Stop Theft laptop label

Summer travel in your plans? Keep your devices and data secure

Summer is when many people make plans to go out of the state or the country. We want you to enjoy your get away as much as you can, so we have designed this checklist to remind you of everything you should be aware of before traveling to avoid hassles.

Keep an eye open on your electronics

Whether you’re in a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public; it only takes seconds for opportunistic thieves to grab your belongings and disappear.

Even if you are with your things, when sitting in public do not leave your bag or purse hanging from the back of your chair or by your feet, and keep zippers and all pockets closed.

For those big trips where you’re checking luggage, never store your valuables and electronics in anything you’re not carrying with you; every year hundreds of baggage handlers are caught stealing expensive items from travelers’ luggage.

Employ strong passwords

Make sure you have a strong passcode on your phone, tablet and laptop, to serve as barriers should something be stolen.

A strong passcode contains more than four digits; a strong laptop password is at least eight characters long, contains upper and lower case letters, and numbers and/or special characters. This does make them hard to remember, but it is more effective and you can always use a password manager.

Do not keep passcodes or passwords on a piece of paper (or anything else) that you carry with you.

dual-security

Keep your data safe

If you are traveling for business and have sensitive or personally identifiable data (Pii) stored on your Northeastern laptop, please contact the Office of Information Security at ois@neu.edu before you leave. Laws and regulations govern how to store sensitive data on mobile devices while traveling, and the data or laptop may need to be encrypted to ensure its protection and compliance. For more information on Pii, see the Appropriate Use Policy.

It’s also a good idea to back up your mobile data before you go on a trip. External backup drives are inexpensive, can also be encrypted for added protection if they are ever stolen, and provide an easy, worry-free solution to keep your data safe. Make sure to store your backup drive in a safe place.

Register your laptop with NUPD

Northeastern University Police Department will register your laptop free of charge. A small Stop Theft plate will be securely attached to your laptop. To set up an appointment to register, please contact Crime Prevention Coordinator, Officer John Farrell, at 617.373.5402, Monday to Friday, 8 a.m.- 4 p.m.

eduroam international mapUse eduroam for easy worldwide wireless access

Northeastern participates in a reciprocal wireless system, called eduroam, which enables Northeastern students, faculty, and staff to securely access the eduroam wireless network off-campus at more than 5,000 participating locations worldwide. A full list of participating US Institutions is available on the eduroam website. An international map is also available (this may take a while to load). Since eduroam was initially developed and launched in Europe, this continent boasts the most locations with thousands of participating colleges, universities and research facilities.

It is easy to connect to eduroam – you simply need to enter your eduroam username [myNEU username]@northeastern.edu (e.g., kinghusky@northeastern.edu) and your myNEU password. Similar to NUwave, once you have entered and saved your login credentials on your device, you will be able to automatically connect to the eduroam network whenever it is available. More information can be found on the eduroam service page.

Make free and public wireless secure

Free and public wireless networks often have little or no security features, as these networks are not protected by enterprise encryption. This means that the bad guys may be able to eavesdrop on or “sniff” your web browsing data, and read your usernames and passwords.

To protect yourself and your information, whenever possible, connect to a virtual private network (VPN) before logging into any website when using a free or public Wi-Fi network.

Northeastern offers the Global Protect VPN to connect securely to Northeastern resources, such as intranet websites, the shared Q: drive, and remote desktop connections. However, that VPN does not protect you when visiting non-Northeastern resources, such as your bank or Gmail. For full security on other networks, consider using a third party VPN service to secure all your wireless connections.

Limit access to your data remotely

In the event your phone is lost or stolen, the best option is to erase all the data from it to prevent anyone else from accessing your information – and you can do it remotely. Here’s how:

Don’t let the social media world know you’re gone

Posting your travel plans on open forms of social media lets people know when you will be away from your home or apartment, and criminals could use this opportunity to steal your belongings. Be careful about how many people are aware of your travel plans. Do you really know and trust all followers that you have on social media? In this case, using #latergram is safer.

