Data Privacy and Security

April 2020, Data Privacy and Security

Information Security in a COVID World

ITS wanted to take a minute as we’re all adjusting to the waves of changes coming our way, and remind everyone that certain people around the world are trying to take advantage of the situation we find ourselves in and our innate desire to help others. Now is the right time to ensure we’re vigilant about protecting ourselves.

There are reports of people getting email and phone calls about fraudulent charities and even people walking door-to-door claiming to be the CDC doing research. There has been an international increase in the typical methods of phishing and impersonating other users as well as targeted cyberattacks on infrastructure. ITS continues to monitor these threats and asks for your help.

  • Double check your email. If you get a message that appears to be from a member of the Clark community, but doesn’t look like it really came from that person, be extra cautious (Clark faculty and staff should look for the [EXT] tag in the subject – this means the message originated from outside Clark’s mail environment). It’s worth thinking twice before taking any action, opening any attachments, or clicking any links. It’s best at this time to use your Clark email for business communications (as opposed to a personal email account). While email approvals aren’t legally binding for formal contracts, it adds an additional layer of verification that the email communication is authentic.

 

  • Watch for phone calls too. As we’ve evolved over the past weeks to a more mobile workforce, if you get a phone call claiming to be from someone at Clark asking you to do something that may seem odd (like buy gift cards), Caller ID is not a fool-proof way to validate who you’re talking to. Reach out to the person another way; send them an email to their Clark account or call them back on a number you already know for them. You may also get calls claiming to be from companies, like Microsoft or Apple, who have detected a problem with your computer and need you to do things on it. These are not legitimate calls and you should not take any action the caller suggests. If you have computing questions, you can reach out to the Help Desk at helpdesk@clarku.edu or 508-793-7745.

 

  • Think twice, click once (or never). Most malware infections require us to do something – open an attachment, click on a link, download a file. We have protections installed in your Clark email account to help remove most malicious attachments before they get to your inbox. Another great layer of protection is to make sure the attachment or link comes from someone you’re familiar with and you’d be expecting to get it from in the context of your conversation. As we grow the tools we use, these links could come in different ways. For example, as we use Zoom and Microsoft Teams more, users can post a link in the chat asking people to click on it. These may be malicious links, so be aware of clicking on links not only in email, but in other applications as well.

The compassion and thoughtfulness of our community is truly overwhelming and we hope these small tips will not only help to ensure the protection of our shared computer and information resources, but your personal information and resources too.

Finally, all of us in ITS would like to thank you for your focus on information security, as well as your patience and willingness to adapt to new processes and technology in this unprecedented time.

Data Privacy and Security, September 2019, Tips and Tricks

Countdown to Cybersecurity Month: Spyware

Digital lock guard sign binary code number. Big data personal information safety technology closed padlock. Blue glowing abstract web internet electronic payment vector illustration art

October is National Cybersecurity month, a time to raise awareness about the importance of Cybersecurity, and how to stay safe while online.

Clark’s ITS professionals take the campus’s cybersecurity very seriously. In fact, in a single 24 hours period in mid-September, our security systems blocked over 90,000 threats presented by spyware. Spyware is malicious software that will infiltrate your computer (and Clark’s system) and report back passwords, financial information and internet usage. It can also slow down your computer and spam you with ads.

While ITS systems are keeping threats from Spyware at bay, you can provide the best layer of defense when you take your online security seriously – both on and off campus. As a community member, your Clark computer is protected by ITS, but you also have free access to Sophos, an anti-virus product that also includes Spyware Protection (Click here to learn more about Sophos.)

Click here to read a 5 minute article about spyware and other ways you can avoid the threats it presents.

April 2019, Data Privacy and Security

Digital Spring Cleaning

It’s spring cleaning season, and just as it is a great time of year to clean up our physical stuff, it is also a great time to clean up our digital footprints. The National Cyber Security Alliance recommends that a great way to help yourself stay safe online is to take some time each spring to make sure your digital settings and files are secure. Some recommendations for digital spring cleaning are:

  • Review your online accounts, and delete any that you no longer use. Leaving unused online accounts open can make you more susceptible to cyber-attacks. Since you do not monitor the account regularly, you are less likely to notice when something is wrong.
  • Clean out old emails and files that you no longer need. Old files can often contain personal information. So, when you no longer need them you should throw them out and empty your trash.
  • Review the applications on your mobile devices and delete the ones you no longer use. Much like with old online accounts and files, old applications can contain personal data and should be deleted if they are no longer in use.
  • Check your web browser settings to make sure it is handling your data the way you want. Web browsers allow you to decide which information is saved and how your data is shared.
  • Back up your files to a portable hard drive or cloud storage service. Creating a routine for backing up your files can help to ensure that all of your data is recoverable if something were to happen to your computer or mobile device.
  • Update your passwords. It is important to regularly change the passwords that you use.

