ahead of evolving threats. This Cybersecurity Awareness Month, let’s recommit to vigilance and make BU a safe place to learn, research, and work. Visit the BU Phish Guide for even MORE information on staying safe online.

Thank you for being a strong link in BU’s cybersecurity chain.

Public WI-FI & safe remote work 

October 14, 2025

For our third installment of Cybersecurity Awareness Month, we’re focusing on a topic you asked about in our survey: Public Wi-Fi Risks & Safe Remote Work—secure practices for coffee shops, airports, and hotels.

Many of us study or work from these locations. While convenient, public Wi-Fi carries real risks—from eavesdropping on your data to fake “look-alike” networks set up to steal your login information. Protect yourself and the BU community with these secure practices:

Safe Remote Work on Public Wi-Fi

  • Use the BU VPN: Always connect to BU’s Virtual Private Networkbefore accessing University systems or sensitive data. A VPN creates an encrypted connection, protecting your information from snooping.
  • Verify the network: Ask staff for the official Wi-Fi name to avoid connecting to malicious look-alike networks.
  • Use your hotspot when possible: Your phone’s hotspot is safer than open Wi-Fi.
  • Keep devices updated: Install security updates promptly to close vulnerabilities attackers often target on shared networks.
  • Don’t leave your device unattended: Keep your laptop or phone with you—physical security matters too.

Handling sensitive data?
If you’re working with confidential, sensitive, or restricted-use data outside of BU, review the Minimum Security Standards Policy for guidance on how to safely handle and store it on your devices and visit our Resources for Working Remotely info page.

Cybersecurity starts with you—this October and beyond.

AI Security 101: Tips for everyday use

October 6, 2025

Artificial Intelligence (AI) tools are becoming an everyday part of research, learning, and work. While these technologies can be powerful resources, it’s important to use them safely and responsibly. Practicing good online security habits when interacting with AI helps protect you, University data, and our BU community.

Here are a few practical habits to keep in mind:

  1. Protect Personal Information: Never share sensitive data such as your BU password, or personally identifiable information such as credit card details, tax information, and especially Social Security numbers with AI tools.
  2. Use Approved AI Apps: Don’t use or enter University data to unapproved AI platforms. Always use University-supported tools, for example Terrier GPT.
  3. Think Before You Click: Links or files suggested by AI should be approached cautiously. Hover to preview URLs on your PC or laptop or press and hold links to preview on a smart phone, and only download from trusted sources.

By following these simple practices, you can enjoy the benefits of AI while reducing the risk to your data. For more guidance, visit AIDA Guidance.

Thank YOU for helping us maintain a safe and responsible digital environment.

Shred + Recycle Events start TOMORROW

Got old papers or hard drives lying around? Protect your info and the planet at the Fall Shred + Recycle events, Tuesday October 7th on Talbot Green & Wednesday 8th behind Sargent College. In partnership with BU Sustainability, we’re offering a safe and secure way for all students, faculty, and staff to dispose of documents, hard drives, and more. Check out the event page to see what you can shred and recycle.

Welcome Cybersecurity Awareness Month 2025

October 1, 2025

October is Cybersecurity Awareness Month

Cybersecurity threats are evolving fast, but so are we. This October, let’s recommit to protecting our digital world—our research, our academics,  and our personal data. Staying alert to scams, online threats, and other risks helps keep both you and our University community secure.

All month long, BU Information Security will share tips, tools, and resources to help you spot threats and strengthen your online safety. From phishing red flags to password best practices, every small step you take builds a stronger, safer campus.

Your role matters. Whether it’s pausing before clicking a suspicious link or using unique, strong passwords, your choices help create a culture of cybersecurity awareness at BU. Together, we can protect what matters most. Visit bu.edu/infosec (make sure you hover and validate that link) for resources and updates.

What actions can I take to kick off the month?

Shred + Recycle Events NEXT WEEK

Got old papers or hard drives lying around? Protect your info and the planet at the Fall Shred + Recycle events, Tuesday October 7th on Talbot Green & Wednesday 8th behind Sargent College. In partnership with BU Sustainability, we’re offering a safe and secure way for all students, faculty, and staff to dispose of documents, hard drives, and more. Check out the event page to see what you can shred and recycle.

