Versions Compared

Old Version 13

changes.mady.by.user Elle Smith

Saved on

compared with

New Version Current

changes.mady.by.user Elle Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed Mountaineer Drive to Google Drive and Mountaineer Apps to Google Apps

...

Expand
titleSecurity Awareness Tips and Guidelines for Everyone
  • Be aware of online scams - don't get lured by phishing!  Report any attempts to get your username, password, or other personal information to phish@appstate.edu. Don't share your password, and never enter your password on a website without making sure you are in the right place. Appalachian ITS will never ask for your password!
  • Use Good Passwords and Keep them Safe: Use passwords with letters, numbers, and symbols - for each account. If you need help remembering your passwords, use a password vault like KeePass. 
  • Review your Social Media Privacy settings - customize your privacy settings and think about what you share.
  • Don't link your social media accounts together - one hacked account gives the hacker access to all linked accounts.
  • Be aware of online scams - don't get lured by phishing!
  • Log Out before you walk away from a public computer - log out of your MountaineerApps Google account and the public computer.
  • Keep clean machines and back up your files -Make sure your device and software are set to install regular updates and use Antivirus software. Back up your files with an external device and/or Mountaineer Google Drive.
  • Use https - whenever you transmit confidential information to a website.
  • Be careful where you click:
    • Use official sites like Google Play Store to download apps, and review what they want to access.
    • Don't open questionable email attachments or click on ads on websites.

...

Remote Access Tools
Expand
titleAdditional Security Awareness Tips and Guidelines for Faculty and Staff

In addition to the security tips outlined above, Faculty and Staff:

  • Keep your office computer on 1 night during the week to get IT updates.
  • Lock your computer when you step away.
  • Know ourGuidelines for Storing & Sharing University Information
  • Use uDesk -- a remote virtual Windows desktop that runs on your computer -- when appropriate.  If you visit a site with malware in uDesk, your computer won't be infected.
  • Back up your files to uStor P: drive.
  • Use a secure wireless connection - Use "asu" secure wireless network, or use ASU VPN when you connect to public wireless.
Expand
titleCampus Security Tools

Additional Self-Training Information

Expand
title
Data Encryption
Expand
titleDefining Data Encryption?

Data encryption is a method that can allow you to safeguard electronic information by preventing unauthorized access to files. Encryption software converts "plain text" data that can easily be read into encrypted data via complex mathematical operations and a unique key. Encryption keys work similarly to physical keys to doors or a locked filing cabinet. Without the key, gaining access to encrypted data is often extremely difficult. Most often encryption keys take the form of passphrases where only individuals who have the passphrase can unencrypt and view the data.

Expand
titleIssues Related to Data Encryption

Access to encrypted data is dependent on your key (see above), making it possible that if you lose your key you may lose access to your data. It is very important to consider how you might securely back up and protect your encryption key when considering encryption.

Expand
titleReasons for Using Data Encryption

Most often when a computing device is lost or stolen, the data on the device is unencrypted and therefore easy to access (even if the device is password protected). However, using encryption protects sensitive data and keeps it private. 

Another common use of encryption is in creating encrypted containers (more below) so that even if a computer is infected with malware there is an additional layer of protection that may thwart intruders from accessing confidential or sensitive data.

Expand
titleDifferent Data Encryption Methods

Full Disk Encryption is used to safeguard all data stored on a hard drive (including the operating system). 

File Level Encryption uses a single key or multiple keys to encrypt a single file or series of files only.

Container-Based Encryption provides encryption of a container file that internally contains other files that can be read (i.e. encrypted zip file).

Expand
titleHow to Encrypt Your Files

Full Disk Encryption is used to safeguard all data stored on a hard drive (including the operating system). 

File Level Encryption uses a single key or multiple keys to encrypt a single file or series of files only.

Container-Based Encryption provides encryption of a container file that internally contains other files that can be read (i.e. encrypted zip file).

Expand
titleEncrypting Personal Devices
Note
titleCreating and Managing Passwords

Your data encryption protection is only as secure as your encryption key. Use App State’s Tips for Creating a Secure Password. Also, consider using a password manager tool such as KeePass which securely stores passwords.

  • Spirion
  • Secure File Exchange (FileShare)
    • Expand
    titleSecurity Resources

    Windows

    Mac OS/X

    Other

    Security and Awareness Training

    Avoid Phishing Attempts

    What is Phishing?
    "Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. These attempts

    Expand
    titleAvoid Phishing Attempts

    What is Phishing?
    Attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information, to gain access to accounts, or to infect your machine with malware & viruses are called “phishing.” a form of social engineering.  Like all universities, Appalachian State University is frequently phished for account credentials. Phishing attempts can happen through a variety of channels, including email, social media, or text messages, and can compromise security & and lead to the theft of personal & and financial data. Highly targeted attacks on groups or individuals are known as “spear phishing.”

