Meltdown and Spectre

The computing industry has just publicly announced two major vulnerabilities affecting virtually every computer.

The vulnerabilities are being called Meltdown and Spectre, and they are very significant issues. They will require immediate and ongoing attention to secure your computing environment. While Widener ITS is working hard to address the issues with University equipment, everyone that has a personal computer, tablet, or smartphone needs to check with their manufacturer/carrier to find out what updates are available.

For your computer, you’ll first need to update your OS, likely either Windows or Apple (but other OS’s are vulnerable, too). Follow your standard method of patching (Windows Update or Apple AppStore Updates). NOTE FOR MAC USERS: we’re still asking you to avoid updating to High Sierra (version 10.13), so please look for the “Update All” button.

For your IOS device (iPad, iPod Touch, iPhone) you’ll go into Settings > General > Software Update. The AppStore will likely alert you, too.

For Android, this can vary, but should be found in Settings > System Updates. Android is usually good about putting updates in front of users quickly.

Browsers – every major browser (Chrome, Firefox, IE, Safari, and others) is being updated. The quickest way to update is usually through the Help > About section of your browser found using the control icon in the upper right corner.

 

This is a confusing issue, and that’s because it’s a big issue. Also, please be aware that scams around this will be out there soon. If you have any questions, please contact us at the Helpdesk at x1047 or at Helpdesk@widener.edu.

Happy (and Safe!) Holidays

With the holidays upon us, and the new year coming up, it’s a good time to remember that cybercriminals use the rush of the season to target unsuspecting users.

In addition to “urgent” messages to reset your password (reminder: even if you miss the reset date, we’re not deleting your account), it’s important to be ready for themed phishing emails such as Post Office/UPS/FedEx shipping notices.  It’s tempting to check “just in case,” but unless the email has your specific tracking number on it, it’s likely a scam.

Be careful if you get an email that looks like it’s from your bank saying that your card has gone over your limit – the bad guys often take the graphics straight from banking portals to trick people into entering their login data. Check your balance from your app, or give the support number on your card a call.

Remember that Wi-Fi hotspots aren’t secure – while you’re checking your bank balance, someone might be trying to intercept your ID and password.  Head out into the malls with the numbers beforehand, or just use your data connection.  At a busy Starbucks, your own service will probably be faster anyway.

Happy holidays everyone, and be safe out there.

 

Safety for Mobile Devices

National Cyber Security Awareness Month continues, and this week we have some tips on mobile device safety.

Today, we are more dependent on our mobile devices than ever.  At Widener, we make every effort to keep using them easy (did you see our latest update about guest wireless?). But with that ease of use comes some risk.  Take a look at some ideas from the #CyberAware campaign:

  • Mobile Apps – Only download your apps from Google Play or the Apple Store. Apps from other sources are rarely checked for malware or bugs.
  • WiFi hotspots – Although handy, WiFi hotspots are not secure. Anyone connected to it can scan your outgoing data (hello, bank account app), or they can attack your device with no firewall between them and you.  Wait until you’re on your own network, use your cell data network, or check into using a Virtual Private Network (VPN), which is a way to communicate securely over a less-secure network.
  • Lock your device – It sounds basic to those of us that do it, but many people don’t have a passcode or fingerprint reader set up. Our devices are small and portable; they’re easy to misplace, lose, or get stolen.  And most of your apps are probably password-cached, because it’s easy. Nearly everyone does it.  Just make sure that you have your device locked down so that no one can get in if it ends up in someone else’s hands.

For more info, check out this tip sheet, Safety Tips for Mobile Devices. As always, please call the Helpdesk at x1047 for assistance with any IT issue.

Keeping Information Private

National Cyber Security Awareness Month continues, and this week we’re passing along info about keeping personal information private.

In 2016, over 15 million people fell victim to identity theft, with financial losses totaling over $16 billion.  Here at Widener we take information privacy seriously. We ask (and have approved policy) that users do not share Social Security numbers (SSN’s) via email.  Email services are insecure by default, and if your WUMail message is going to an outside address, it’s at risk.

Also remember that Credit Card numbers are Personally-Identifiable Information (PII). Industry rules guide our use of these, and misuse represents a great risk of loss to the cardholder.

Below is a list taken from our Information Security and Compliance Program that shows the actions we should take with PII.

 

Classification Level: Confidential

Examples: SSN, Passwords, Credit Card Numbers

In electronic form: Must be encrypted when on the network and in electronic or physical data storage. Data must be protected with strong passwords. Data cannot be copied onto portable media without managerial consent (including laptops).

In print form: Must not be posted on any website or sent through email. Trash documents must be shredded. Retained documents must be stored in locked cabinets.

Classification Level: Restricted

Examples: Personally identifiable (combination of name, address, date of birth) student records, student grades, infrastructure design

In electronic form: Data must be protected with strong passwords. Data cannot be copied onto portable media without executive consent (including laptops).

In print form: Retained documents must be stored in locked cabinets.

Classification Level: Public

Examples: Not confidential or sensitive. Information on University website.

In electronic form: May be posted externally with appropriate approval (department head). May be sent through email.

In print form: Trash documents do not require shredding.

 

If your department is required to provide PII to other organizations or agencies and you need assistance with securing private info, installing encryption software, or any other issue, please contact the Helpdesk at x1047.

October is Cyber Security Awareness Month

The National Cyber Security Alliance (NCSA) is running its 14th annual campaign to increase security awareness online.

At Widener, we value and protect your online security and privacy.  Each week in October, we’ll feature information to help you strengthen your online safety. 2017’s theme is “Our Shared Responsibility,” recognizing that we’re all in this together, and that we help each other when we’re safer online.

Kicking off with a focus on the campaign “STOP. THINK. CONNECT.™, below are some tips to keep in mind as you live your digital life.  Remember that if you ever have questions, or feel uneasy about an email or a link, call the Helpdesk at x1047, and we’ll walk you through.

BasicTipsAndAdviceSTC

For more information, you can also visit the National Cyber Security Alliance (NCSA).

Ransomware outbreak and opinion

Many news articles over the past weekend drew attention to ransomware known as “WannaCry” and the global impact it is having.

While the damage to some users is severe, the systems that it has affected are older and unpatched. Microsoft released a security update for this flaw in March 2017, and the systems here at Widener are set to automatically update.  As a result, we’ve received no reports of this malware impacting our systems.

Microsoft’s President and Chief Legal Officer wrote a blog post about the event and offers some wisdom around security and the responsibilities of organizations to prevent the proliferation of hacking tools.

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/

Please remember to regularly update your personal computers and handheld devices.  If you need assistance, please contact the ITS Helpdesk at 1047, or at helpdesk@widener.edu.