Home - Office and Services - Information Technology - Information Technology News
Information Technology News

Latest Posts

Security Awareness: Bon Voyage! IT Tips for Travel

By mark hine on May 22, 2015
  • Ensure that all of your devices have a passcode or password.
  • Don’t take sensitive data with you if you do not need it.
  • Enable location services and encryption on your device.
  • Keep your device with you.
  • Investigate and understand data rules outside the U.S.
  • Plan ahead on how you will connect to the Internet.

Prior to traveling domestically or abroad take a few minutes to review your security practices. A lost, stolen or compromised device not only disrupts your travels, but can quickly lead to a very challenging situation. Use the checklist below to protect yourself and your device:

Do all of the devices you are taking with you have a password or passcode on it? Do all of your devices have a timeout feature to auto lock?

  • Having passwords on your devices (laptops and smartphones) is a great way to start protecting yourself and Colgate’s data. This stops the initial attempt to pick up a device and start looking at your emails or any other data.

Can you access your data remotely?

  • Consider leaving behind unnecessary storage devices (e.g. thumb drives) and not storing data on your desktop.
  • Colgate offers centralized data storage that is backed up and can still be accessed on the road.
  • Google Drive has unlimited storage and is available everywhere.

Do you have a safe way to connect to the Internet when you travel?

  • Be careful of what you do on free public connections.
  • Use Colgate’s VPN connection.
  • Check out a portable hotspot device from the library.

Is your data backed up?

  • Use Colgate’s enterprise backup solution – CrashPlan. Should anything happen to your computer, your data can be restored to a loaner computer so that you can continue to work.

Is your device setup to encrypt your data?

  • With your data backed up we can encrypt your devices. Should your devices be lost or stolen we can be be sure that your data is protected and unusable.

Are location services turned on?

  • Depending on your device there are ways to help locate them and also remotely wipe them in case of a lost or stolen device.

Is your device small enough and light enough that you’re willing to keep it with you?

  • Unattended devices are at risk of being stolen.
  • Consider your choice of device bags to maximize keeping devices with you.
  • ITS has devices that can be borrowed that may suit your travel needs.

If you’re traveling abroad, do you understand the digital rules at your destination?

  • Prior to travel, quickly research what issues or laws may apply to your devices, including access to non-secure Wi-Fi, encryption rules, and requests from police to unlock a device. [link to the goods]

Please check with your support team on which solutions are best suited for your needs.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: If something doesn’t look right, it probably isn’t

By mark hine on May 22, 2015
  • Question changes in your browser or desktop that you did not initiate.
  • Look carefully before responding to unsolicited emails or links.
  • Files or emails that are accidently shared or sent in error should be reported to ITS.
  • Report lost or stolen devices to Campus Safety right away.
  • Big changes are announced; take note of things that are not announced.
  • ITS can help you determine if a change is legitimate – call us at x7111

A simple, but important, step you can take to protect your digital life and Colgate’s information is to maintain awareness. Observe your computing environment and note when things are out of place, unexpected, or new without cause.

Emails and websites purporting to be from reputable companies will seldom have poor grammar or spelling. Be wary of unsolicited contact by email or phone, especially when they request any confidential or sensitive information or use an unfamiliar process. These are signs of potential intrusion attempts.

Changes to device backgrounds, new icons that suddenly appear on your desktop, especially after installing “freeware” or other downloaded apps, and other changes to your computing environment may signal that someone, other than you, has access to your device. Free software and apps are more likely to contain malicious code and should be avoided.

Be vigilant when using devices and the network. Report odd or suspicious changes on your computer to ITS. We can help you determine whether your system has been compromised and offer help mitigating issues that are detected.

Report suspected unauthorized access to data, mass email mishaps and any unintended changes to data or systems to ITS. Additionally, please contact ITS if you see confidential or sensitive data in an open environment.