Welcome Back to School Tips 

September  18, 2025

Save the Dates and gather your goods for the Shred + Recycle Events – October 7th & 8th

Welcome back, Terriers! A new semester means new opportunities—and new scams.Stay sharp and protect your personal info with these quick security tips:

  • Duo: Only approve login requests you send yourself. If one pops up unexpectedly, hit Deny and mark it as suspicious.
  • Job scams: Be cautious of offers that seem “too good to be true.” Verify before sharing personal info or making payments.
  • Links: Hover over links on laptops and PCs, press and hold on mobile, to preview URLs and verify before clicking.

Stay informed with the BU Phish Bowl and reach out anytime at ithelp@bu.edu.

Have a safe and secure start to the year!

BU Security Advisory: Fake Job Offer Emails

September 8, 2025

Dear Boston University Community,

At the start of each semester, scammers often target students with phishing communications (email or text) advertising fake job opportunities. Recently, messages claiming to come from “Boston University Student Services” or “Department Heads” have been circulating. These emails may look official, but they are fraudulent.

A recent example included (check out the BU Phish Bowl for detailed examples):

  • Offering a “Research Assistant” position paying $370 per week
  • Claiming to be from “BU Student Services”
  • Asking students to reply with personal details to a non-BU address

Red flags to watch for:

  • Messages from non-bu.edu email addresses (e.g., Gmail, Yahoo, Outlook)
  • Job offers that arrive unexpectedly or sound too good to be true
  • Requests for personal information, banking details, or payment up front
  • Poor grammar, spelling mistakes, or unusual formatting

How to protect yourself:

  • Be cautious of unsolicited job offers sent to your inbox.
  • Verify all job postings through a trusted source like the Student Employment Office. Visit the BU Center for Career Development page on Avoiding Job Scamsfor more info.
  • Never share personal or financial details over email with unknown senders.
  • Report suspicious emails by using forwarding to abuse@bu.edu

If you have already responded to one of these messages, please stop communication immediately, and contact ithelp@bu.edu or 617-353-HELP for assistance. If you’ve provided banking and financial information, contact your bank right away.

Stay safe and keep an eye out—scammers take advantage of busy times like the beginning of the semester. Thank you for helping us keep the BU community secure.

Let’s hear from you! 

August 19, 2025

In today’s digital world, keeping our online spaces safe matters more than ever. Good cybersecurity helps protect everything from our personal info to BU resources and University data.

This past academic year, we communicated o the BU community on IoT security, navigating LLMs safely, BU security policies, phishing, data privacy, home online security, travel security, AI security, and celebrated World Password Day together! We want to make sure we’re talking about the cybersecurity topics that matter most to you. Tell us what you’d like to learn more about this year—whether it’s tips and tricks, new threats to watch for, or tools to protect yourself.

Take a quick moment to voice what cybersecurity topics are most important to you in our one-question Information Security Awareness survey in BU Qualtrics. Your input is essential in helping us enhance our online security efforts and keep our community safe.

AI Security Tips 

July 30, 2025

As artificial intelligence tools become more integrated into our academic and administrative work, it’s important to approach their use with security and privacy in mind. Whether you’re using AI for research, teaching, or operational tasks, understanding the potential risks helps protect both personal and University data.

  1. Interact with reputable platforms. Choose AI tools that comply with University data security and privacy policies. For more information, visit the AI Tools page. When possible, use University-supported platforms with appropriate safeguards in place, like TerrierGPT which recently launched!
  2. Be cautious with sensitive information. Avoid sharing confidential or personally identifiable information—such as student records, unpublished research, or login credentials—with AI tools IS&T has not approved, especially public or commercial platforms. Once entered, this data may be stored, used to train future models, or be at risk for exposure in a potential data breach. If you have questions about data classification and which AI tools IS&T supports, visit the AIDA website for more information.
  3. Verify before trusting. AI-generated content can appear credible but may contain inaccuracies or fabricated information. Always verify responses—especially citations, data, or code—before relying on them in your work. Use AI as a support tool, not exclusively as a final authority.

By taking these precautions, you can make the most of AI’s benefits while minimizing risks to yourself, your classmates and colleagues, and the University.

