Skip to main content

Cybersecurity

OIT’s Cybersecurity department coordinates University information security initiatives, creates awareness for information security issues, and investigates information security incidents.

Own Your Role In Cybersecurity: The Basics

The wording Back To School on a computer screen.

With the start of Fall semester right around the corner, it’s a good time to brush up on your cyber hygiene.

Every individual should own their role in protecting their information and securing their systems and devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional.

Below, NCSA highlights eight tips you can put into action now:

  1. MAKE A LONG, UNIQUE PASSPHRASE
    Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
  2. PASSPHRASES AREN’T ENOUGH
    Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your
    mobile device) whenever offered.
  3. WHEN IN DOUBT, THROW IT OUT
    Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive
    information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
  4. KEEP A CLEAN MACHINE
    Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
  5. BACK IT UP
    Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-
    1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
  6. OWN YOUR ONLINE PRESENCE
    Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
  7. SHARE WITH CARE
    Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
  8. GET SAVVY ABOUT WIFI HOTSPOTS
    Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

Use Boise State's Virtual Private Network (VPN) While Working Remote

NCSAM People and Security Shield image

The Office of Information Technology (OIT) reminds all faculty and staff to use the university’s virtual private network (VPN) service when working remote.

The remote access policy (policy 8130) details the requirements for remote access to Boise State computing resources and serves to minimize potential exposure to Boise State from damages caused by unauthorized use, including loss of protected data, intellectual property and harm to critical university systems.

All faculty and staff (including active student employees) have access to the Boise State VPN service. Information about installing and using VPN is available on OIT’s website.

For questions or additional information about Boise State’s VPN service, contact the Help Desk at (208) 426-4357 or helpdesk@boisestate.edu.

Working Securely While Working Remote

Organizations across the globe are requiring their teams to work remotely to help protect against growing health concerns related to the COVID-19 virus. Now more than ever employees working remotely must keep their cyber-hygiene top of mind to help thwart cybercriminals who are looking to take advantage of this global crisis.

Below are some recommendations from Staysafeonline.org to telework securely. These tips have been adjusted slightly to fit Boise State.

  • Think Before You Click (when in doubt, throw it out). Be cautious of links and attachments within emails.
  • Lock Down Your Login (Ctrl+Alt+Delete before you leave your seat).
  • Connect to Boise State’s secure Virtual Private Network (VPN).
  • Secure your wireless home network.
  • Keep devices with you at all times or stored in a secure location.
  • Limit access to the devices you use for work.
  • Preference to use Boise State owned and managed devices over personal devices.
  • Keep your device’s operating system and antivirus up-to-date.

Another good resource is to review the OIT webpage for working remotely.

Need Assistance?
For more information, contact the Help Desk at (208) 426-4357 or email helpdesk@boisestate.edu.

“Are you available ?” – Phishing Scam

iTunes gift card

This phishing scam is trying to get clicks in University emails. Some users have reported they received an email (which looks like it’s coming from a supervisor) that is trying to solicit a conversation/reply email.

Here is a sample of the message:

From: *REDACTED*
Subject: ARE YOU AVAILABLE
Date: February 1, 2020 at 9:37:12 AM MST
To: [Your email]

Are you available?

___________________________________________________________________________________

While this email is simple and doesn’t have any malicious attachments it is using social engineering to get a response email from an unsuspecting user, but the sender isn’t the correct email and most do not come from a boisestate.edu domain.

Once this type of scam has been interacted with, the scammer usually makes up an excuse about being in a meeting and wants the recipient to do an important favor as soon as possible. The favor the scammer wants is for the recipient to purchase iTunes gift cards, scratch off the pin numbers and send them back a picture of the cards and pin.

Tips to avoid becoming the victim of a scam

Always check the address of who the email is coming from. Many times scammers will use a similar name or try and add Boise State in the address to trick users. One important part is to look for what comes after the “@” symbol – this is the domain part. Domains listed with @yahoo.com, @aol.com, @gmail.com, @hotmail.com are not university emails and users should exercise cautions before responding to these emails.

If using a mobile device sometimes the full email address does not show automatically. You can check the address by clicking on the view details. This is usually located at the top of the email with the sender, recipient, and date information. All mobile devices and mail apps differ so it’s best to confirm with your manufacturer and/or application on the best way to view details.

If you are unsure about an email contact the Help Desk at (208) 426-4357, email at helpdesk@boisestate.edu, or chat online.

Back To Top