Cybersecurity Month wraps up

Protect IT! Final tips for keeping your data safe

It’s essential to take proactive measures to enhance cybersecurity at home, on campus, at work, and when you’re out and about. In previous weeks, we addressed how to best own and secure your personal information. Now, we need to safeguard all of that invaluable data.

If You Connect, You Must Protect

Turn on automatic updates, if you can, and protect your devices with antivirus software.

Stay Protected While Connected

Before you connect to any public wireless hotspot – like at an airport, hotel, coffee shop or café – confirm the name of the network and exact login procedures with appropriate staff. Avoid sensitive activities (e.g., banking) that require passwords or credit cards.  If you just can’t avoid it, try to use a VPN (Virtual Private Network) connection, whether it’s provided by your employer or one you pay monthly for yourself.

If You Collect It, Protect It

If you’re involved in collecting data for or about people, it’s important that you treat it with care. It is vital that organizations of all sizes take measures to keep customer/consumer data and information safe.

 

Thanks for reading!  As always, if you ever have a question about any computer or device, please call the Helpdesk at x1047, or email at helpdesk@widener.edu.  If you get a phishing or questionable email, please forward it to phish@widener.edu.
 


 
Study the NCSAM Guide for additional info on this and more cybersecurity concepts.

PHISHING : Cybersecurity Awareness

PHISHING

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, ecommerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts

HOW CRIMINALS LURE YOU IN

Creating a strong password is easier than you think. Follow these simple tips to shake up your password protocol:

SIMPLE TIPS:

Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.

• Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.

• Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.

• Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.

• Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more information.

• Shake up your password protocol. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read the Creating a Password Tip Sheet for more information.

• Install and update anti-virus software. Make sure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.
 

For more information on ways you can safeguard your information, visit the National Security Agency’s Cybersecurity
Information page.

Creating a Password : Cybersecurity Awareness Month

CREATING A PASSWORD

Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No citizen is immune to cyber risk, but #BeCyberSmart and you can minimize your chances of an incident.

SIMPLE TIPS:

Creating a strong password is easier than you think. Follow these simple tips to shake up your password protocol:

• Use a long passphrase. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.

• Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.

• Avoid using common words in your passwords. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”

• Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”

• Keep your passwords on the down-low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.

• Unique account, unique password. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up—find easy-to remember ways to customize your standard password for different sites.

• Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more information.

• Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers
to security questions, and more.

Cybersecurity While Traveling : Cybersecurity Month

CYBERSECURITY
WHILE TRAVELING

In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you’re traveling— whether domestic or international—it is always important to practice safe online behavior and take proactive steps to secure Internet-enabled devices. The more we travel, the more we are at risk for cyberattacks. #BeCyberSmart and use these tips to connect with confidence while on the go.

Simple Tips: (Before You Go)

  • If You Connect IT, Protect IT. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software. Read the Phishing Tip Sheet for more information.
  • Back up your information. Back up your contacts, financial data, photos, videos, and other mobile device data to another device or cloud service in case your device is compromised and you have to reset it to factory settings.
  • Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust.
  • Keep up to date. Keep your software updated to the latest version available. Maintain your security settings to keeping your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more information.

Simple Tips: (During Your Trip)

  • Stop auto connecting. Some devices will automatically seek and connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cyber criminals to remotely access your devices. Disable these features so that you actively choose when to connect to a safe network.
  • Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking

Study the NCSAM Guide for additional info on this and more cybersecurity concepts.

 

Cyber Secure At Work : Cybersecurity Month

5 WAYS TO BE CYBER SECURE AT WORK

Businesses face significant financial loss when a cyber attack occurs. In 2019, the U.S. business sector had 17% increase in data breaches: 1,473 breaches. § Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity at your organization.

Simple Tips:

      • 1) Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.

     

      • 2) Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches. For more information about smart technology see the Internet of Things Tip Card. Read the Internet of Things Tip Sheet for more information.

     

      • 3) Be up to date. Keep your software updated to the latest version available. Maintain your security settings to keeping your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.

     

      • 4) Social media is part of the fraud toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms. Read the Social Media Cybersecurity Tip Sheet for more information.

     

    • 5) It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages immediately. For more information about email and phishing scams see the Phishing Tip Sheet.

Study the NCSAM Guide for additional info on this and more cybersecurity concepts.

 

ref. § Identity Theft Resource Center, “2019 End-of the Year Data Breach Report”, 2019

National Cybersecurity Awareness Month Begins

Every year, the National Cyber Security Alliance designates this month of October to remind us: STOP. THINK. CONNECT.

