Blog from October, 2017

If you are like most people, your phone has the most private and confidential data of any device you use.

Be Safe When You're Mobile:

1. Use a password/passcode on EVERY device.
2. Use the built-in "Find my Phone" and remote wipe features.
3. Never leave your device unattended in a public place. Don't leave it visible in an unattended car.
4. Keep a clean device -- delete apps when done!
5. Be smart on Wi-Fi (on- or off-campus).
6. Consider your surroundings and use your device discreetly at locations in which you feel unsafe.

Keep a Clean Device and Delete Apps Not Used

• Update Often: Your mobile devices are just as vulnerable to malware as your PC or laptop. Keep your device secure by updating operating system patches and apps often.
• Delete When Done: Many of us download apps for specific purposes, such as vacation planning, and no longer need them afterwards. Or we have previously downloaded apps that are no longer useful or interesting to us. It's a good security practice to delete all apps you no longer use.

Be Smart on Wi-Fi (on- and off-campus)

The SPU-Wireless network is secure, requires authentication, and encrypts the data that travels through the air to prevent sniffing and hacking. See the instructions here to connect any of your devices (computers, phones, tablets) to the SPU-Wireless network. SPU students and employees SHOULD NOT use SPU-Guests. If you connect to SPU-Guests, use this opporunity to change to SPU-Wireless (see instructions at the link above).

Use caution when you connect to a Public Wi-Fi hotspot (a coffee shop, restaurant, in a hotel, the airport, etc...). While easy and convenient, do take some precautions:

• Only enter sensitive information on sites using the HTTP S  protocol. The "S" stands for secure and means that there is additional encryption in use and your data will be protected during transmission.
• Avoid banking and credit card transactions when using public WiFi networks.
• Update your operating system, firewall and virus protection regularly. You are exposed to a much higher level of potential risk on a public WiFi connection. Protect yourself beforehand.

Safeguard Yourself Against Mobile Device Theft

Don't take for granted that while phones are common, they also bring a demanding price on the black market. Record the device's make, model number, serial number (the IMEI, MEID, or ESN #) and contact information for your carrier. Immediately report a device theft to your carrier and law enforcement.

Ransomware  has been around for a few years but has recently been on the rise and has hit a few people here at SPU. There are many variations of ransomware -- two of the most prevalent are called Cryptolocker and WannaCry. Ransomware is a serious issue with potentially devastating consequences. Your data and/or your pocketbook is at stake! You could lose your documents, pictures, music, etc... ANY data files stored on your computer.

Once the infection is present the malware encrypts data files and folders on the local hard drive, attached drives, backup drives, network locations, and potentially other computers on the same network. This is nasty stuff and once infected all your data files are inaccessible. Users are not generally aware of the infection until they get a pop-up message advising of the attack and demanding a ransom payment in exchange for a decryption key to restore access to their files. There are often requirements to pay such as -- "Your files are encrypted! Pay $300 in Bitcoin within 72 hours or lose access to your files forever."

For most variants of ransomware there are few if any tools to break the encryption and restore your system and files. Incidents are increasing and more people, businesses, and organizations (hospitals, governments, educational institutions) are being victimized.

What You Need to Do?

Tips for Dealing with Ransomware Threats (students and employee home computers):

1. Backup your data regularly to a separate drive. For instance, use an external USB thumb-drive or hard-drive, and keep that drive locked away except when backing up your files.
2. Patch operating systems, software, and applications.
3. Ensure anti-virus software is running and up-to-date.
4. Be careful with email, attachments from unknown senders, or demands to follow a link.

For SPU  employees , using SPU  managed computers , accessing  institutional data -- CIS has some additional layers of ransomware protection but ransomware is still a serious threat. Software and application patches, anti-virus updates, protected data backups, mandated browser and security settings, are all enforced for university managed desktop and laptop computers, but you need to do your part.

Help! I Think I Messed Up!

If you think your system is compromised:

1. Immediately shut down your computer -- press-and-hold the power button until the system shuts off if needed.
2. Disconnect from the Internet (unplug the cable, turn-off your Wifi connection).
3. Disconnect any external hard drives or portable devices (including USB drives).
4. Call or email the CIS HelpDesk immediately (206-281-2982 or help@spu.edu). There may be actions we can take to limit or minimize the damage.

The FBI advises to not pay the ransom -- "Paying the ransom doesn't guarantee that you will get your data back -- we've seen cases where you never get a decryption key after having paid the ransom. Paying the ransom not only emboldens current cyber criminals to target more people, it also offers an incentive for other criminals to get involved." However, if your personal data files have been taken (your personal picture library, your music library, or all your personal records) and you don't have a good data backup, a few hundred dollars may be worth your risk and your expense to return your important data.

Computers that have been infected with ransomware must be wiped clean and rebuilt from the ground up. Any data on the computer is irrevocably lost, and must be restored from a secure data backup. This is not fun or easy and can take hours to complete.