Report lost devices to Campus Safety by calling extension 7333 as soon as possible. Report other suspicious activity in your digital world to ITS by calling extension 7111.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Think Carefully before Sharing – Only Share what’s Needed

By mark hine on May 22, 2015

Before sharing a file with confidential or sensitive data ask:

  • Does the person or people receiving this information, need all of the information I’m sharing or could I trim the volume of confidential data?
  • Do all the people I am sharing this with need the information?
  • Is there a more secure way to share the information?

Colgate generates and uses, through the course of business, a considerable volume of data that should be carefully guarded against loss and unauthorized access, including social security numbers, driver’s license numbers, bank accounts, and grades. In a University environment, collaboration is a natural and necessary behavior. Sharing files is one way we move data from those who have it to those who need it. Below are some practical strategies for reducing the likelihood of data loss:

Limit Data Shared
Providing extracts or portions of data that include only necessary information is strongly recommended. An example is a report that has student IDs redacted or social security numbers removed. If the information does not have a business purpose it should be removed prior to sharing. More importantly, for confidential and sensitive data, ask: should this individual have access to this information? Is it part of their job responsibilities? If they do not need it they shouldn’t see it. This protects the community and the individual.

Avoid Email as a Conduit
For most people, emailing attachments is a quick, easy and practical way to share information. Emailing confidential or sensitive attachments, however, is risky since the email can be accidentally forwarded or shared with the wrong person or people. To share this type of information use password protected attachments, shared google documents, or links to a database. Social Security numbers, credit card numbers, driver’s license numbers and passwords should never be included in an email.

Google Drive
Instead of storing documents on your desktop (another vulnerability), ITS recommends using University supported storage options like Google Drive. Google Drive offers a second layer of security (you have to login to it) and the ability to assign variable permissions (view only, comment and view, edit) to specific documents. Sharing features are built in. If you would like more training on Google Drive, ITS can provide additional training to you or your department.

Use the Colgate VPN when off campus
Using Colgate’s virtual private connection (VPN) is a secure way to access Colgate data and applications. This connection is encrypted and password protected. A VPN connection is a good way to view records and confidential data securely.

For more information, please visit:
http://www.colgate.edu/offices-and-services/information-technology/network-services/accounts

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Know the Rules of the Road

By mark hine on May 22, 2015

 

It is important to review applicable information for your role at Colgate. Please review Colgate-wide and departmental policies regularly.

Policies are in place to protect Colgate community members and the University.These internal rules are often guided by state, federal and industry specific requirements that define acceptable use, conduct and data safeguards to meet our obligation to protect student and financial information.

Acceptable use
http://www.colgate.edu/offices-and-services/information-technology/privacy-and-security/acceptable-use-policy

Email stewardship
http://www.colgate.edu/offices-and-services/information-technology/privacy-and-security/stewardship-and-custodianship-of-email

Staff handbook
http://www.colgate.edu/docs/default-source/d_working-at-colgate_resources_staff-handbook/staff-handbook.pdf?sfvrsn=12

Faculty handbook
http://www.colgate.edu/offices-and-services/deanoffacultyoffice/currentfaculty/faculty-handbook

State and federal laws also specify how certain types of information are handled. While we can not detail all of the potential legislation here, a few important acts are listed below.

FERPA
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive federal funding, including financial aid. Learn more by visiting http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

DMCA
The DMCA criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. Learn more by visiting http://www.copyright.gov/legislation/dmca.pdf

TEACH Act
The TEACH Act more closely aligns copyright laws regarding distance learning with laws pertaining to face-to-face classroom interactions. There are important differences, however, regarding full-length audiovisual works, such as movies and documentaries. Learn more by visiting http://www.copyright.com/media/pdfs/CR-Teach-Act.pdf

Depending on your role at Colgate, other compliance and notification rules may apply to your work, including the following:

  • NYS Law 4254–A Information Security Breach and Notification Act
  • Higher Education Opportunity Act
  • Copyright Infringement Executive Order 13224
  • Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism
  • TEACH Act
  • Technology Education and Copyright Harmonization
  • USA PATRIOT ACT
  • ECPA
  • Electronic Communications Privacy Act
  • Family Educational Rights and Privacy Act of 1974 (FERPA)
  • Digital Millennium Copyright Act – Amendment to Section 512 Copyright Act of 1976
  • Gramm-Leach-Bliley Act
  • Payment Card Industry Data Security Standard (PCI DSS)

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.