Different countries, different rules

And finally, if you are traveling internationally, keep in mind that each country has different laws and practices. Here are some tips for safe international travel at SecureNU.

 

It’s Not Hard To Remember a Strong Password

No one wants to be the person whose accounts are hacked, and we’ve all seen plenty of examples of the emotional and financial damage that can do. We all also know that having strong passwords for your accounts – myNEU, Gmail, Twitter, Steam, Hulu, or any of the hundreds of other services and systems you use – is the easiest way to personally make it as hard as possible for hackers to succeed.

But advice for creating strong passwords changes often and usually contradicts what you were told before. When you try to follow the rules, you probably find that the passwords you end up with are so complex that you can never remember them. So you write them down. Or use the same password for everything. Hopefully you don’t use one of the passwords on this annual, horrible list (due to be updated this month).

This is not good. There is an easy way to make it better.

Given the computing power and tools available to hackers now, experts have come to realize that longer passwords are better, but the best passwords introduce complexity in the same way as CAPTCHA images do – by being something that a human brain can understand, but that confuses a computer.

Even if you’ve seen this XKCD comic before, it’s still a good demonstration of the idea:

The Northeastern Office of Information Security has several good posts up at SecureNU on why strong passwords are important, and how to create a strong password following the guide of “easy to remember, hard to guess.”

The important thing to remember is that the old line is true – security starts with you. Since your security starts with your passwords, make sure they’re strong ones that you and your capacity for nonsense can remember (Cathas12greentoes! – do not actually use), but that will stump a logical computer.

New name, same great security service

Office of Information Security logo

In order to more precisely reflect the office’s core focus – protecting both computing and information assets of the university community – Information Technology Services’ security unit has been rebranded to Office of Information Security. This change is in name only! You will still receive the same great service you’ve come to expect, and OIS will continue to be a resource to the Northeastern community for all information security matters.

Remember, security is a shared responsibility. Do your part to help promote a safer and more secure computing environment by observing and supporting secure practices in your academic or business unit. If assistance is required, please contact ois@northeastern.edu.

For more information, please visit the Office of Information Security website.

Start off the semester securely

At the beginning of a new semester it is important to remind ourselves about best security practices. Information security is a team effort and every member of our community plays an important part in protecting our data. Below are a few helpful tips to ensure you start the year off right!

Symantec Endpoint Protection (SEP) antivirus software is available to all Northeastern students, faculty and staff for free. It is strongly encouraged that you have a current version of antivirus software on your computer. Learn more about Symantec Endpoint Protection and how to get it.

Your information is only as secure as your passwords. While we all would like to have passwords that are easy to remember, it’s important to not use passwords that are easily guessed. For example, do not use things like dictionary words, pet’s names, anniversary dates or any other data that may identify you.

Change passwords often. It is a good habit to change your passwords once a quarter. Link it to the seasons or a holiday so you don’t forget. Worried about remembering them? There are free apps, like Dashlane, LastPass, and KeePass, that let you store your passwords in a secure location – making it easy to access your different online accounts.

Change your myNEU password by clicking the My Profile icon in the top right, then click the Change Password link.
Change your myNEU password by clicking the My Profile icon in the top right, then clicking the Change Password link.

Use different passwords on different systems. No single password should be reused across multiple accounts. This way, if one of your accounts is compromised, they aren’t all compromised. Last year’s security breach at Adobe caused Facebook to alert certain users to update their Facebook passwords, due to the concern that the same password was used for both accounts.

Do not share your passwords. Your password should be kept as secret as your Social Security number, if not more so. Remember, Northeastern will never ask for your password.

Create challenge questions (and answers) that are actually a challenge. When creating your myNEU account challenge questions be sure to come up with a question and answer combination that is hard for anyone to guess, especially those who know you, or – even better – make the answer random. SecureNU has a few great ideas. Even xkcd has taken a look at password strength.

