{"id":116858,"date":"2018-09-28T16:47:56","date_gmt":"2018-09-28T20:47:56","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=116858"},"modified":"2020-07-23T14:43:19","modified_gmt":"2020-07-23T18:43:19","slug":"isaw2017","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/support\/information-security\/cam\/archives\/isaw2017\/","title":{"rendered":"National Cybersecurity Awareness Month 2017"},"content":{"rendered":"<h2><span style=\"color: #0000ff;\">National Cybersecurity Awareness Month 2017: October 2-6, 2017<\/span><\/h2>\n<p><a href=\"\/tech\/files\/2017\/10\/ISAWday5.png\"><img loading=\"lazy\" src=\"\/tech\/files\/2017\/10\/ISAWday5.png\" alt=\"ISAWday5\" width=\"300\" height=\"300\" class=\"aligncenter size-full wp-image-110522\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday5.png 300w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday5-150x150.png 150w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday5-100x100.png 100w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h3 style=\"text-align: center;\"><strong>Highlights of Security Awareness Week<\/strong><\/h3>\n<p>We covered several topics this week aimed at increasing security awareness and illustrating best practices. We hope you\u2019ll use this information to be good custodians to your own information as well as any information you collect on behalf of the University.\u00a0 We encourage you to engage Information Security (<a href=\"mailto:buinfosec@bu.edu\">buinfosec@bu.edu<\/a>) with any questions you may have and please visit our web pages for more information!<\/p>\n<ul>\n<li><strong>Protect Your Devices<\/strong><\/li>\n<\/ul>\n<p>It\u2019s important to make sure that all of your devices (computers, tablets, phones) are properly secured.\u00a0 Keeping your devices up to date and secured should be your first step at protecting your data and systems from being compromised.\u00a0 More information on securing your devices can be found <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/securing-your-devices\/\">here<\/a>.<\/p>\n<ul>\n<li><strong>Protect Your On-Line Identity<\/strong><\/li>\n<\/ul>\n<p>It is critical to learn how to protect yourself and guard your privacy. As we routinely see with companies having major data breaches (Equifax being the latest in a long list), your identity and even your personal information is out there, and could be at risk. Visit our site <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/how-to-fight-identity-theft\/\">here<\/a> for tips on keeping your online identity safe.<\/p>\n<ul>\n<li><strong>Don\u2019t fall for phishing emails<\/strong><\/li>\n<\/ul>\n<p>Phishing is one of the most common methods used for stealing your authorization credentials or infecting your computer.\u00a0 There are several tips to help you spot, and avoid, phishing emails documented <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/phishing\/\">here<\/a><\/p>\n<ul>\n<li><strong>Data Classification and Protection<\/strong><\/li>\n<\/ul>\n<p>The first step to making sure you are properly handing University data is to know how the data is classified.\u00a0 At BU, data is classified into four categories: Public, Internal, Confidential, and Restricted Use.\u00a0 Each category has its own set of criteria for how data can be used, stored, and shared.\u00a0 The University\u2019s <a href=\"http:\/\/www.bu.edu\/policies\/information-security-home\/data-protection-standards\/data-classification-policy\/\">Data Classification Policy<\/a> will help you easily identify the categories of University data in your possession.<\/p>\n<p>Once you know the data\u2019s classification, you can review the Data Protection Requirements and Minimum Security Standards to learn how you are expected to secure it.<\/p>\n<p>Think of your own personal data in the same context and keep your most sensitive data private and secured.<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Day 4: Know Your Data<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2017\/10\/ISAWday4.jpg\"><img loading=\"lazy\" src=\"\/tech\/files\/2017\/10\/ISAWday4-636x429.jpg\" alt=\"ISAWday4\" width=\"636\" height=\"429\" class=\"aligncenter size-medium wp-image-110501\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday4-636x429.jpg 636w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday4-768x517.jpg 768w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday4.jpg 932w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><\/a><\/p>\n<p>At Boston University, our data can be classified into 4 groups:<\/p>\n<p><strong>Public Data: <\/strong>Data that is disclosed to anyone regardless of affiliation.\u00a0 Examples &#8211; The published BU Directory, public websites<\/p>\n<p><strong>Internal Data: <\/strong>information that is potentially sensitive and is not intended to be shared with the public.\u00a0 Examples &#8211; procedural documentation, memos, meeting minutes<\/p>\n<p><strong>Confidential Data: <\/strong>Information that, if made available to unauthorized parties, may adversely affect individuals or the business of Boston University. This classification also includes data that the University is required to keep confidential, either by law (e.g., FERPA) or under a confidentiality agreement with a third party.\u00a0 Examples \u2013 FERPA data, BUID, salary information<\/p>\n<p><strong>Restricted Use Data: <\/strong>Any information that BU has a contractual, legal, or regulatory obligation to safeguard in the most stringent manner. Examples \u2013 Passwords, Social Security numbers, Driver\u2019s License numbers, Credit Card numbers, Financial Account Information, and HIPAA data<\/p>\n<p>Details on how protect our data are spelling out in our Data Protection Standards.