Home - Office and Services - Information Technology - Information Technology News
Information Technology News

Latest Posts

Security Awareness Month: October is National Cyber Security Awareness Month

By mark hine on September 28, 2015

October is National Cyber Security Awareness Month. Across the country, events are taking place to raise awareness and reduce the incidence of identity and data theft, financial loss and cybercrime. IT has become an integrated part of our lives. As our use of technology increases, so too does our risk.

Each week in October, Information Technology Services will be sending an email to the Colgate community with a focus on these important IT security topics:

Week 1: Using Strong Passwords & Windows Updates

Week 2: Phishing Prevention – Know Your Sender

Week 3: Two Factor Authentication

Week 4: IT Security Awareness

Please take a minute or two to read each of these as they arrive. You can also click a link above to preview these articles now.

Watch for these helpful and insightful emails each Monday in October. As always, please call the ITS Service Desk at extension 7111 with any questions or concerns or email us at itshelp@colgate.edu.


Security Awareness Month: If something doesn’t look right, it probably isn’t

By mark hine on September 28, 2015
  • Question changes in your browser or desktop that you did not initiate.
  • Look carefully before responding to unsolicited emails or links.
  • Files or emails that are accidently shared or sent in error should be reported to ITS.
  • Report lost or stolen devices to Campus Safety right away.
  • Big changes are announced; take note of things that are not announced.
  • ITS can help you determine if a change is legitimate – call us at x7111

 

A simple, but important, step you can take to protect your digital life is to maintain awareness. When using your computer or mobile device, note when things are out of place, unexpected, or new without cause.

Emails and websites purporting to be from reputable companies will seldom have poor grammar or spelling. Be wary of unsolicited contact by email or phone, especially when they request any confidential or sensitive information or use an unfamiliar process. These are signs of potential intrusion attempts.

Changes to device backgrounds, new icons that suddenly appear on your desktop, especially after installing “freeware” or other downloaded apps, and other changes to your computing environment may signal that someone, other than you, has access to your device. Free software and apps are more likely to contain malicious code and should be avoided.

Be vigilant when using devices and the network. Report odd or suspicious changes on your computer to ITS. We can help you determine whether your system has been compromised and offer help mitigating issues that are detected.

Report suspected unauthorized access to data, mass email mishaps and any unintended changes to data or systems to ITS. Additionally, please contact ITS if you see confidential or sensitive data in an open environment.

Report lost devices to Campus Safety by calling extension 7333 as soon as possible. Report other suspicious activity in your digital world to ITS by calling extension 7111.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.


Security Awareness Month: Lock out Phishing Attempts with Two Factor Authentication

By mark hine on September 28, 2015
  • Two factor authentication ensures that you are in control of your device
  • A unique one time code verifies your identity in addition to your password
  • Two factor significantly reduces risk if your password is compromised
  • You can ask Google to remember your device for up to 30 days
  • Your 2-factor codes can be recovered by you or with help from ITS


“It’s easier than you think for someone to steal your password. Any of these common actions could put you at risk of having your password stolen: using the same password on more than one site; downloading software from the Internet or clicking on links in email messages.

2-Step Verification can help keep bad guys out, even if they have your password.
Imagine losing access to your account and everything in it. When a bad guy steals your password, they could lock you out of your account, and then do some of the following:

  • Go through – or even delete – all of your emails, contacts, photos, etc.
  • Pretend to be you and send unwanted or harmful emails to your contacts
  • Use your account to reset the passwords for your other accounts (banking, shopping, etc.)”

src: https://www.google.com/landing/2step/

Here’s how to enable 2-Step Verification in Google (also called Two Factor Authentication).

  1. Sign in to My Account.
  2. In the “Sign-in & security” section, select Signing in to Google.
  3. Choose 2-Step Verification. This will bring you to the 2-Step Verification settings page.
  4. You will then see a step-by-step guide which will help you through the setup process.

Once you’re finished, you’ll be taken to the 2-Step Verification settings page again. Be sure to review your settings and add backup phone numbers. The next time you sign in, you’ll receive an SMS with a verification code. You also have the option of using a Security Key for 2-Step Verification.

Note: To ensure you are able to get into your account in the future, add an email recovery option to your account as well.


Security Awareness Month: Protect Your Personal Information – Know Your Sender

By mark hine on September 28, 2015

 

  • Phishing is an attempt to gain personal information which poses as a legitimate request.
  • Emails and websites can be made to appear legitimate
  • Never send confidential information via email.
  • Assess the reasoning for the information request. Consider a quick phone call to verify.
  • If you do accidentally respond to a phishing scam, contact ITS right away.

