Archives For awareness

Data Privacy Day (DPD) is observed on January 28th. Data Privacy Day is focused on, well data privacy of course. Officially recognized in the United States and Canada since 2008 as Data Privacy Day, today commemorates the first international treaty dealing with data privacy and protection. As we were last year, we are proud to join the National Cyber Security Alliance as a Data Privacy Day Champion and will be participating in the various discussions taking place over the new few weeks.

Want to get involved with Data Privacy Day, check out how at StaySafeOnline.org at http://www.staysafeonline.org/data-privacy-day/get-involved/.

Also, join in on the weekly Twitter chat series (@DataPrivacyDay), each Wednesday at 3pm by following #ChatDPD. More information available at http://www.staysafeonline.org/data-privacy-day/events/.

In addition to Data Privacy Day, EDUCAUSE will be observing Data Privacy Month from January 28th through February 28th. Join us and be a Data Privacy Champion!

There are various ways to stay connected with us:

DPD-Champion

 

2014 NCSAM Recap

John Knights —  November 6, 2014

National Cyber Security Awareness Month (NCSAM) has come to a close. This year’s NCSAM was a success with over 100 “Champions” (including Wentworth) and 200 institutions participating. There were a lot of great topics covered throughout the month. The Twitter chats brought folks from all over private/public and higher ed to talk about subjects from online safety to recovering from cybercrime.

One of the regional events took place down in Rhode Island, hosted by the Community College of Rhode Island. Their “Security Awareness Day” event brought together folks from the cybersecurity field to share ideas and their top concerns. Topics ranged from technical concerns regarding the “Internet of Things” to more administrative topics regarding information risk management. Regardless of the topic, the message is clear, there is a lot to protect ourselves from and we need to make sure we are all doing what we can to follow cybersecurity best practices.

What are some of these best practices? Here are a few:

  1. Use two factor authentication whenever possible and/or available. Two-factor (also referred to as Two-Step authentication) means that to successfully authenticate into a service/site/application, you need something in addition to your traditional password. These can be anything from a fingerprint to a pin that is sent to you via text, the later being the most popular method for personal services, like Dropbox or Facebook. The good thing about 2-factor authentication is that if your password is ever compromised, the attackers would also need the other factor to successfully log into the service that your compromised password would access.
  2. Learn to recognize, avoid, and report phishing emails. Phishing emails are one of the least technically sophisticated methods to compromise accounts, yet one of the most effective. The attacker(s) will send out an email to an entire organization or segment of an organization and all it takes is one person with the right level of access to share their credentials and
  3. Use a different password for each site you sign in to. Phishing and other social engineering techniques work. What they often aim to grab are your credentials (usernames and passwords). Why? If they can get you to share your username and password, they can access your systems/accounts, and if you use the same credentials at work, they can potentially access sensitive databases and grab information on everyone at your workplace and/or customers. By using a different password for each site, you limit the scope of a potential compromise.
  4. Patch your applications, operating systems, and plug-ins. A lot of the malware our computers are compromised by can be due to just not staying current with updates and fixes that the vendors send out to address vulnerabilities in their applications. Malware can be introduced to your system through a variety of ways (email attachments, using a compromised USB drive, visiting websites with malicious content) and sometimes they can be installed without any user interaction. Staying current with your applications, mainly browsers and plugins, can greatly reduce your vulnerabilities that can be exploited.

Cybersecurity awareness doesn’t end because NCSAM is over. Stay connected with us by checking in on our Blog (which you’re reading now), by subscribing our Newsletter (subscribe here), and by following us on Twitter (@InfoSec_WIT). If you have any ideas to help make any of these resources better and/or have topics you would like us to cover, please email us at infosecurity@wit.edu.

ncsam

Celebrated every October, National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure everyone has the resources needed to stay safer and more secure online. As an official Champion, Wentworth Institute of Technology recognizes its commitment to cybersecurity and online safety.

Throughout the month, we will be sharing cybersecurity tips and best practices that you can use at home and at work. We encourage you to follow us by subscribing to our Information Security Newsletter, on Twitter @InfoSec_WIT, and visiting us on the web at http://www.wit.edu/dts/security.

For Wentworth faculty and staff, we are proud to announce the launch of our Information Security and Compliance Training program. For more information on this new service, visit us on the web at http://www.wit.edu/dts/security/training-awareness/training/index.html, where you can sign in through the link provided with your Wentworth credentials (username and password used for LConnect and email).

For more information on NCSAM, visit http://www.staysafeonline.org/ncsam.

Join us this month and be a Wentworth Cybersecurity Champion!

NCSAM-Champion Icon

It is the Information Security Office’s goal to keep the Institute’s data and information systems as secure and safe as possible when online. We want students, staff, faculty, and Wentworth guests to feel comfortable connecting to our networks. One way we are working to improve our network’s security is through the implementation of Network Access Control (NAC) devices to ensure only students, staff, faculty, and Wentworth guests are utilizing our network resources. This will optimize our network for the community and maintain a dynamic inventory of all devices connected at all times. The aim is to improve our visibility and monitoring capabilities to improve our network security initiatives, as well as satisfying State and Federal regulations requirements for us to do so.

