Security Digest Vol. VI (Fall 2017)
Letter from Director of Information Security to Campus
As October comes to a close, we can reflect on the 2017 National Cyber Security Awareness Month's (NCSAM) activities. During NCSAM, CTS campaigned using social media, events, and activities to promote cyber security awareness in our community. These activities included information on identifying phishing emails, protecting yourself from identity theft, owning your online presence, and keeping a clean machine. We also hosted an event open to all Duquesne University community members and local community members on the theme "Workplace Security is Everyone's business," which highlighted the challenges we face in this interconnected world. To see cyber security tips and news, please visit our CTS Twitter account @DuqCTS or the CTS website at http://duq.edu/cts , where you can get up-to-date news and tweets about cyber security events and activities.
Duquesne University's commitment as 2-time National Cyber Security Awareness Month Champion (NCSAM) is to promote and educate our community on ways to defend against cyber criminals.
While CTS has invested in our cyber security infrastructure, personnel, and skills to protect our campus community - it is not enough. We need you to remain vigilant in the fight to protect our community as well. Criminals will continue to become more sophisticated and persistent in their attacks. Please report any suspicious activity, emails, websites, or potential loss of sensitive data or equipment to CTS at email@example.com and 412.396.4357. With your help we can continue the fight against cyber criminals and protect our colleagues and friends as well.
-Tom Dugas, Director of Information Security and New Initiatives
Cyber Security News
Windows Defender to be installed on all Duquesne-owned Windows Machines
Computing and Technology Services (CTS) will be rolling out Microsoft's Windows Defender antivirus software to all Duquesne-owned machines. Windows Defender should provide a robust set of tools that will ensure that Duquesne's information and assets are kept secure. CTS pushed out Windows Defender as a silent installation so that users would experience no interruption in service.
CTS's goal is to have Windows Defender on all Duquesne-owned computers by November 22nd. If you notice that Windows Defender is still not present on your computer after this date, please inform the CTS Help Desk.
New Email Protection Tool Provides Defense Against Cyber-Criminals
On August 8th, Computing and Technology Services added an additional layer of Email Security on top of our existing infrastructure. Over the past few months, this additional level of security has blocked thousands of malicious cyberattacks from entering Duquesne's technology environment. See the infographic for more details.
Although these tools do help defend members of Duquesne University from cyber-threats, it is important to remember that you are the best defense against cyber-criminals. Always remain vigilant of phishing emails and remember to follow the safe-computing best practices posted on our Safe Computing page: http://duq.edu/about/campus/computing-and-technology/safe-computing
Duquesne's 2nd Annual Cyber Security Event Draws a Crowd
On Thursday, October 12th, Computing and Technology Services (CTS) held their 2nd Annual Cyber Security Event in honor of Cyber Security Month.
Approximately 75 people packed the Union's Africa Room for a catered lunch and cyber-security seminar titled: "Data Security in the Workplace is Everyone's Business". Industry expert Mike Gotham presented on wide-ranging topics relevant to data privacy and safe-computing including: incident response, targeted attacks vs. opportunistic attacks, and what not to do during a cyber-attack.
Keep an eye out for more information regarding Cyber Security events hosted by CTS in the future!
Visitors from Other Universities: Connect to Eduroam!
Are you hosting guests from another university here at Duquesne? Since it is never a good idea to share your MultiPass credentials with anyone (and against University Policy), recommend to your guest that they login to Eduroam by using their own university credentials.
Eduroam is a wireless network access service for research and education that allows students, researchers, staff, and faculty from participating institutions to gain wireless access at other participating universities across the world. For example, if a student at University of Pittsburgh is visiting Duquesne, they can use their Pitt login credentials to gain wireless access on Eduroam.
Visit our Eduroam page to learn more about it: http://duq.edu/about/campus/computing-and-technology/network/eduroam
Please Note: Those connecting to Eduroam are held to the same network guidelines and policies as those connecting to DuqNet. This includes the Wireless Airspace Policy and the general Network service requirements, viewable on CTS's website, here: www.duq.edu/cts/policies
Stay #CyberAware While on the Go: Safety Tips for Mobile Devices
- Article originally posted at http://www.stopthinkconnect.org
Your mobile devices - including smartphones, laptops and tablets - are always within reach everywhere you go, whether for work, travel or entertainment. These devices make it easy to connect to the world around you, but they can also pack a lot of info about you and your friends and family, like your contacts, photos, videos, location and health and financial data. It's important to use your mobile devices safely. The first step is to STOP. THINK. CONNECT. STOP: make sure security measures are in place. THINK: about the consequences of your actions and behaviors online. CONNECT: and enjoy your devices with more peace of mind.
Keep a Clean Machine
- Keep your mobile phone and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware or other online threats.
- Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It's a good security practice to delete apps you no longer use.
Personal Information is Like Money. Value it. Protect it.
- Secure your devices: Use strong passwords, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
- Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value - just like money. Be thoughtful about who gets that information and how it's collected through apps.
- Now you see me, now you don't: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are in range. Disable WiFi and Bluetooth when not in use.
- Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal mobile hotspot if you need a more secure connection on the go.
Operating Systems Support and Security Patching
With the advent of Apple's High Sierra (10.13) operating system, and with the release of Microsoft's Creator's Update (version 1709) right around the corner, CTS wanted to remind users that it is often a good idea to proceed with caution when updating their operating systems.
Windows and Apple typically provide support and security patches for the past two revisions prior to the most recently release Operating System. In the case of MacOS, High Sierra, Sierra, Yosemite, and El Capitan operating systems are still supported. In the case of Windows 10, Version1607, 1703, and 1709 are supported. In addition, Windows 7 and Windows 8.1 are also supported.
Windows and Apple Operating Systems that receive Security Patches
|Windows OS||Apple OS|
|Windows 10 (Version 1709)||High Sierra (most recent)|
|Windows 10 (Version 1703)||Sierra|
|Windows 10 (Version 1607)||Yosemite|
|Windows 7, 8, 8.1||El Capitan|
It is always best practice to use Operating Systems that are actively patched with security updates. If your hardware does not allow you to upgrade your operating system to be within the support window, CTS recommends purchasing a machine that does so that you can protect your data from becoming compromised.
Finally, CTS will always work with departments on campus to identify machines that fall outside of this support window and offer solutions to get edge devices within the support window for security patches.