The “bad guys” are always changing their tactics, and trying every way they can – phishing emails, ads on websites, even texts on our smartphones – to trick us.  Keeping up a layered defense is our best approach. There are three main messages :

Own IT.

  • Never Click and Tell: staying safe on social media
  • Update Privacy Settings on your phone and on social
  • Keep Tabs on Your Apps: best practices for apps on your devices

Secure IT.

  • Shake Up Your Passphrase Protocol: create strong, unique passphrases
  • Double Your Login Protection: turn on multi-factor authentication
  • Shop Safe Online: making sure your purchases are secure
  • Play Hard To Get With Strangers: how to spot and avoid phish

Protect IT.

  • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
  • Stay Protected While Connected: Wi-Fi safety
  • If You Collect It, Protect It: keeping personal information safe

 

In the upcoming weeks, stay on the lookout here and in the myWidener Portal where we will periodically post throughout the month and explore these concepts.  If you ever have a question about an email, please forward it to phish@widener.edu. You can also call the Helpdesk at x1047, or email at helpdesk@widener.edu.

Happy October, and safe computing!

 

Apple iOS14 Release Information

Apple released the iOS14 update, with many new features for iOS devices (iPhone, iPad, iWatch). There has been a lot of confusion about one of the features as they haven’t advertised it well. A new default feature in iOS14 uses a private address when you join a Wi-Fi network. You would have a different private address for each Wi-Fi network that you would connect to. This is an important safety feature especially on public Wi-Fi networks.

We were under the impression that this private address would change every 24 hours, ultimately causing you to have to re-register on Widener’s network . After a full week of testing and working with technical support, we were able to determine that this feature will function on Widener’s Campus Wi-Fi.

The only change with this feature being ENABLED would be that you now have to register your device on each network. This would mostly affect the student population who travel from the residence halls (“wu-secure-resnet”) to the academic buildings (“wu-secure”).

You have the ability to disable this feature. Follow the directions below:

Turn private address off or on for a network

You can stop or resume using a private address with any network. For better privacy, leave the setting on for all networks that support it.

iPhone, iPad, or iPod touch

  1. Open the Settings app, then tap Wi-Fi.
  2. Tap the information button next to a network.
  3. Tap Private Address. If your device joined the network without using a private address, a privacy warning explains why.
    1. Uncheck the Private Address.

Apple Watch

  1. Open the Settings app, then tap Wi-Fi.
  2. Tap the name of the network you joined. If you haven’t joined the network yet, swipe left on its name and tap more .
  3. Tap Private Address.
    1. Uncheck the Private Address.

 

Main Campus Residence Hall “Xfinity on Campus”

Due to a major shift to streaming technologies, as of July 1st, ITS will be taking on the responsibilities to provide cable TV to the Main Campus Residence Halls. Our Operations Department has done an outstanding job in the past, dealing with the logistical nightmare of handling over 1000 coax cables, remote controls, and set top boxes. We are excited to announce a new service that eliminates all of that!

XFINITY ON CAMPUS™

LIVE AND ON-DEMAND STREAMING TV AND DVR POWERED BY COMCAST

XFINITY On Campus™ is a service from Comcast enabling students to watch and record live television or to watch on-demand content directly in a web browser or mobile device with the Xfinity Stream app. The service is provided free as part of Widener University Main Campus Residence Life. For Television Sets, students must purchase a Roku player, from an authorized dealer, listed in details below.

Roku devices must connect to the wu-open-game-stream WiFi network! All other devices can access this service on the wu-secure and wu-secure-resnet WiFi networks.

KEY FEATURES

  • Watch over one hundred HD television channels with searchable program guide.
  • Twenty hours of Comcast DVR. Schedule recording of up to two programs simultaneously and then play them back at any time. Recorded shows can optionally be downloaded to watch off-campus or entirely off-line.
  • Watch thousands of XFINITY On-Demand programs at any time.
  • Optional premium upgrades to add channels, premium networks (including HBO, NFL RedZone and more), sports packages, and international programming.
  • TV Go / TV Everywhere supported for viewing when on-line but NOT on the campus network.
  • Direct access to Comcast to report problems and get help via the Comcast XFINTY on Campus™ portal.

ELIGIBILITY

XFINITY On Campus™ is available to officially enrolled Widener University Main Campus Housing residents only. There are no fees or complicated registration steps required to use the service. Your computer or mobile device must be connected to the Widener Main Campus network to use most features.

Minimum Requirements

  • Exclusively for residents of Widener University Main Campus Housing.
  • Widener user ID and password
  • Active connection on the campus network (wired or wireless)
  • Current versions of Windows and Mac OS X Operating System
  • Current versions of Apple iOS and Android devices
  • Current versions of select Kindle Fire devices
  • Roku Player (or Roku enabled smart TV) to watch on a television set

For more information visit MyWidener and search for Cable TV.

Comcast also provides more information at https://support.xfinityoncampus.com/hc/en-us.

If you are having problems, please contact the ITS Help Desk at (610)499-1047 or submit a quick ticket

 

WiFi Security Upgrade

Widener University is implementing a new authentication method and encryption for wireless devices. This security enhancement will help validate and ensure authorized access to our Widener University network while keeping your data safe.

The new authentication method will be rolled out on Wednesday June 10th. The NEW WIRELESS NETWORK NAMES (SSID) will appear for use across all 3 campuses. Here is a quick overview on the networks that you will see in certain areas of campus:

The “wu-secure” network is a secure encrypted network providing access to campus resources for all users with valid Widener IDs and passwords. Only encryption-capable devices will work on the wu-secure network. Use this network for all official University business when you are on campus. Windows 10, Mac OS 10.4+, and recent versions of Linux/Unix should all work on this network. Most mobile devices with Wi-Fi will also work. This network will be in all academic, administrative, and non-residential social areas on each campus.

The “wu-secure-resnet” network is a secure encrypted network providing internet access in our resident hall buildings. This network is only for encryption-capable devices. Windows Vista and later, Mac OS 10.4+, and recent versions of Linux/Unix should all work on this network. Most mobile devices with Wi-Fi will also work. This network will be in all Residential Halls on the Chester Main Campus and Delaware Campus.

Not all devices support the encryption software. Because of this, we have created a separate network for these devices called “wu-open-game-stream” wireless network. This will be used for the registration of gaming systems, TVs, and streaming devices (Roku, Firesticks, etc). Some older machines that do not support encryption will also be redirected to this network.

After the update, you will be prompted to enter your Widener LoginID and password to gain access to the university wireless network. When prompted, accept the certificate. Be sure you accept the certificate. If you do not accept the certificate you will not be able to log into the wu-secure or wu-secure-resnet network.

Since these new secure networks are authenticated with your login credentials, you will need to reenter your loginID and password when prompted after changing your password through Password Self Service. If you are not prompted to reenter your login information, you will need to “Forget the Network” and then Reconnect to get the prompt to appear.

For further instructions and FAQs, please utilize https://my.widener.edu and search wireless for further instructions on how access the network for your specific devices for access.

If you experience any issues connecting to the secure network; or just have questions or concerns, please contact the Widener University IT HelpDesk at 610-499-1047 or submit a ticket at http://quickticket.widener.edu.

 

PHISHING Awareness: [EXTERNAL:] Email Subject Tagging

Phishing is among the top security concerns for Information Technology. Personal identifiable information, the primary target of phishing attempts, falling into the wrong hands can cause both financial and reputation damage to our university, students and its employees. Phishing attacks are often launched by including malicious attachments or links in email. When recipients open these malicious attachments or click on the links, it can spark an attack. Most email scams begin with messages from an external email system.

As part of Widener University’s effort to reduce phishing and other email scams and spoofing, these external email messages will now receive an [External:] tag in the message subject. [External:] email tagging makes it as easy as possible for you to recognize phishing attempts wherever you can.

Avoid being scammed

The best defense to avoid being scammed is to be suspicious of any message asking for sensitive information. If the message seems off, it probably is. Trust your instincts. Phishing attempts can be clever, but they’re easy to avoid if you know the signs.

What is [External:] tagging and how does it work?

Most email scams begin with messages from a non-Widener (external) email system. When tagging is enabled these external email messages will now receive an [EXTERNAL:] tag in the message subject. Many safe and legitimate email messages come from external email systems. The [EXTERNAL:] tag does not mean the message is a scam or malicious, only that recipients should take caution and read carefully. All email originating from outside the university, except for approved services, will be tagged with this [EXTERNAL:] message. See sample below:

What should I do when I see an [External:] email?

Its important to note that an email message with this warning does not necessarily mean the email is malicious, only that the recipient should take caution before clicking any links or attachments included within the email. The [EXTERNAL:] tag means you need to stop and think about this email:

  • Is it from a sender you know?
  • Were you expecting the email?
  • Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
  • If there is a link in the message, Don’t click it! Instead, hover over the link to verify it is legitimate, or manually enter the known good URL into your browser.
  • Does the message make sense?
  • If you are concerned and unsure, send the message to Phish@widener.edu

Note: A legitimate message would not ask you to provide your credentials to maintain your account access.