OIT’s Cybersecurity department coordinates University information security initiatives, creates awareness for information security issues, and investigates information security incidents.
Own Your Role In Cybersecurity: The Basics
With the start of Fall semester right around the corner, it’s a good time to brush up on your cyber hygiene.
Every individual should own their role in protecting their information and securing their systems and devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional.
Below, NCSA highlights eight tips you can put into action now:
- MAKE A LONG, UNIQUE PASSPHRASE
Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
- PASSPHRASES AREN’T ENOUGH
Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your
mobile device) whenever offered.
- WHEN IN DOUBT, THROW IT OUT
Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive
information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
- KEEP A CLEAN MACHINE
Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- BACK IT UP
Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-
1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
- OWN YOUR ONLINE PRESENCE
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- SHARE WITH CARE
Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
- GET SAVVY ABOUT WIFI HOTSPOTS
Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
Use Boise State's Virtual Private Network (VPN) While Working Remote
The Office of Information Technology (OIT) reminds all faculty and staff to use the university’s virtual private network (VPN) service when working remote.
The remote access policy (policy 8130) details the requirements for remote access to Boise State computing resources and serves to minimize potential exposure to Boise State from damages caused by unauthorized use, including loss of protected data, intellectual property and harm to critical university systems.
All faculty and staff (including active student employees) have access to the Boise State VPN service. Information about installing and using VPN is available on OIT’s website.
For questions or additional information about Boise State’s VPN service, contact the Help Desk at (208) 426-4357 or firstname.lastname@example.org.
“Are you available ?” – Phishing Scam
This phishing scam is trying to get clicks in University emails. Some users have reported they received an email (which looks like it’s coming from a supervisor) that is trying to solicit a conversation/reply email.
Here is a sample of the message:
Subject: ARE YOU AVAILABLE
Date: February 1, 2020 at 9:37:12 AM MST
To: [Your email]
Are you available?
While this email is simple and doesn’t have any malicious attachments it is using social engineering to get a response email from an unsuspecting user, but the sender isn’t the correct email and most do not come from a boisestate.edu domain.
Once this type of scam has been interacted with, the scammer usually makes up an excuse about being in a meeting and wants the recipient to do an important favor as soon as possible. The favor the scammer wants is for the recipient to purchase iTunes gift cards, scratch off the pin numbers and send them back a picture of the cards and pin.
Tips to avoid becoming the victim of a scam
Always check the address of who the email is coming from. Many times scammers will use a similar name or try and add Boise State in the address to trick users. One important part is to look for what comes after the “@” symbol – this is the domain part. Domains listed with @yahoo.com, @aol.com, @gmail.com, @hotmail.com are not university emails and users should exercise cautions before responding to these emails.
If using a mobile device sometimes the full email address does not show automatically. You can check the address by clicking on the view details. This is usually located at the top of the email with the sender, recipient, and date information. All mobile devices and mail apps differ so it’s best to confirm with your manufacturer and/or application on the best way to view details.
If you are unsure about an email contact the Help Desk at (208) 426-4357, email at email@example.com, or chat online.