 


Security Awareness: Don’t Take the Bait

By mark hine on May 22, 2015
  • Phishing is an illicit attempt to gain personal information which poses as a legitimate request.
  • Emails and websites can be made to appear legitimate but often contain clues to their true origin.
  • Never send confidential information (passwords, credit card info, social security numbers, etc.) via email.
  • Assess the reasoning for the information request. Consider a phone call to verify authenticity.
  • If you do accidentally respond to a phishing scam, contact ITS right away.

Phishing is a type of social engineering that lures individuals by making, what appears to be, legitimate requests for your personal data. Most often in the form of an email, criminals pose as trusted sources (like your employer) to trick you into providing a password or account number but instead use this information to cause harm. A second form of phishing takes the form of embedded links in an email which transport you to websites that install malicious code, such as malware, on your device.

According to experts, 156 million phishing emails are sent globally every day and 10% of those make it through filters. Shockingly, eight million messages are opened and 800,000 fraudulent links are clicked. Often, the emails are convincing. Other times, emails contain misspellings, poor grammar and odd formatting – clues that the request is not on the level.

Consider the information being asked and the source of the email. Links can be spoofed (made to appear like they come from a legitimate source). Logos and familiar icons can make an email or website appear to be genuine. Usually, subtle differences are visible that indicate this type of deception. It pays to be diligent and verify the authenticity of any request with a phone call.

Colgate University, and any legitimate commercial enterprise, will NEVER ask you for your password. Hover over links and check their true destination in the status bar (bottom of your web browser). Verify links on a web page in the same manner. Check the web address in the address bar. Pay close attention to the domain suffix (.com, .org, etc.) Does it originate unexpectedly from a foreign country ( .ru, .cn, .tw)? Many phishing scams originate abroad.

Consider what is being asked of you. Is it reasonable or something you requested? Be wary of offers that seem too good to be true – they usually are. Immediately delete suspect emails.

Report all phishing emails to ITS and let ITS know if you clicked on the link.
For more information, visit: https://www.fdic.gov/consumers/consumer/alerts/phishing.html

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Using Strong Passwords and Strong Password Management

By mark hine on May 22, 2015
  • Creating a strong password is an essential step toward achieving good data security.
  • Strong passwords use numbers, letters and symbols.
  • Don’t write your passwords down.
  • Consider using long phrases with mixed case and numbers (they are easier to remember).
  • Weak passwords contain common words and familiar sequences.
  • Weak passwords are a common cause of security breaches.

A device or file password is the first (and often last) defense against falling victim to cybercrime. A password, however, will not protect you if it’s easy to find.

What is a weak password?
Weak passwords are short and easy to guess. Here are some why they are weak:

summer15 Any word followed by a number
bonjour! A word in a dictionary in any language
password1234 Any use of “password”
Iloveyou An obvious phrase, with no alteration
MarySmith Any personal information, such as a child, parent, or pet name
Tulsa1995 Any birthday, anniversary date, or place of birth
GoRedSox Any sports team that would be obvious from social media

 

What is a strong password?
A few changes could make your passwords stronger. There are key strategies for strengthening your password. Lengthen your password – the closer you get to 15 characters the better. Use all the character types (upper, lower, number, symbol) and don’t place them all at the end. Make the password unique by adding in something unique for the website to the password. Use phrases, not words.

One way to achieve all of these, is to have a base passphrase such as

  • a_S1ice0fApplePi3
  • !theCH3CKisINtheMALE!