    What tactics are used in phishing attempts?
    Phishing messages can come from hijacked accounts of people you know, making them hard to distinguish from real messages. Additionally, cybercriminals commonly use infected documents or PDF attachments as vectors for their phishing attempts. Another common trick attackers use is trying to get victims to sign in on a fake login page where their usernames and passwords can be stolen.

    How do you avoid phishing attempts?
    Phishing attempts can often get through spam filters and security software that you may already have in place, so stay vigilant and trust your instincts. Keep an eye out for things like unexpected urgency or a wrong salutation. Think twice about clicking a link or opening a document that seems suspicious. Double-check that every URL where you enter your password looks legitimate. And if anything raises doubt, report the communication to phish@appstate.edu.


    Widget Connector
    width600
    urlhttps://www.youtube.com/watch?v=3vcLyvoKYZc&t=1s
    height400


    Expand
    titleInternal Phishing Program

    As part of our ongoing efforts to help defend App State from increasing cybersecurity threats, ITS will be sending out test phishing emails. These internal phishing messages are learning opportunities and employees will not be punished for falling victim to a test phishing attack.

    These test phishing messages will simulate real-world attacks that are often observed in our security monitoring practices. These test messages will be sent out at random intervals throughout the year.

    Key Takeaways:

    • Phishing test messages will simulate real-world phishing attempts, starting with easily identifiable phishing scenarios and progressing to more advanced scenarios as employees improve their responses.
    • Employees who receive suspicious emails should forward them to phish@appstate.edu, regardless of if they think it is part of the test or not.
    • The results of these phishing tests are only visible to the ITS Office of Information Security.  
    • Reporting on these tests will be anonymous.
    • If you click on a link in one of these messages, you will receive information to help spot and avoid similar phishing messages in the future.  Employees who fall for a phishing attempt will be redirected to an educational webpage comprised of phishing information and training opportunities, including the identification of specific elements within the message that would help to distinguish it as fraudulent.
    • Our goal is to increase employee security awareness and decrease the number of employees who click on malicious emails.

    With all suspicious emails, remember these helpful steps:

    1. Look at the sender's email - is it an App State email?  Is this someone you know?
    2. Are they asking for personal information?  Or for you to download an attachment?
    3. Don't click on links if the email seems suspicious or unusual.
    4. You can help us to identify suspicious emails by forwarding them to phish@appstate.edu.

    A Few Important Things to Remember

    • Always remember that ITS will never ask you to provide your password either via the phone, email, or other communications.
    • Keep in mind that phishing emails can look very legitimate and include the same images, logos, and text associated with the organizations they are attempting to masquerade as. Don't take the appearance of an email or website as a mark of legitimacy. 
    • Be aware that the 'From' field in email messages can easily be fabricated. Don't assume that an email is legitimate based on the apparent sender in the "From" field. 

    Employees are strongly encouraged to treat all suspicious emails as potentially dangerous.  While these simulated messages are not malicious, real phishing attacks pose a great threat to our university community. 

    Addition Resources

    Phishing Examples:

    Common Security Threats

    Videos:

    Online Quizzes:


    Expand
    titleBack-Up Your Data

    Protect your valuable work, music, photos & other digital information by making an electronic copy & storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.

    Back up your data regularly, and make sure your anti-virus software is always up to date. Several options are available for backing up your data, including:

    • Back-Up To an External Drive
    • Back-Up Over the Internet
    • Use a Cloud Storage Service

    ...

    Expand
    titleYou are a Target

    Realize that you are an attractive target to hackers. Don’t ever say, “It won’t happen to me.” You may not realize it, but you are a target for cybercriminals. Your computer, your mobile devices, your accounts, and your information all have tremendous value to cybercriminals around the world.



  • Protect yourself from common information security threats by viewing our Google Slides
  • Protect yourself and App State data from phishing threats with our Internal Phishing Testing
    • Have you been a victim of phishing? Read our Phishing Victim Advisement
  • Find campus security tools for remote access and data encryption
  • KnowBe4 Security Awareness Training for Faculty & Staf
  • Learn to identify Common Security Threats
    • Expand
    titleTraining and Awareness Resources
    Expand
    titleReporting Security Awareness Concern

    For policies, standards, guidelines & tips see our security.appstate.edu
    To get help with your personal devices at our Technology Support Center 
    You can enter a support ticket at support.appstate.edu
    If you have any information security concerns or questions you can email support@appstate.edu,  contact your ITS Consultant, call the ITS Support Help Desk at (828) 262-6266, or visit the Technology Support Center in Room 140 of Anne Belk Hall (Exterior entrance located directly across from Rankin Science)


    Content by Label
    showLabelsfalse
    max50
    showSpacefalse
    sorttitle
    excludeCurrenttrue
    cqllabel in ("security","spirion","encryption","remote","remote-work","security-awareness","securityawareness","udesk-virtual-desktops") and space = "ATKB"


    We value your feedback! Click HERE to suggest updates to an existing article, request a new article, or submit an idea.

    Search Knowledge Base

    Submit a Service Request