 

Phishing is a type of social engineering that lures individuals by making, what appears to be, legitimate requests for your personal data. Most often in the form of an email, criminals pose as trusted sources to trick you into providing a password or account number but instead use this information to cause harm.

According to experts, 156 million phishing emails are sent globally every day and 10% of those make it through filters. Shockingly, eight million messages are opened and 800,000 fraudulent links are clicked. Often, the emails are convincing. Other times, emails contain misspellings, poor grammar and odd formatting – clues that the request is not on the level.

Consider the information being asked and the source of the email. Links can be spoofed (made to appear like they come from a legitimate source). Logos and familiar icons can make an email or website appear to be genuine. Usually, subtle differences are visible that indicate this type of deception. It pays to be diligent and verify the authenticity of any request with a phone call.

Colgate University, and any legitimate commercial enterprise, will NEVER ask you for your password. Hover over links and check their true destination in the status bar (bottom of your web browser). Verify links on a web page in the same manner. Check the web address in the address bar. Pay close attention to the domain suffix (.com, .org, etc.) Does it originate unexpectedly from a foreign country ( .ru, .cn, .tw)? Many phishing scams originate abroad.

Consider what is being asked of you. Is it reasonable or something you requested? Be wary of offers that seem too good to be true – they usually are. Immediately delete suspect emails.

Report all phishing emails to ITS and let ITS know if you clicked on the link.

For more information, visit: https://www.fdic.gov/consumers/consumer/alerts/phishing.html

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.


Security Awareness Month: Strong Passwords Help Protect Your Privacy

By mark hine on September 28, 2015

 

  • Creating a strong password is an essential step toward achieving good data security
  • Strong passwords are created using numbers, letters and symbols
  • Don’t write your passwords down
  • Consider using long phrases with mixed case and numbers
  • Weak passwords contain common words and familiar sequences
  • Weak passwords are a common cause of security breaches

 

A strong password is the first line of defense against falling victim to cybercrime. A password will not protect you if it’s easy to find or guess.

 

What is a weak password?

A weak password is a common word or phrase, information that can easily be discovered about you (think Facebook), and popular phrases. Any of the following password examples can be cracked in minutes. Here are some examples:

 

summer15 Any word followed by a number
bonjour! A word in a dictionary in any language
password1234 Any use of “password”
Iloveyou An obvious phrase, with no alteration
MarySmith Any personal information, such as a child, parent, or pet name
Tulsa1995 Any birthday, anniversary date, or place of birth
GoRedSox Any sports team that would be obvious from social media

 

Creating a Strong Password

A few changes could make your passwords stronger. Below are some quick strategies for building stronger passwords:

  1. Lengthen your password – the closer you get to 15 characters the better
  2. Use all the character types (upper, lower, number, symbol) and don’t place them all at the end
  3. Make the password unique by adding in something unique for the website to the password
  4. Use phrases, not words

 

One way to achieve all of these, is to have a base passphrase such as : a_S1ice0fApplePi then add a unique ending to it: a_S1ice0fApplePi3

 


Security Awareness: Bon Voyage! IT Tips for Travel

By mark hine on May 22, 2015
  • Ensure that all of your devices have a passcode or password.
  • Don’t take sensitive data with you if you do not need it.
  • Enable location services and encryption on your device.
  • Keep your device with you.
  • Investigate and understand data rules outside the U.S.
  • Plan ahead on how you will connect to the Internet.

Prior to traveling domestically or abroad take a few minutes to review your security practices. A lost, stolen or compromised device not only disrupts your travels, but can quickly lead to a very challenging situation. Use the checklist below to protect yourself and your device:

Do all of the devices you are taking with you have a password or passcode on it? Do all of your devices have a timeout feature to auto lock?

  • Having passwords on your devices (laptops and smartphones) is a great way to start protecting yourself and Colgate’s data. This stops the initial attempt to pick up a device and start looking at your emails or any other data.

Can you access your data remotely?

  • Consider leaving behind unnecessary storage devices (e.g. thumb drives) and not storing data on your desktop.
  • Colgate offers centralized data storage that is backed up and can still be accessed on the road.
  • Google Drive has unlimited storage and is available everywhere.

Do you have a safe way to connect to the Internet when you travel?

  • Be careful of what you do on free public connections.
  • Use Colgate’s VPN connection.
  • Check out a portable hotspot device from the library.