The implementation should be rather transparent to individuals that connect to LeopardSecure, as the only change is the addition of the appliances which work in the background. The only anticipated and expected noticeable aspect of this implementation will involve the individuals connecting to LeopardGuest.

For individuals connecting to the LeopardGuest wireless network, which is made available to guests visiting the Wentworth campus, there will now be a Guest Registration Page. What that will look like and how it will work will be posted on the NAC project page.

The Guest Registration page will only ask for an individual’s name, email, and phone number. Once the registration is complete, all a user will be required to do is enter the numbers provided through a text message (SMS message) to complete the registration and validate their device for use on the network.

If you have any questions about this project, how we plan to roll it out, or just about NACs in general, please reach out to us via email at infosecurity@wit.edu.

Data Privacy Month Wrap-up

John Knights —  February 28, 2014

Throughout Data Privacy Month we have covered a few important areas to help you better protect your privacy and information online. As the month comes to a close, remember to implement the tips you’ve learned and guard your information year round. Protecting yourself from phishing and other types of social engineering relies only on your vigilance. Always be on the lookout for suspicious communication requesting information, especially when there are spelling errors, mysterious links, or when something just doesn’t look or sound right to you. Ensure that trusted websites are the official versions and not just impersonations before you submit personal information. If you are suspicious of a website, link, or any form of communication, you can report it to Information Security.  To better prepare you for phishing attacks check out our Phishing page and report any potential spam or phishing emails to SPAM@wit.edu.

If you still haven’t, check your privacy settings on social networks and ensure your personal data that you do not want made available to the public is hidden. You can prevent your pictures from being stolen and used for advertising without your permission and stop future employers from scrutinizing your profile during the hiring process. Secure your account and help prevent hacking by choosing a more complex password. Don’t be convinced by scams that seem too good to be true and remember that the best thing to do is not click if you aren’t confident about the link.  For more on staying safe on social networks check out the last Information Security blog.

If you are using a public Wi-Fi hotspots, make sure that your sharing settings are off to ensure that you are not broadcasting your computer to others on the same network. Remember, if you need to check your bank account on a mobile device, use a 3G or 4G connection whenever possible as it is more secure. If you are on a laptop, connect using a Virtual Private Network (VPN) service to create a secure connection, which will then secure your information. (For Wentworth employees that require VPN access to the campus network when working remotely, please email our Information Security Office to find out more.) Always be cautious when in a public space, even when connecting to “secured” or encrypted Wi-Fi hotspots as they may not employ the most up-to-date settings or security. At Wentworth, our LeopardSecure Wi-Fi network utilizes strong encryption, so you can be sure that your communications are secure.  To learn more about Public Wi-Fi read the Information Security blog about it.

If everyone does their part in protecting sensitive information and following safe practices when online, all benefit. Not only are you safeguarding your information when following these practices, you are also protecting your families, friends, and colleagues. For the latest news, advisories and alerts, follow Wentworth’s Information Security Office on Twitter at @InfoSec_WIT and on the web at www.wit.edu/dts/security.

The majority of Americans online have a social networking profile that they use frequently, but far too many of us keep our information open and unsecure. Often people will feel safer on social networking sites compared to email because of less spam or the presence of their friends. Out of the over 1 billion monthly active Facebook users, as many as 11%, or well over 100 million profiles, are fake accounts. Some pet owners create accounts for their pets, while others have innocent secondary accounts created by users who got their first profile hacked. However, there are disingenuous duplicate profiles, spamming profiles created by companies, or maybe worst yet, phishing accounts from hackers.

Duplicate accounts can be used by hackers to pose as a person or business to request personal information through misleading private messages, a form of phishing. The goal is to acquire enough publically available personal information that the criminals then try to use to request a temporary password or similar access to accounts of the targeted individual, and bypass the security measures. Think of the answers to “secret questions,” such as your pets names or your mother’s maiden name. Are these bits of personal information, often used for password reset applications, accessible through your social networking sites? Remember, it is not just protecting yourself from a person with malicious intent from viewing your site directly, but accessing the information from a compromised “friend” or “connection” account as well.

Checking your privacy settings on social networks is an easy step towards protecting yourself and keeping your data hidden. You can prevent your pictures from being stolen and used for advertising without your permission and stop future employers from using your profile against you during the hiring process. Always be careful with confusing or misspelled private messages, links leading away from the site you’re on, or pages that seem too good to be true. To learn more ways to spot a phishing email read our blog about it. The best thing to do is not click if you aren’t confident about the link. Send any suspicious links or messages to Information Security at abuse@wit.edu.

Finally, remember, what you put out on the internet stays on the internet, even if you delete it-so be cautious of what you share.