If you see something, say something! We're here to help.

Passwords... Your First Line of Security!

Test your password strength: Password Checker. Need something better?? See the instructions below to reset your SPU password. A password is often all that stands between a hacker and your sensitive data.

Use a PASSPHRASE to Create a Strong Password

What makes a strong password?

• Length - a minimum of eight characters are required for SPU accounts, but 12 characters (or more) will provide better security.
• Complexity- use upper and lower case letters, numbers, and special characters such as !@#$%^&*()?/[]\.

How to use a Passphrase (a few suggestions):

• Think of a short sentence or phrase you can easily remember. An example might be: God is in control. Add complexity to the phrase: Godis1nControl#2017
• Choose three random words: snake, apple, eve. Add complexity to the words: $nake@pple8Eve
• Add a letter(s) at the end of your base password to make the password unique for each account, such as: $nake@pple8EveFB (for your Facebook account)

Want to Change Your SPU Password?

At SPU, the same Username and Password are used for most campus resources: Banner, Canvas, Webmail/Outlook, network access, etc... Change this password through the Banner Information System.

1. Login to  Banner  with your SPU username and password
2. Select the Personal Menu--> then Computer Accounts Menu
3. Choose Change Your Password
4. The password sync takes roughly 15 minutes to be in effect for all SPU resources.
5. After you change your password make sure you update it on any device that might store the password (phones, tablets, etc...).

Use Multi-Factor Authentication When Available

Multi-Factor Authentication (MFA) is a method of computer access control that requires two of the following: something you know (like a password), something you have (like a mobile device or a security dongle), or something you are (like a fingerprint or an eye scan).

SPU already uses MFA for certain administrative access to the Banner system, and will be adding additional MFA options and requirements later this school year.

Many banks and online services (Apple iCloud, Microsoft, DropBox, etc..) are providing optional multi-factor authentication. Take advantage of these new tools. It will make your access much more secure.

Store an External Email Address in the Banner System

There are times when you forget your password or need to reset your SPU password through our automated system. We can use an alternate/non-SPU email address to help reset your password if there is one stored in Banner. CIS recommends that EVERYONE setup a NON-SPU/External email address.

As an added security measure, you will receive email notifications to your Non-SPU account advising you of SPU password resets, DirectDeposit changes, and Location Tracking notifications (see above).

1. Login to  Banner  with your SPU username and password
2. Select the Personal Menu--> then Personal Information Menu
3. Choose Update Email Address
4. Then ADD, CHANGE or DELETE your NON-SPU email address(es).

If you forget your SPU password and need help to reset it, you can go to: http://spu.edu/findmyid/ for assistance.

Consider Using a Password Manager Application

The difficulty of keeping track of different passwords for all your online services is a big challenge. You might want to consider the use of Password Manager application or service. There are many to choose from, but here are three that have been vetted by CIS:

• LastPass
• 1Password
• KeePass

All of these provide low cost or free personal use.

"Phishing" is the name given to email messages that try and trick you to give up your username and password. SPU blocks lots of phishing email through filtering, but some messages inevitably get through. Moral of the story: "Please be cautious!"

When are you most susceptible?

Statistics reveal some interesting patterns and trends in regards to when and how most people fall for phishing:

• More responses occur from mobile phones.
• More responses occur when respondents are away from the office.
• More responses occur outside of work hours (evenings and weekends).

Tips for Phishing Detection

Four message characteristics to be on the guard for:

• Greetings and closings. A generic recipient or closing is a good indication the message is phishing. ALL messages about restoring an email account or performing system maintenance should be viewed with caution.
• Clickable links re-direct you to another web site. Always be cautious about links in email messages. See below for "hover" technique.
• Threats or urgency in the message language, such as response deadlines.

• Attachments: PDF or Word files are frequently used as “click bait” to trick you into opening unsafe files.

Use the "Hover" Technique

Many phishing messages include links that send the user to a malicious web site or a fake login page. Hover over the web links with your mouse to inspect the web site address BEFORE YOU CLICK! An example might be the printed URL and actual destination addresses don't match.

Oops, I made a Mistake!

• What should you do if you take the bait? If you think you might have taken the bait and given up your SPU username and credential -- immediately go to the Banner System (Personal Menu, Computer Accounts Menu, Change Your Password) and reset your SPU password.
• What will CIS do if your account has been compromised? CIS suspects an email account is compromised when we notice the account sending large volumes of spam or other malicious activity. Our action is to immediately disable the compromised account which will block access to SPU email, Canvas, Banner, and all other campus resources. The account will stay blocked until we can assist with password changes and remediation.

SPU has been the target of dozens of phishing attempts in the past few months. We block 1,000's of messages a day that are phish -- but some are always going to get through. Requests for "immediate action" to prevent account closures, disconnection of service, or other verification are sure signs you're being "phished." SPU WILL NEVER ask for your PASSWORD via email.