What are weak password management practices?
With the proliferation of websites and devices, many people resort to weak password management practices. Effective password management needs to protect against to a few common scenarios: (1) access to your device and (2) brute force attempts from hackers with password cracking tools (3) using hacked information from one system to gain access to others

Here are some examples of weak password management practices:

  • sticky note under a keyboard or attached to a device in any way
  • written password list in an unlocked drawer in unlocked office
  • saved passwords in browsers on unlocked computers
  • one password for every website
  • sharing passwords with multiple people
  • digital “sticky note” on cell phone in plain text

 

What are stronger password management practices?
A password system that considers the risk and confidentiality of the information you are protecting. Any storage of written passwords should be double locked (in a locked drawer in a locked office). Examples of “locks”, include:

  • Recording password incorrectly such as a missing or inserted character
  • Drawer locks
  • File locks
  • Office locks
  • Device locks

If you use an online password management system, please contact ITS to ensure that you are following best security practices with your devices.

How do I make my passwords and password systems stronger and reduce my risk?
Do not use your Colgate email password (and other source of confidential information) for any other resource. Do not sign-up for outside services using your Colgate email and password. Take a risk based approach – the more sensitive the account, the stronger the password should be. If you are storing passwords anywhere, ensure that they are double locked. Remove saved passwords in browsers for any site with confidential or sensitive data.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.

 


Security Awareness: Browse Safely

By mark hine on May 22, 2015
  • Don’t save passwords in your web browser.
  • Web addresses with HTTPS are more secure.
  • Double check link destinations by hovering and verifying the link.
  • Keep your browser up to date – updates address the latest security issues.
  • Double check the spelling of web addresses – criminals use misspelled versions.

While the web has revolutionized our access to information, it has also been thoroughly exploited by criminals as a means of extracting personal information. Safe browsing is almost entirely determined by our behavior – how we interact with a web browser and the choices we make when surfing the web.

Do Not Save Passwords
To prevent unauthorized access to web-based services, such as banks, student record systems and other confidential systems, do not save passwords in your browser. While convenient, it promotes unauthorized access akin to leaving the door unlocked.

Use HTTPS
Avoid entering confidential information if the web address does not begin with “https”. Information over an https connection is encrypted by an authority that is trusted and verifies the identity of a website. Try it out at https://portal.colgate.edu/. Click the lock icon in the address bar to view details.

Link Hovering
Most browsers have a “status bar” at the bottom of the browser window. When you hover (place your mouse over), but not click, on a link, the actual address you will navigate to is displayed here. Compare this information with the destination website you intend to visit.

Keep Your Browser Up to Date
Like any software that accesses the Internet, vulnerabilities are discovered and patched (corrected) frequently. Updating your browser to the latest version ensures that you have the latest set of fixes and security updates for that product. If you have any questions whether a software update is appropriate contact ITS for help.

Mistyping and URL Accuracy
Mischievous hackers register domain names that are similar to well-known brands and websites in the hope that our occasional misspelling of a web address results in a visit to their site. Sometimes these sites are simply marketing ploys. Others construct their web pages to mirror the look of legitimate sites with the goal of capturing your  information or installing malware that could damage your device. Double check the spelling of the web address or use a reputable search engine to search and navigate.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Use Anti-virus & Anti-malware

By mark hine on May 22, 2015
  • Both Windows and Mac devices are vulnerable.
  • Viruses infiltrate systems, cause damage and can lead to data breaches and loss.
  • Malware includes other software that can damage systems and steal resources.
  • All of the devices you use should have anti-virus and anti-malware software installed.
  • Antivirus and antimalware software should be kept up-to-date.
  • ITS can assist you with installation, updates, threat identification and remediation.

 

Computer viruses are often abstract concepts to us. With ominous names like “HeartBleed” and “Code Red” their existence seems mythical. A virus is a malicious program designed to do harm and when introduced to a system can wreak havoc. Windows and Mac operating systems are vulnerable to viruses.

Malware is a category of software that includes viruses, Trojans and other programs that cause harm. Some malware applications that appear to have a legitimate purpose also contain code to steal passwords, keystrokes and act as relay points for attacking other systems.

