October 2018 - Cyber Security Awareness Month
The implementation of Duo Two Factor Authentication for faculty and staff has been a smooth process so far and we expect the same as we turn it on for our Island students. The number of compromised IslandID accounts has dropped significantly since Duo was put in place for faculty and staff. Still, the University has been affected by nine phishing attempts in 2018. This is next step to securing a safe learning environment for our students. The activation dates below are determined by the first letter of the student’s last name:
- A - F: 9 a.m. on Oct. 24
- G - M: 9 a.m. on Nov. 7
- N - Z: 9 a.m. on Nov. 14
Secure disposal of electronic data: As October is National Cyber Security Month OIS is offering secure data shredding. Stop by with any unwanted hard drives, diskettes, tapes, or electronic media you no longer want (Personal or University owned).
Many used to worry about our papers going out in the trash and people dumpster diving to collect anything that may have an account number, or insight to information they were not privileged to have. Today scammers look for phones and electronic media that has been discarded. You may see a device that no longer has value to you, but to those that have alternative motives, they see gold.
Disposing of your unwanted devices should be done in a manner that is safe and renders the device unusable. Here are some steps you can do to keep your data out of the hands of others.
- Shred unwanted devices. Not everyone has a shredder that can devour metal, but our Office of Information Security does and are happy to help.
- Delete and overwrite sensitive files. Just because you deleted an item and removed it from the recycle bin, does not mean the information is gone. Programs exist that allow data to be recovered, even if erased. Use a product like File Shredder (http://www.fileshredder.org/) to make sure the data is unrecoverable.
- Deauthorize your computer. Some applications like iTunes, Microsoft Office 365, and Amazon Services will store authorization to your online profile. By deauthorizing the device you are breaking the connection between the online profile and your device.
- Use Drive Encryption. By encrypting your drives, you make it harder for someone to recover any data from a drive that has been removed from device. Even cell phones allow you to encrypt the SD card that is added to your phone.
Wireless Security PSA: Not all Wi-Fi connections are created equal. Public Wi-Fi is sometime not as secure as you think. Cyber attackers can utilize open public Wi-Fi to collect data that they can later use themselves or post on the dark net for others. Here are some precautions you can take to help protect yourself.
Do not connect to insecure public networks.
- An insecure public Wi-Fi is a wireless network for public use that does not require a password to access.
- Many times, these networks were set up for legitimate purposes, but since they are not protected these networks can be co-opted. These wireless networks can be set up to steal usernames and passwords for their users.
- It is best to use your service provider’s data plan.
- If there are multiple networks with similar names, ask what the correct network to use is.
- Often attackers will set up wireless networks with names that look similar to the official public wireless networks.
- If you find yourself in a similar situation, ask an employee what is the right Wi-Fi to use.
- When browsing the Internet, HTTP does not encrypt your data.
- Typical internet browsing uses a protocol HTTP to get and receive data. HTTP does not encrypt that data. There is a more secure version of HTTP called HTTPS.
- Before doing any secure activity like logging into your bank account on a public network, make sure that the website is using HTTPS. (Look at your address bar. The address bar will tell you if HTTPS is being used.)
- Mobile devices should not automatically connect to WI-FI.
- You should determine what WI-FI to use not your device.
- Most mobile devices will automatically try to log into the last network it used. Pay attention to the name you are connected. If you are out and about and the name being used shows your home connection, this is not a good sign.
- Secure your private Wi-Fi at home.
- Your home network needs a strong password protecting for unwanted users.
- It should also be encrypted using WPA-2.
- Turn off your Wi-Fi when you are not home for extended time periods.
Facebook recently announced that at least 50 million Facebook accounts, and perhaps many more, had been compromised by unknown attackers. What makes this hack scarier is that many other sites permit you to log in with your Facebook credentials. This means that the attackers have access to not only your Facebook account, but potentially access to any other site where you log in with your Facebook credentials
What Should I Do? Here are some concrete steps you can take to protect yourself and your computer accounts from compromises.
- Generally: do not re-use passwords. Each one of your computer accounts should have a different password. Yeah, it’s a pain, but so is brushing your teeth and wearing a seatbelt. Using a password keeper (see #5 below) can make this a lot easier.
- Change your Facebook password. Today.
- Log into Facebook
- From the toolbar at the top of the screen, click on the little down arrow on the right
- Choose “Settings”
- From the left menu, choose “Security and Login”
- Choose “Change Password.”
- Enable two-factor authentication on your Facebook account. Today.
- From the same Facebook “Security and Login” page in step 2d above, click on the radio button “Use two factor authentication”
- Follow the prompts.
- Enable two-factor authentication on any account that offers it. Most accounts today offer two-factor authentication, similar to how we use Duo at TAMUCC. Practically every bank and credit-card company offer it, as does Google, Yahoo, Microsoft, etc. At the very least, enable two-factor auth on your bank accounts, mortgage account, and credit card accounts.
- Start using a password keeper. There are several free ones that are excellent: LastPass, KeyPass, 1Password are just a few. Pick one, learn it, use it. Show your children how to use it. You can set up the password so that it is sync’d between multiple locations – cellphone, cloud, home computer – which means you’ll never be stuck without it. Email firstname.lastname@example.org if you need assistance on picking and using a password keeper. We’d be glad to show you.
- Avoid logging in to other sites with e.g. your Facebook or Google account. Yeah, it’s convenient, but it increases your risk surface. If someone hacks your Facebook or Google password, then they now have access to those other accounts. Two-factor authentication goes a long way towards reducing that risk, but the best strategy is to just avoid account re-use to being with.
The implementation of Duo Two Factor Authentication for faculty and staff has been a smooth process so far and we expect the same as we turn it on for our Island students. Student workers across campus, like Miguel Molina of the IT Service Desk, have already been living the Duo lifestyle, “Sure, it’s an extra step, but I feel better protected with Duo on my account.” The number of compromised IslandID accounts has dropped significantly since Duo was put in place for faculty and staff. Still, the University has been affected by nine phishing attempts in 2018. This is next step to securing a safe learning environment for our students.
The Information Technology Help Desk is currently in the process of rebranding to facilitate the expansion of services provided, extended hours, and to better serve the University community. Part of the change includes sending out customer satisfaction surveys on every ticket closed. Please use these surveys as a way to let us know what we are doing well, and where we need improvement, as we work to develop a quality service model. In conjunction with this rebranding, we have changed the name of our front-line support to be the “IT Service Desk.” Support Specialists will be located on the first floor of the Bell Library at the “Ask Us” desk, in addition to our current location in Corpus Christi Hall 205.
Duo for Students: The implementation of Duo Two Factor Authentication for faculty and staff has been a smooth process so far and we expect the same as we turn it on for our Island students. Student workers across campus, like Miguel Molina of the IT Service Desk, have already been living the Duo lifestyle, “Sure, it’s an extra step, but I feel better protected with Duo on my account.” The number of compromised IslandID accounts has dropped significantly since Duo was put in place for faculty and staff. Still, the University has been affected by nine phishing attempts in 2018. This is next step to securing a safe learning environment for our students.
For information about system outages please follow this link: