Safety for Mobile Devices

National Cyber Security Awareness Month continues, and this week we have some tips on mobile device safety.

Today, we are more dependent on our mobile devices than ever.  At Widener, we make every effort to keep using them easy (did you see our latest update about guest wireless?). But with that ease of use comes some risk.  Take a look at some ideas from the #CyberAware campaign:

  • Mobile Apps – Only download your apps from Google Play or the Apple Store. Apps from other sources are rarely checked for malware or bugs.
  • WiFi hotspots – Although handy, WiFi hotspots are not secure. Anyone connected to it can scan your outgoing data (hello, bank account app), or they can attack your device with no firewall between them and you.  Wait until you’re on your own network, use your cell data network, or check into using a Virtual Private Network (VPN), which is a way to communicate securely over a less-secure network.
  • Lock your device – It sounds basic to those of us that do it, but many people don’t have a passcode or fingerprint reader set up. Our devices are small and portable; they’re easy to misplace, lose, or get stolen.  And most of your apps are probably password-cached, because it’s easy. Nearly everyone does it.  Just make sure that you have your device locked down so that no one can get in if it ends up in someone else’s hands.

For more info, check out this tip sheet, Safety Tips for Mobile Devices. As always, please call the Helpdesk at x1047 for assistance with any IT issue.

Keeping Information Private

National Cyber Security Awareness Month continues, and this week we’re passing along info about keeping personal information private.

In 2016, over 15 million people fell victim to identity theft, with financial losses totaling over $16 billion.  Here at Widener we take information privacy seriously. We ask (and have approved policy) that users do not share Social Security numbers (SSN’s) via email.  Email services are insecure by default, and if your WUMail message is going to an outside address, it’s at risk.

Also remember that Credit Card numbers are Personally-Identifiable Information (PII). Industry rules guide our use of these, and misuse represents a great risk of loss to the cardholder.

Below is a list taken from our Information Security and Compliance Program that shows the actions we should take with PII.

 

Classification Level: Confidential

Examples: SSN, Passwords, Credit Card Numbers

In electronic form: Must be encrypted when on the network and in electronic or physical data storage. Data must be protected with strong passwords. Data cannot be copied onto portable media without managerial consent (including laptops).

In print form: Must not be posted on any website or sent through email. Trash documents must be shredded. Retained documents must be stored in locked cabinets.

Classification Level: Restricted

Examples: Personally identifiable (combination of name, address, date of birth) student records, student grades, infrastructure design

In electronic form: Data must be protected with strong passwords. Data cannot be copied onto portable media without executive consent (including laptops).

In print form: Retained documents must be stored in locked cabinets.

Classification Level: Public

Examples: Not confidential or sensitive. Information on University website.

In electronic form: May be posted externally with appropriate approval (department head). May be sent through email.

In print form: Trash documents do not require shredding.

 

If your department is required to provide PII to other organizations or agencies and you need assistance with securing private info, installing encryption software, or any other issue, please contact the Helpdesk at x1047.

October is Cyber Security Awareness Month

The National Cyber Security Alliance (NCSA) is running its 14th annual campaign to increase security awareness online.

At Widener, we value and protect your online security and privacy.  Each week in October, we’ll feature information to help you strengthen your online safety. 2017’s theme is “Our Shared Responsibility,” recognizing that we’re all in this together, and that we help each other when we’re safer online.

Kicking off with a focus on the campaign “STOP. THINK. CONNECT.™, below are some tips to keep in mind as you live your digital life.  Remember that if you ever have questions, or feel uneasy about an email or a link, call the Helpdesk at x1047, and we’ll walk you through.

BasicTipsAndAdviceSTC

For more information, you can also visit the National Cyber Security Alliance (NCSA).

Ransomware outbreak and opinion

Many news articles over the past weekend drew attention to ransomware known as “WannaCry” and the global impact it is having.

While the damage to some users is severe, the systems that it has affected are older and unpatched. Microsoft released a security update for this flaw in March 2017, and the systems here at Widener are set to automatically update.  As a result, we’ve received no reports of this malware impacting our systems.

Microsoft’s President and Chief Legal Officer wrote a blog post about the event and offers some wisdom around security and the responsibilities of organizations to prevent the proliferation of hacking tools.

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/

Please remember to regularly update your personal computers and handheld devices.  If you need assistance, please contact the ITS Helpdesk at 1047, or at helpdesk@widener.edu.