For more ideas about how to approach a digital spring cleaning, click here to view the flyer from the National Cyber Security Alliance.

If you would like to learn more about how to manage your privacy settings on popular systems and websites such as your web browser, social media accounts, and shopping accounts click here. These resources from StaySafeOnline.org provide information about what security and privacy settings are available on different websites, and instructions for how to manage those settings.

Data Privacy and Security, March 2019

Preventing Identify Theft

The first week of March is National Consumer Protection week, which is designed to help people understand their rights as a consumer, and learn ways to prevent identity theft.

Below are some tips and tricks from EDUCAUSE about how you can help to prevent identity theft. They discuss managing your paper data, your digital data, and other things to think about.

________________________________________________________

Identity theft has become commonplace during the past decade. If you are reading this, it is a safe bet that your data has been breached in at least one incident. Does that mean we are all helpless? Thankfully, no. There is a lot we can do to protect ourselves from identity theft and to make recovery from incidents quicker and less painful.

One of the first things that you should consider doing, when looking to protect yourself from identity theft, is to take control of your credit reports. Examine your own report at each of the “big three” bureaus. Make sure there’s nothing inaccurate in those reports, and file for corrections if needed. Also, keep an eye on your credit report all year, space out your credit bureau requests by requesting a report from a different credit bureau every four months. You can request your report free once a year from each of the three agencies.

Next, practice good digital hygiene. Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. Some things that you can do to help keep your digital world secure are:

  • Keep your computer and smart phone operating systems up to date. When OS updates are released, make sure you apply them. They often fix errors in the code that could let the bad guys in.
  • Do the same for any of the applications that are on your computer or smartphone. Web browsers, plug-ins, email clients, office software, antivirus/antimalware, and every other type of software has flaws. When those flaws are fixed, you are in a race to install that fix before someone uses the flaw against you. The vast majority of hacks leverage vulnerabilities that have a fix already available.
  • Be careful about what you share on social media. Some of those fun-to-share-with-your-friends quizzes and games ask questions that are similar to “security questions” that can be used to recover your account or compromise your credentials.
  • Consider using a password manager for your personal accounts and keep a strong, unique password for every site or service you use. That way a breach on one site won’t open you up to fraud at other sites. For instance, if someone gains access to your social media account, if it has a different password than your other accounts, they would not gain access to your online banking account.
  • Check all your account statements regularly. Paperless statements are convenient in the digital age. But it is easy to forget to check infrequently used accounts such as a digital bank or credit card statement. Make a recurring calendar reminder to check every account for activity that you don’t recognize.
  • Manage those old-style paper statements. Don’t just throw them in the trash or the recycle bin. Shred them with a cross-cut shredder or deposit them in a secure shredding bin on campus. Data that is stolen from a trash bin or dumpster are just as useful as data stolen from a website.

________________________________________________________

EDUCAUSE is a nonprofit organization that provides information technology based articles to its members to increase the use and understanding of technology in higher education.

If you would like to read the tips from EDUCAUSE on its original web page, click here.

 

Data Privacy and Security, January 2019

Social Media Privacy

Happy Data Privacy Day!

Data Privacy Day is observed annually on January 28th to help bring greater awareness to privacy education. As the use of digital platforms for managing personal information, such as websites and social media, continues to grow, it is increasingly important that we understand what data we are sharing and how to protect that data. This can sometimes be a challenging task, especially since each website handles privacy and security a little bit differently. Data Privacy Day is used to help bring awareness to these growing challenges.

Maintaining your privacy on social media platforms can be complicated. Each social media site often has its own very specific settings and requirements that can make it difficult for you to really understand which portions of your data are private, and which are not.

This article, from www.experian.com, gives some insight into the realities of social media privacy and how it impacts users. It also provides specific guidelines on how to manage privacy settings on some of the most popular social sites (Facebook, LinkedIn, YouTube, etc.). It is important for users to be armed with the knowledge of where and how they have a voice with regards to their social media privacy, and this article sheds some light on that. Use the listed links on the right side of the article if you’d like to jump to a specific social media’s privacy settings instructions. Read more by clicking here…

Data Privacy and Security, January 2019

Creating Strong Passwords

Creating and maintaining passwords can sometimes be frustrating. Each website and system we use, inside and outside of Clark, can often have different requirements when it comes to building a password. This can often make you wonder what actually makes a password safe, and what tools are available to help us make sure our passwords are really secure.

As you think about securing your online identity and data (it’s what passwords do for us); be it on social media, on personal accounts, or on Clark systems, it is important for you to create strong passwords. This article, from www.connectsafely.org, gives some instructions and information around what strong passwords are in general, details about how to create a strong password, and details about what tools some websites use to help you keep your passwords and data safe. Click here to read more.

Additionally, if you would like to learn more about the Clark ITS password policy and the recommendations we have for creating a secure password on campus, they can be viewed by clicking here.