<\/p>\n<ul>\n<li><span> <\/span>You can read more about data types and classification <a href=\"http:\/\/www.bu.edu\/policies\/information-security-home\/data-protection-standards\/data-classification-policy\/\">here<\/a><\/li>\n<li>Once you know how to classify your data, you can read our guidelines on how to properly secure your data <a href=\"http:\/\/www.bu.edu\/policies\/information-security-home\/data-protection-standards\/data-protection-requirements\/\">here<\/a><\/li>\n<\/ul>\n<p>You should think of your own personal data the same way.\u00a0 It is important to know what data should and should not be made public online.\u00a0 Always be mindful of what you consider your most sensitive data (social security number, banking info, passwords etc) and make sure you take extra precautions to secure this information.<\/p>\n<p>Information that is most critical to you (your own confidential and restricted use data) should never be shared online publically. Always keep your passwords private, and treat answers to your security questions the same. Always consider the information you\u2019re sharing online, including family and other personal information, as it can potentially be accessed by anyone to try to gain unauthorized access to your accounts.<\/p>\n<p><strong><\/div>\n<\/div>\n<\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Day 3: How to Identify and Avoid Phishing<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2017\/10\/ISAWday3.jpg.png\"><img loading=\"lazy\" src=\"\/tech\/files\/2017\/10\/ISAWday3.jpg-513x636.png\" alt=\"ISAWday3.jpg\" width=\"513\" height=\"636\" class=\"aligncenter size-medium wp-image-110438\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday3.jpg-513x636.png 513w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday3.jpg.png 630w\" sizes=\"(max-width: 513px) 100vw, 513px\" \/><\/a><\/p>\n<h3 style=\"text-align: center;\"><\/h3>\n<p>Cybercriminals know the best strategies for gaining access to an organization\u2019s sensitive data. In most cases, it doesn\u2019t involve them rappelling from a ceiling\u2019s skylight and deftly avoiding a laser detection system to hack into your servers; instead, they simply manipulate a community member.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li><strong>Phishing isn\u2019t just e-mail!<\/strong> Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don\u2019t know the sender or caller? Seem too good to be true? It\u2019s probably a phishing attack.<\/li>\n<li><strong>Know the signs<\/strong>. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and\/or an offer that seems impossibly good? Click that delete button.<\/li>\n<li><strong>Verify the sender<\/strong>. Check the sender\u2019s e-mail address to make sure it\u2019s legitimate. If it appears that a Boston University IT Support Group is asking you to click on a link to increase your mailbox quota, but the sender is \u201cUniversityHelpDesk@yahoo.com,\u201d it\u2019s a phishing message.<\/li>\n<li><strong>Don\u2019t be duped by aesthetics<\/strong>. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action \u2014 especially action such as sending sensitive information, clicking on a link, or downloading an attachment \u2014 exercise caution and look for other telltale signs of phishing attacks. Don\u2019t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.<\/li>\n<li><strong>Never, ever share your password<\/strong>. Did we say never? We mean never. Your password is the key to your identity, your data, and your classmates\u2019 and colleagues\u2019 data. It is for your eyes only. Boston University\u2019s IT Support Groups will never ask you for your password.<\/li>\n<li><strong>Avoid opening links and attachments from unknown senders<\/strong>. Get into the habit of typing known URLs into your browser. Don\u2019t open attachments unless you\u2019re expecting a file from someone. Give them a call if you\u2019re suspicious.<\/li>\n<li><strong>When you\u2019re not sure, call to verify<\/strong>. Let\u2019s say you receive an e-mail claiming to be from someone you know \u2014 a friend, colleague, or even one of your professors. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/directory\/online\/\">The Boston University online directory<\/a> to confirm the request.<\/li>\n<li><strong>Don\u2019t talk to strangers!<\/strong> Receive a call from someone you don\u2019t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the <a href=\"https:\/\/www.bu.edu\/tech\/about\/help-center\/\">IT Help Center<\/a>.<\/li>\n<li><strong>Don\u2019t be tempted by abandoned flash drives<\/strong>. Cybercriminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary \u2014 it could be a trap.<\/li>\n<li><strong>See someone suspicious? Say something<\/strong>. If you notice someone suspicious walking around or lingering behind someone else, especially in a restricted area, call Boston University Police Department at 617-353-2121.<\/li>\n<\/ul>\n<p><strong><\/div>\n<\/div>\n<\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Day 2: Managing Your Online Identity<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2017\/10\/ISAWday2.jpg\"><img loading=\"lazy\" src=\"\/tech\/files\/2017\/10\/ISAWday2.jpg\" alt=\"ISAWday2\" width=\"381\" height=\"530\" class=\"aligncenter size-full wp-image-110421\" \/><\/a><\/p>\n<p>You and your information are everywhere. When you&#8217;re online you leave a trail of &#8220;digital exhaust&#8221; in the form of browser cookies, GPS data, social network posts, and e-mail exchanges, among others. It is critical to learn how to protect yourself and guard your privacy. As we routinely see with companies having major data breaches (Equifax being the latest in a long list), your identity and even your personal information is out there, and could be at risk.<\/p>\n<p><strong>Use long and complex passwords or passphrases.<\/strong>\u00a0These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.\u00a0You can find information on how to generate a strong password <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/how-to-choose-a-strong-password\/\">here<\/a>.