Is your data backed up?

  • Use Colgate’s enterprise backup solution – CrashPlan. Should anything happen to your computer, your data can be restored to a loaner computer so that you can continue to work.

Is your device setup to encrypt your data?

  • With your data backed up we can encrypt your devices. Should your devices be lost or stolen we can be be sure that your data is protected and unusable.

Are location services turned on?

  • Depending on your device there are ways to help locate them and also remotely wipe them in case of a lost or stolen device.

Is your device small enough and light enough that you’re willing to keep it with you?

  • Unattended devices are at risk of being stolen.
  • Consider your choice of device bags to maximize keeping devices with you.
  • ITS has devices that can be borrowed that may suit your travel needs.

If you’re traveling abroad, do you understand the digital rules at your destination?

  • Prior to travel, quickly research what issues or laws may apply to your devices, including access to non-secure Wi-Fi, encryption rules, and requests from police to unlock a device. [link to the goods]

Please check with your support team on which solutions are best suited for your needs.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: If something doesn’t look right, it probably isn’t

By mark hine on May 22, 2015
  • Question changes in your browser or desktop that you did not initiate.
  • Look carefully before responding to unsolicited emails or links.
  • Files or emails that are accidently shared or sent in error should be reported to ITS.
  • Report lost or stolen devices to Campus Safety right away.
  • Big changes are announced; take note of things that are not announced.
  • ITS can help you determine if a change is legitimate – call us at x7111

A simple, but important, step you can take to protect your digital life and Colgate’s information is to maintain awareness. Observe your computing environment and note when things are out of place, unexpected, or new without cause.

Emails and websites purporting to be from reputable companies will seldom have poor grammar or spelling. Be wary of unsolicited contact by email or phone, especially when they request any confidential or sensitive information or use an unfamiliar process. These are signs of potential intrusion attempts.

Changes to device backgrounds, new icons that suddenly appear on your desktop, especially after installing “freeware” or other downloaded apps, and other changes to your computing environment may signal that someone, other than you, has access to your device. Free software and apps are more likely to contain malicious code and should be avoided.

Be vigilant when using devices and the network. Report odd or suspicious changes on your computer to ITS. We can help you determine whether your system has been compromised and offer help mitigating issues that are detected.

Report suspected unauthorized access to data, mass email mishaps and any unintended changes to data or systems to ITS. Additionally, please contact ITS if you see confidential or sensitive data in an open environment.

Report lost devices to Campus Safety by calling extension 7333 as soon as possible. Report other suspicious activity in your digital world to ITS by calling extension 7111.

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Think Carefully before Sharing – Only Share what’s Needed

By mark hine on May 22, 2015

Before sharing a file with confidential or sensitive data ask:

  • Does the person or people receiving this information, need all of the information I’m sharing or could I trim the volume of confidential data?
  • Do all the people I am sharing this with need the information?
  • Is there a more secure way to share the information?

Colgate generates and uses, through the course of business, a considerable volume of data that should be carefully guarded against loss and unauthorized access, including social security numbers, driver’s license numbers, bank accounts, and grades. In a University environment, collaboration is a natural and necessary behavior. Sharing files is one way we move data from those who have it to those who need it. Below are some practical strategies for reducing the likelihood of data loss:

Limit Data Shared
Providing extracts or portions of data that include only necessary information is strongly recommended. An example is a report that has student IDs redacted or social security numbers removed. If the information does not have a business purpose it should be removed prior to sharing. More importantly, for confidential and sensitive data, ask: should this individual have access to this information? Is it part of their job responsibilities? If they do not need it they shouldn’t see it. This protects the community and the individual.

Avoid Email as a Conduit
For most people, emailing attachments is a quick, easy and practical way to share information. Emailing confidential or sensitive attachments, however, is risky since the email can be accidentally forwarded or shared with the wrong person or people. To share this type of information use password protected attachments, shared google documents, or links to a database. Social Security numbers, credit card numbers, driver’s license numbers and passwords should never be included in an email.

Google Drive
Instead of storing documents on your desktop (another vulnerability), ITS recommends using University supported storage options like Google Drive. Google Drive offers a second layer of security (you have to login to it) and the ability to assign variable permissions (view only, comment and view, edit) to specific documents. Sharing features are built in. If you would like more training on Google Drive, ITS can provide additional training to you or your department.

Use the Colgate VPN when off campus
Using Colgate’s virtual private connection (VPN) is a secure way to access Colgate data and applications. This connection is encrypted and password protected. A VPN connection is a good way to view records and confidential data securely.