Travel Security

June 24, 2025

As many of us head out for summer travel, it’s important to keep your personal and University data secure—no matter where your adventures take you. Here are a few simple tips to help protect your digital life while you’re on the go:

Avoid Public Wi-Fi: Use a secure hotspot or VPN instead of public Wi-Fi networks, which can expose your data to cybercriminals.

Update Before You Go: Make sure your devices and apps have the latest security updates installed.

Be Cautious with Lost Devices: Enable password protection and remote wipe capabilities on your phone, tablet, or laptop in case they’re lost or stolen.

Disable services such as Bluetooth, Wi-Fi, and GPS when they are not needed.

Be careful about the amount of information you are sharing on social media. You may be providing public answers to your security questions or public information about your absence from home. Lock down your privacy settings and be mindful of who has access to what information.

Consider using RFID-blocking wallets or bags to protect cards and passports from skimmers.

Whether you’re traveling near or far, a few extra precautions can go a long way in keeping your information safe. For more tips and resources, visit BU Global Program’s Computer and Personal Information safety page or the Information Security page. Stay safe online and enjoy summer!

World Password Day

May 1, 2025

Happy World Password Day, Terriers!

Did you know today is World Password Day? First launched by Intel in 2013, this day reminds us all that strong, secure passwords are essential for protecting our digital lives—especially our BU accounts. Passwords are often the first line of defense against cyberattacks, so it’s a great time to check in on your password habits.

Not sure how to celebrate? Here are three quick ways to boost your BU account security today:

  • Give your security a checkup—Terrier-style Log into the Terrier Checkup App and review your dashboard to see how long you’ve had your current password. If it’s been a while, World Password Day is the perfect time for a refresh.
  • Refresh Your BU Password Thanks to self-service options, updating your BU password is faster and easier than ever—just make sure your personal email is up to date. Scroll down to ‘Helpful Links’ and click on Update My Personal Information or Reset My Password!
  • Let a password manager do the remembering for you Think of it as your digital vault. A password manager remembers your strong, unique passwords so you don’t have to—and keeps them safe, too. Read up on password managers from the National Cybersecurity Alliance.

And one last tip: your BU password should be unique. Avoid reusing passwords from other accounts.

Stay secure out there—and Happy World Password Day from the BU Information Security Team!

Tax Season Safety

April 7, 2025


As tax season approaches, it’s important to remain vigilant against phishing scams that often intensify during this time of year. Cybercriminals frequently target university communities with deceptive emails and phone calls in an effort to steal sensitive personal and financial information.

Here are some tips on how to protect yourself:

Be Cautious of Unexpected Tax-Related Emails

  • Scammers may send emails that appear to be from legitimate institutions like the IRS or the university, asking for personal or financial details. Always verify the source before clicking on links or opening attachments. The IRS will never initiate contact via email or text.
  • If you receive an email from a “tax agency” requesting immediate action or payment, do not respond. Legitimate organizations will not ask for sensitive information via email.
    Check the Email Address Carefully

Look closely at the sender’s email address

  • Phishing emails may appear to come from legitimate sources but have small alterations in the domain name (e.g., “.com” instead of “.edu”).
  • If in doubt, contact the supposed sender using a trusted phone number or official website to confirm if the email is legitimate.

Do Not Share Personal Information Over Email

  • Avoid sending sensitive information (like your social security number, bank account details, or tax ID) through email. Universities and official tax agencies never request such information via email.

Beware of Threats or Urgent Requests

  • Scammers may create a sense of urgency, saying your tax refund is at risk or you owe back taxes. They may threaten legal consequences if you don’t act immediately.
  • Take a moment to think before responding to such messages. Contact the relevant institution directly through official channels to verify the information.

Report Suspicious Emails

  • If you receive a suspicious email, do not open any attachments or click any links. Report it by forwarding it to abuse@bu.edu.

Additional Resources:

  • The BUPD’s Safety Tips & Resources guide to protecting yourself from, and reporting, fraud (scroll down to the site’s “Fraud” link).
  • Visit the BU Phish Bowl for recent scams reported at BU.

We urge you to stay aware and practice caution when dealing with tax season communications. If you are ever unsure about the legitimacy of a message, do not hesitate to verify it before taking any action.