<\/p>\n<p><strong>Ask questions<\/strong> about who can access the information you are posting online, who controls and owns the information, and what is shared with third parties.<\/p>\n<p><strong>Take care what you share<\/strong>.\u00a0Periodically check the privacy settings for your social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online.<\/p>\n<p><strong>Keep your personal information private<\/strong>. Assess whether it\u2019s necessary to share personal or sensitive information such as your birthday, mailing address, phone number, e-mail, mother\u2019s maiden name, sexual orientation, or Social Security number.<\/p>\n<p><strong>Be cautious about accepting requests to connect online<\/strong>. Connect only to people you know and trust to not misuse the information you post.<\/p>\n<p><strong>Read your credit card, bank, and pay statements carefully each month.<\/strong>\u00a0Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.\u00a0 Periodically review your credit reports as well!<\/p>\n<p><strong>If a request for your personal info doesn\u2019t feel right, do not feel obligated to respond!<\/strong>\u00a0Legitimate companies won\u2019t ask for personal information such as your social security number, password, or account number in a pop-up ad, e-mail, text, or unsolicited phone call.<\/p>\n<p><strong>Using Wi-Fi?<\/strong>\u00a0If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a <a href=\"https:\/\/www.bu.edu\/tech\/services\/cccs\/remote\/vpn\/\">VPN<\/a> (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.<\/p>\n<p><strong>Should you trust that app?<\/strong>\u00a0Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.<\/p>\n<p><strong><\/div>\n<\/div>\n<\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Day 1: Welcome to Information Security Awareness Week!<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2017\/10\/ISAWday1-636x422.jpg\" alt=\"ISAW1\" width=\"636\" height=\"422\" class=\"alignnone size-medium wp-image-110393 aligncenter\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday1-636x422.jpg 636w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday1-768x510.jpg 768w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday1-1024x680.jpg 1024w, https:\/\/www.bu.edu\/tech\/files\/2017\/10\/ISAWday1.jpg 1701w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><\/p>\n<h3 style=\"text-align: center;\">\u00a0<strong>Welcome to Information Security Awareness Week!<\/strong><\/h3>\n<p>It is important these days to make sure that our devices are secure. Boston University has the <a href=\"http:\/\/www.bu.edu\/policies\/minimum-security-standards\/\">Minimum Security Standards<\/a> policy that defines the security requirements for devices that have University data on them. For personal devices that aren\u2019t used for University business, here are some tips to help protect them and your personal information.<\/p>\n<p><strong>Keep your computer and applications updated. <\/strong>Patches or updates help resolve security flaws that you might have on your system, protecting you from malicious attempts to compromise your system.\u00a0 Patches should be applied on a fairly regular basis at a time that\u2019s convenient for you.<\/p>\n<p><strong>Install antivirus software. <\/strong>You should install antivirus software on your personal devices.\u00a0 Antivirus isn\u2019t just for laptops!\u00a0 It should be installed on your desktop computers, tablets, and phones! Boston University provides McAfee for free <a href=\"https:\/\/www.bu.edu\/tech\/services\/cccs\/desktop\/software\/security\/macafee\/\">here<\/a>.<\/p>\n<p><strong>Enable Encryption on your device. <\/strong>Your devices should be encrypted using the built in encryption feature included in your phone or computer\u2019s operating system. For personal computers, On Mac there is <a href=\"https:\/\/support.apple.com\/en-us\/HT204837\">FileVault<\/a> and Windows there is <a href=\"https:\/\/www.windowscentral.com\/how-use-bitlocker-encryption-windows-10\">Bitlocker<\/a>.<\/p>\n<p><strong>Require a password when logging into your devices. <\/strong>It is always good to have a password required to login to your devices. If your device gets stolen and there isn\u2019t a login password, then the thief would have access to all of your data immediately.<\/p>\n<p><strong>Use a secure connection (often called a \u201cVPN\u201d) to connect to the network. <\/strong>Using a secure connection provides an encrypted tunnel for information to travel from your computer and throughout the internet. This is important when you are working remotely or using public WiFi hotspots where data can potentially be read by malicious individuals if it isn\u2019t encrypted.<\/p>\n<p><strong><\/div>\n<\/div>\n<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>National Cybersecurity Awareness Month 2017: October 2-6, 2017 Highlights of Security Awareness Week We covered several topics this week aimed at increasing security awareness and illustrating best practices. We hope you\u2019ll use this information to be good custodians to your own information as well as any information you collect on behalf of the University.\u00a0 We&#8230;<\/p>\n","protected":false},"author":13352,"featured_media":0,"parent":110387,"menu_order":7,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/116858"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/13352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=116858"}],"version-history":[{"count":4,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/116858\/revisions"}],"predecessor-version":[{"id":129585,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/116858\/revisions\/129585"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/110387"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=116858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}