For more information, please visit:
http://www.colgate.edu/offices-and-services/information-technology/network-services/accounts

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.


Security Awareness: Know the Rules of the Road

By mark hine on May 22, 2015

 

It is important to review applicable information for your role at Colgate. Please review Colgate-wide and departmental policies regularly.

Policies are in place to protect Colgate community members and the University.These internal rules are often guided by state, federal and industry specific requirements that define acceptable use, conduct and data safeguards to meet our obligation to protect student and financial information.

Acceptable use
http://www.colgate.edu/offices-and-services/information-technology/privacy-and-security/acceptable-use-policy

Email stewardship
http://www.colgate.edu/offices-and-services/information-technology/privacy-and-security/stewardship-and-custodianship-of-email

Staff handbook
http://www.colgate.edu/docs/default-source/d_working-at-colgate_resources_staff-handbook/staff-handbook.pdf?sfvrsn=12

Faculty handbook
http://www.colgate.edu/offices-and-services/deanoffacultyoffice/currentfaculty/faculty-handbook

State and federal laws also specify how certain types of information are handled. While we can not detail all of the potential legislation here, a few important acts are listed below.

FERPA
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive federal funding, including financial aid. Learn more by visiting http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

DMCA
The DMCA criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. Learn more by visiting http://www.copyright.gov/legislation/dmca.pdf

TEACH Act
The TEACH Act more closely aligns copyright laws regarding distance learning with laws pertaining to face-to-face classroom interactions. There are important differences, however, regarding full-length audiovisual works, such as movies and documentaries. Learn more by visiting http://www.copyright.com/media/pdfs/CR-Teach-Act.pdf

Depending on your role at Colgate, other compliance and notification rules may apply to your work, including the following:

  • NYS Law 4254–A Information Security Breach and Notification Act
  • Higher Education Opportunity Act
  • Copyright Infringement Executive Order 13224
  • Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism
  • TEACH Act
  • Technology Education and Copyright Harmonization
  • USA PATRIOT ACT
  • ECPA
  • Electronic Communications Privacy Act
  • Family Educational Rights and Privacy Act of 1974 (FERPA)
  • Digital Millennium Copyright Act – Amendment to Section 512 Copyright Act of 1976
  • Gramm-Leach-Bliley Act
  • Payment Card Industry Data Security Standard (PCI DSS)

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.

 


Security Awareness: Don’t Take the Bait

By mark hine on May 22, 2015
  • Phishing is an illicit attempt to gain personal information which poses as a legitimate request.
  • Emails and websites can be made to appear legitimate but often contain clues to their true origin.
  • Never send confidential information (passwords, credit card info, social security numbers, etc.) via email.
  • Assess the reasoning for the information request. Consider a phone call to verify authenticity.
  • If you do accidentally respond to a phishing scam, contact ITS right away.

Phishing is a type of social engineering that lures individuals by making, what appears to be, legitimate requests for your personal data. Most often in the form of an email, criminals pose as trusted sources (like your employer) to trick you into providing a password or account number but instead use this information to cause harm. A second form of phishing takes the form of embedded links in an email which transport you to websites that install malicious code, such as malware, on your device.

According to experts, 156 million phishing emails are sent globally every day and 10% of those make it through filters. Shockingly, eight million messages are opened and 800,000 fraudulent links are clicked. Often, the emails are convincing. Other times, emails contain misspellings, poor grammar and odd formatting – clues that the request is not on the level.

Consider the information being asked and the source of the email. Links can be spoofed (made to appear like they come from a legitimate source). Logos and familiar icons can make an email or website appear to be genuine. Usually, subtle differences are visible that indicate this type of deception. It pays to be diligent and verify the authenticity of any request with a phone call.

Colgate University, and any legitimate commercial enterprise, will NEVER ask you for your password. Hover over links and check their true destination in the status bar (bottom of your web browser). Verify links on a web page in the same manner. Check the web address in the address bar. Pay close attention to the domain suffix (.com, .org, etc.) Does it originate unexpectedly from a foreign country ( .ru, .cn, .tw)? Many phishing scams originate abroad.

Consider what is being asked of you. Is it reasonable or something you requested? Be wary of offers that seem too good to be true – they usually are. Immediately delete suspect emails.

Report all phishing emails to ITS and let ITS know if you clicked on the link.
For more information, visit: https://www.fdic.gov/consumers/consumer/alerts/phishing.html

For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.

Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.

css.php