Computing Safety, Security,and Resources

Information Technology

95% of breaches began with a human failure… often well intentioned

Recent NY6 breaches of note:• Phishing email … nearly led to $400k loss• Cryptolocker• Scam office supply calls• Student changing grades on faculty computer

95% of breaches began with a human failure… often well intended

http://www.dhs.gov/photo/if-you-see-something-say-something

What is Phishing?

A. Sending an email from a “fake” email addressB. Trying to steal someone’s

username/password through emailC. Attending a concert by noted American rock

band Phish

What happens whenyour account is phished?

A. It can be used to send spamB. It can be used to access computing resources

using your identityC. It could be used to gain access to your other

online accounts if they use the same passwordD. It could be used to reset passwords on other

online accounts tied to your SLU email addressE. All of the above

Is this a legitimate email?

A. YesB. No

A. YesB. No

Is this a legitimate email?

A. YesB. No

A. YesB. No

Is it safe to view a phishing or other scam email?

A. YesB. No

Is it safe to click a link in an email?

A. YesB. No

Is it safe to open an attachment to an email?

A. YesB. No

Is it Secure? Look left of first slash

Links don’t always go where they say …

Why phishing, why steal an account?

• The going rate for stolen credentials:• $8 - iTunes accounts• $6 - Fedex.com, Continental.com and United.com

accounts• $5 - Groupon.com accounts• $4 - Godaddy.com, Att.com, Sprint.com,

Verizonwireless.com, and Tmobile.com.• $2.50 - Facebook and Twitter

Do you use your SLU password for other online accounts?

A. YesB. No

What are the risks of reusing passwords?

A. If phished, can use to access other accountsB. If you use email account to signup for another online

account using the same password, someone could use that information to gain access to your email account

C. If someone gains access to an email account, they could use that account to reset passwords on other accounts

D. All of the above

Managing Passwords

treat passwords like your toothbrush • Pick a good one• Don’t share it• Replace it often

http://www.deltadentaliablog.com/wp-content/uploads/2014/05/6.26-facts-for-toothbrush-day.jpg

Managing Passwords

… use a pack of passwords• One for SLU• One for financial sites• One for social media• Others as needed

Managing Passwords

… use a password management “system”• Use passphrases

• I <3 peanut butter sandwiches!is easier to remember than3dKe7d#

• Store in notebook (if you can keep it safe)• better than post-it-note• better than “passwords” file on desktop

• Vary standard password based on website/url• standard password: I <3 peanut butter sandwiches!• use at Citibank: I CT peanut butter sandwiches!• use at SLU: I <3 SLUnut butter sandwiches!

• Use a password management system

Must change SLU password every 365 days(do so on an anniversary, or set a reminder)

Must change SLU password every 365 days(how to check your expiration date)

Phishing & Other Scams (malware, viruses)

are not limited to email

• Telephone• Texts• Ads• Websites

Security and Mobile Devices

Acceptable Use Policy (AUP)

http://www.stlawu.edu/it/acceptable-use-policy-aup

• Have you read it?• Have you accepted it?• Do you know what it says?• Do your employees know what it says?

AUP: Executive Summary• Our computer network exists to support the academic mission of

the university. It’s use is a privilege requiring responsible use• Use that disrupts the academic mission is prohibited

• It is the user’s responsibility to prevent unauthorized use of account/resources

• IT will make every reasonable effort to respect user’s privacy. However, users should not have an expectation of privacy in communications transmitted or stored on university resources

• In accordance with law or university policy, the president or vice president of the university can request access by authorized agent to review or monitor files associated with a user account

AUP: Executive Summary• Users are responsible to keep the operating systems and

virus protection on their personal devices connected to the university network up to date. These devices should also be protected by a strong password

• IT is happy to work with users to help them comply with the AUP

Other ResponsibilitiesUniversity laptop: not for personal/family use• avoids grape juice spill issues, etc• avoids problems due to personal app installations

Other ResponsibilitiesSLUbay: • Managers/Supervisors must set policy for employee use• Use of University Resources• one-time sales • must be associated with not-for-profit entity• no listing of illegal/prohibited items

slubay

Other ResponsibilitiesLock workstation, etc, when away

Mac:• enable “require password

after screensaver”• Set Hot Corner to initiate

screensaver

Other ResponsibilitiesSocial Media: • Personal use: should not conflict with work• Work use: should balance with other responsibilities• Careful what you share … phishers can use to create

irresistible emails

What is encryption?

• Scrambles information

• Can only be de-scrambled by recipient

• It is different from authentication

The information on the hard drive of my work computer is encrypted.

A. True

B. False

C. Maybe

Email is a secure way to share information.

A. True

B. False

slu-wifi (wireless) is secure

A. True

B. False

primary take aways …

• Information Security is everyone’s responsibility…which means YOU

• If you SEE something, SAY something• If it smells remotely phishy, act as if it is phishy• PAUSE before following links, opening attachments, supplying

username/password, etc• MANAGE your passwords and other personal info• Be careful when sharing personal information

How To Contact IT

A. Stop by HelpDesk at Madill HallB. Stop by HelpDesk at ODY LibraryC. Call 315.229.5770D. Email helpdesk@stlawu.eduE. Enter a Service Request at IT Website

What are we missing?What else would you like to know about?

http://realizedworth.com/wp-content/uploads/2013/01/question-mark.jpg