Be Vigilant: New MS Word Attack

May 30th, 2022

There is a newly discovered vulnerability in MS Word (and likely other MS Office apps) that could install malware on your computer. All faculty, students, and staff and encouraged to be especially vigilant about opening any attachments.

Named the Follina MSDT zero-day attack, it is unlike most malware downloads. This exploit can be triggered with a hover-preview of a downloaded file that does not require any clicks (post download).

This is a 0-day attack that sprung up out of nowhere, and there’s currently no patch available as of now. This 0-day features remote code execution (attacks that allow an attacker to remotely execute malicious code on a computer) and bad actors can elevate their own privileges and potentially gain “god mode” to your computer.

Because this malicious code is as simple as opening up a Word doc—in preview mode, we the BU community to again, be extremely vigilant making sure you verify the sender of an email, the timelines & context (were you expecting an attachment) and stop and think. Take a moment to verify the validity of the email message can protect you until a patch is released!

Stay safe and read more: https://www.sans.org/blog/follina-msdt-zero-day-q-a/https://www.wired.com/story/microsoft-follina-vulnerability-windows-office-365/

Security Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

April 20th, 2022

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

All faculty and staff should remain vigilant in the face of this ongoing threat.

Click here to find out more and read this advisory on the Cybersecurity & Infrastructure Security Agency’s website.

BU Information Security

The Spring 2022 Shred and Recycle Event

April 8th, 2022

Dear Faculty, Staff & Students,

In partnership with BU Sustainability – BU Information Security is excited to host the Spring Shred & Recycle event from April 26th thru April 28, 2022. These are open to all faculty, staff, and students to safely and securely dispose of documents – especially those papers with personal or sensitive information – and hard drives. You can also recycle batteries, lightbulbs, toner, electronics and cords.

How do I know when I can dispose of Boston University documents?
This is a great opportunity to consult the University’s Record Retention Policy https://www.bu.edu/policies/record-retention/. This policy assists University staff responsible for the creation, storage and maintenance of records, (physical and electronic), and clearly defines how Boston University requires records are handled to ensure legal requirements are met, preserve their availability, and to destroy outdated records.

Do some spring cleaning on your office filing cabinets, desk drawers, and dorm rooms and get ready to visit us at:

CRC East Kenmore Parking Lot 549 Comm Ave:
Tuesday April 26, 2022 from 10:00am-1:00pm

CRC West Agganis Arena Parking Lot 925 Comm Ave:
Wednesday April 27, 2022 from 10:00am-1:00pm in the parking lot behind Agganis Arena

BUMC Talbot Green 715 Albany St:
Thursday April 28, 2022 from 10:00am-1:00pm in front of the Talbot Building

Take this chance to protect identities, destroy confidential data, and recycle all at the same time! There is no limit to the amount you can shred and recycle.

You can find information on the Shredding Event, plus other helpful materials on our Information Security webpage here.

Security Advisory: Google Chrome and Microsoft Edge release update to patch security vulnerability

March 29th, 2022

There is a significant flaw in Chrome (CVE-2022-1096) that was announced on Friday, March 25th and has since been featured in the news. This one has received attention because there is an exploit available for it amid higher global tensions. The bug is also in shared code that is used in Microsoft Edge, which may potentially impact a lot of browsers. Now that a patch is out, the risk is mitigated by the fact that browsers are generally configured to update themselves by default. In some cases, it may be necessary to restart the browser.

To check your version:

Chrome:

Chrome needs to be updated to version 99.0.4844.84 or newer.

To find your version for Chrome:

1. Click on the vertical triple dot menu on the right hand side of the address bar
2. Pick Settings
3. On the left hand side of the page it brings you to, pick “About Chrome”
4. If it’s not up to date, it should invite you to update it. It may be necessary to restart the browser.

Edge:

Edge needs to be updated to version 99.0.1150.55 or newer

To find your version of Edge:

1. Click on the horizontal triple dot menu on the right hand side of the address bar
2. Pick “Help and Feedback”
3. Pick “About Microsoft Edge”
4. If it’s not up to date, it should invite you to update it. It may be necessary to restart the browser.

Find more information here

Security Advisory: Beware of Fraudulent Duo Prompts!