Remember to install patches and updates. The reminders always seem to come at the most inconvenient time, but please remember install all patches and updates. Not doing so could expose you and your information to viruses and theft. Additionally if your information is compromised it has the ability to compromise others at Northeastern. Try setting a time aside to install patches, such as at the end of the day, so it doesn’t interrupt your work.

Using wireless Internet on campus? Make sure to log into NUWave with your myNEU credentials for full access and a secure connection. NUwave-guest is a limited wireless network intended for guests only; it requires separate registration and access ends after eight hours. Be more secure and use NUwave. Living in upperclassmen housing that allows routers? Be sure to setup your router following the 2014-2015 ResNet Router/Wireless Access Security Requirements and Recommendations. [UPDATE – 8/15/2015: Routers are banned as of 8/15/2015. The residential wireless expansion project was completed on August 15, 2015. Details are available on the NUwave service page.]

Shopping for back to school supplies? Shopping and banking should only be done on a device that belongs to you and on a network that you trust. Free wifi can be appealing, but those networks are likely not secure – wait until you get home to buy those last few items on your list.

Bittorrent is too good to be true. The Northeastern University Appropriate Use Policy (AUP) prohibits the download, use or redistribution of any copyrighted material without authorization for the copyright holder.

Does something seem a little suspicious? All suspected security incidents should be reports to either the ITS Service Desk at 617.373.4357 (xHELP) or to the Office of Information Security at ois@northeastern.edu.

Questions or concerns? Feel free to reach out to the Office of Information Security for assistance. We are here to help in the event that something does happen to your account.

Don’t take the bait – Watch out for phishing attempts

Imagine this…

You are sitting at your computer and an e-mail comes across your screen…

“Your account has been suspended. Please go to http://accountrecovery-neu.com to recover your account.”

You begin to panic – you have a paper due tomorrow, and you can’t submit it through Blackboard if you can’t access your account!

Before you click, STOP and THINK. Would Northeastern University ever ask you to validate your account through e-mail?

The correct answer is NO.

In the past few weeks, Northeastern University has been subject to a variety of phishing attacks. While most of us believe we would never fall for something like that, recent events have proven otherwise. The emails and websites are extremely convincing. In fact, some look just like an email you would receive from Northeastern University. A recent favorite is an phishing attempt pretending to be E-ZPass, where the email included text about its phishing policy to make it seem more legitimate.

EZpass phishing attempt

Even the most technically savvy individual could fall for a phishing email. It is important to remember that Northeastern University will never ask you for sensitive information through an email.

Below are a few additional helpful tips to aid you in avoiding phishing attacks:

Delete all e-mails and messages that ask you to provide personal information. Legitimate companies will never ask for this information via email. As an extra step, you can forward e-mails to the organization they are supposedly coming from to ensure they are aware of the phishing attempt. Bank of America even has a process for reporting these fake emails.

Be cautious when downloading files and opening attachments, regardless of who they are from. The files and attachments could be viruses designed to steal information from your computer.

Be on the lookout for generic-looking requests. Many phishing e-mails will be impersonal and use language such as “Dear Sir/Ma’am.” Banks and companies you do business with will, more often than not, send personalized emails.

Be on the lookout for poor spelling and grammar. Cyber criminals are not known for their spelling. Most organizations have staff who review any mass emails and wouldn’t allow it to go out with several mistakes. If you notice a lot of mistakes, it might be a phishing attempt.

Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure. For example, most sites that ask for personal or financial information will begin with HTTPS.

Phishing attempts could be made over the phone too. Remember to treat unsolicited calls with skepticism and to never provide personal information. Again, Northeastern University will never ask you for sensitive information through an unsolicited call. If something seems off, hang up and call the company back through an advertised number.

When in doubt, just ask. Northeastern University has a variety of areas you can reach out to for help. The ITS Service Desk is available 24/7 and can be reached by either e-mail at help@northeastern.edu or by phone at 617.373.4357 (xHELP).