Anti-virus software is like a detective that is always on the job. These applications examine files and email to detect malicious code that can steal keystrokes, erase files and do serious damage to your computer. Anti-malware software examines applications that are installed and searches through a known library of malicious programs to identify threats and remove them.

Anti-virus and anti-malware software should be installed on all of the computers you own or operate. Microsoft reports that, in 2013, 26% of computers in the United States were completely unprotected leaving them five times more likely to be infected.

Anti-virus software needs to be updated frequently. Companies like Microsoft, Symantec, McAfee and Sophos operate labs which detect new threats and update the signatures used to detect these threats. These vendors also provide additional protection against new types of threats and malware. According to a 2015 report from Symantec, a new form of digital assault called ransomware soared 113% in 2014. This software infects a system and demands payment for the fix – often successfully blackmailing the owner into paying up.

At Colgate, we install anti-virus software on both platforms. For assistance with anti-virus and anti-malware software please call the ITS Help Line at extension 7111.

For more information about how to protect yourself from viruses visit: http://home.mcafee.com/virusInfo/anti-virus-tips

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: The Backup Plan

By mark hine on May 22, 2015
  • Data loss is a widespread, but preventable.
  • Software is available to automatically backup your important data.
  • Physical media is not a reliable means to backup data.
  • Be prepared to wipe your device. Data should never reside only on a single piece of equipment.
  • Storing your data on Google Drive can mitigate data loss, should your computer become compromised.

Hardware fails. Devices are lost or misplaced. Viruses and other threats corrupt systems. These events can all lead to lost information – sometimes irreplaceably.  More than $1.7 trillion is lost annually due to data loss and downtime, according to a study by EMC, a disaster recovery firm. Moreover, EMC reports that the incidence of data loss has increased 400% since 2012.

Enterprise level backup systems are currently the most robust option. Storing data in Google Drive and engaging with products like CrashPlan, a file backup service supported by Colgate, provide layers of redundancy to protect your data. These options store data in centers with reliable backup strategies and physical security.

A backup strategy can prevent the heartache of lost data and expedite recovery. Before diving in, it is important to ensure that where you backup is a safe and secure environment and that you are backing up frequently enough to protect current information. An important part of your backup plan is to test that you can find and recover files, at least on an annual basis or after a major change.

Twenty years ago, diskettes were the primary backup tool. Then came CDs and DVDs and external hard drives. The problem with physical media is that it too can be lost or damaged, particularly when stored in the same space as the original. Media also has a finite lifetime, whose demise can be accelerated depending on storage and care. While external drives are better than physical media, they too can suffer failures and corruption or damage that affects an entire location.

Mobile devices are also at risk. Sync devices to a computer frequently to ensure your mobile data is preserved.  Ensure that your synced data is included in your backup solution for that computer.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Be Aware of your Surroundings

By mark hine on May 22, 2015

 

  • Enable a timed logout to lock your computer when you step away.
  • When viewing confidential or sensitive data, be aware of your environment.
  • Beware of inadvertently revealing login information or passcodes.
  • Log out of your computer when leaving.

 

Imagine all of your mail being delivered in clear envelopes. Unsettling, to say the least. The opaque envelope is designed to shield your personal information from prying eyes. The risk is that your personal data could be used to steal your identity, gain access to other confidential data, or be used to access the data of others, including work information.

One way to increase data security is to think about where you use devices. Consider who is looking over your shoulder when you login or view confidential data. Theft of login credentials or personal data in this manner is called shoulder surfing. It’s shockingly easy to learn a phone pin by watching.

Tailgating or piggybacking is another risk that describes someone who follows you after you have gained access to a resource. Think about your ATM activity. You enter your PIN and complete your transaction. The ATM machines asks you, “Would you like to perform another transaction?” You leave without answering. Someone pulls up quickly, who has observed your PIN entry. Because no card swipe is required, you’re out $100 or potentially much more. The parallel is the typical login – not logging out is an unlocked door to your personal information. Always logout of public machines. Always use a timed logout (five minutes or less) on your devices.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.

css.php