March 16th, 2022

Dear Students, Faculty, and Staff,

We write to alert you to a new level of phishing attack that is currently being launched against Boston University and several other institutions across the country. This attack exploits some Duo multifactor authentication options. Please review this advisory carefully.

The attacks will typically begin as an email with a generic subject, such as “An important message from BU”, containing a link which takes you to what looks like the BU WebLogin page, but upon closer inspection, does not have the correct bu.edu address, nor does it have a secure (https) connection. If a BU login name and password is entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode. If you respond, the attacker will gain control of your account.

Interface of the Two-step BU login: login and password in first prompt, and Duo verification passcode in center field on second.

Here’s how you can protect yourself:

Use Duo effectively

• Whenever possible, use Duo Push through the mobile app – it is the most secure option.

• NEVER authorize a prompt or call you did not initiate whether it’s through the phone or a push, click on “Deny”!

• Never provide another person with a Duo authorization passcode.

Look at the link

• Before clicking on any link, verify the link by hovering over it to display the destination web address.

• Be suspicious of any e-mail with a link that takes you directly to an authentication page.

• Verify that any site asking for authentication via the web uses a ‘bu.edu’ address, with https://shib.bu.edu/, https://adfs.bu.edu/, and https://weblogin.bu.edu/, being the most common.

• The URL should always start with https://. The “s” is critical – it means “secure”.

If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:

• Change your BU password immediately: https://weblogin.bu.edu/accounts/changepw

• Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.

Two factor authentication remains the most effective mechanism to deter the use of stolen passwords. However, there will always be bad actors looking to break through even the most robust defenses. Following the tips above will keep your account, and Boston University, secure and protected.

BU Information Security

Security Advisory: Shields Up Advisory & Reporting a Security Incident

February 24th, 2022

Dear Faculty, Students & Staff,

As has been reported in the national news media, the United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a call for heightened vigilance against cyber-attacks due to recent actions of Russia related to Ukraine. Termed “Shields Up,” CISA has advised that we lower reporting thresholds and take various other steps, all of which are consistent with BU cybersecurity practices. We are actively engaged in a heightened level of threat monitoring, remediation of vulnerabilities and compromised accounts, as well as preparation to major incident handling. We have also taken steps over the past years to increase our resilience, like expanding the use of Duo multifactor authentication.

We encourage anyone who is aware of a potential cybersecurity vulnerability or event affecting Boston University accounts, computers, or networks to report all available information. Please contact your BU IT support organization or ithelp@bu.edu any time that you think you may have observed a cybersecurity vulnerability or event. Here are some things to look for:

• Someone else appears to have access to your accounts or devices, as evidenced by changes to your account, records, files, or email that were not made by you.

• You can view personal information you do not think you should be able to see.

• Your computer is behaving as if someone else has control over it, such as the cursor moving, the camera being turned on, or text being typed.

• Someone outside of your known IT support contacts you and seeks your assistance in gaining access to your system or otherwise bypassing security controls.

• You have found a way to circumvent a Boston University cybersecurity system.

To report an incident, contact your organization’s IT team or contact the IT Help Center at ithelp@bu.edu or by calling 617-353-HELP (4357). For more information visit: https://www.bu.edu/tech/services/security/cyber-security/sensitive-data/reporting/.

Thank you for your help in keeping Boston University cybersafe!

BU Information Security

CISA Releases Guidance on Protecting Organization-Run Social Media Accounts

December 9th, 2021

CISA has released Capacity Enhancement Guide (CEG): Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts—including accounts used by federal agencies—could spread false or sensitive information to a wide audience. The measures described in the CEG aim to reduce the risk of unauthorized access on platforms such as Twitter, Facebook, and Instagram.

To read more click here to read the report on the Cybersecurity & Infrastructure Security Agency’s website.

How to Back Up Your Computer

September 29th, 2021

When was the last time you backed up all your important documents and photos? Last month? Last year? Never? Setting up a good backup system can seem time-consuming and intimidating, but it’s neither. Anyone can do it, and everyone should. In less than 15 minutes you can have a system that backs up your files automatically—both to an external drive and to encrypted cloud storage—without any regular action from you.

Click here to read more on the New York Time’s latest wirecutter article.

BU Information Security