Data Destruction Day


APRIL 27, 11:00 am-2:00 pm
Library Quad

The Office of Information Security is pleased to invite you to “Data Destruction Day.”
On April 27th from 11am – 2pm, Rockland IT Solutions, will be on campus with their hard drive
shredding trucks. Bring in any paper items, old hard drives, floppy drives, thumb drives, CDs,
DVDs, zip drives, tapes and Rockland IT Solutions will physically destroy them onsite FOR FREE.
OIS will be available to assist with disassembling your old computers and getting the hard drives out
for safe disposal. A container will be available to recycle all of the other pieces.

– Event is open to all NU Faculty, Staff and Students.
– Electronic media is limited to hard drives, flash/thumb drives, CDs, DVDs, floppy disks,
tapes, and zip drives. If you have an old computer, we can help you remove the hard drive
that day and Rockland will recycle the computer shell and other peripherals.
– Asset disposition forms and all applicable signatures are required for all University assets.
– Feel free to bring in items from home but the University is not responsible for items lost
prior to destruction.
– No vehicles will be allowed in the quad; please prepare to hand carry over all items.

Please contact OIS@Northeastern.edu with any questions.

Posted in Uncategorized | Comments closed

NCSAM Week 1: Make Your Home a Haven for Online Safety

Cyber Safety Starts at Home! Help make your home a safe digital haven by protecting networks, devices and online lives with these tips!

  1. Keep a Clean Machine: Having the latest security software, web browser and operating system is the best defense against viruses, malware, and other online threat. Remember, mobile phones and tablets need updating too!
  2. Secure your Wi-Fi Router: Set a strong passphrase (the longer the better) for your Wi-Fi network. Focus on positive sentences or phrases that you like to think about and are easy to remember. Name your network in a way that doesn’t let people know it’s your house.
  3. Share with Care: Think before posting about yourself and others online. Consider what a post reveals, who might see if and how it could be perceived now and in the future.
  4. Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
  5. Lock Down Your Login: Usernames and passwords are not enough to protect key accounts like email, bank, and social media. Improve account security by enabling strong authentication tools such as biometrics or unique one-time codes.
  6. Personal Information is like Money. Value it. Protect it: Information about you, such as your purchase history or location, have value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.

 

Posted in Cyber Security Awareness Month, Safe Computing | Comments closed

National Cyber Security Awareness Month!

Help the Office of Information Security celebrate National Cyber Security Awareness Month! We will be hosting events on campus all month long. Be sure to follow us on Twitter @SecureNU for even more helpful information during October and all year long. 

*Please Note: The Travel Smart Training on 10/4/18 and the Information Security Awareness Training require registration. Please visit https://safety.northeastern.edu/ for more information*

Posted in Cyber Security Awareness Month | Comments closed

Alert: KRACK Vulnerability

A vulnerability named “KRACK” was made public earlier this week that could potentially affect many wireless users. KRACK, which stands for Key Reinstallation Attack, is a flaw in the way the Wi-Fi Protected Access II (“WPA2”) operates. WPA2 is a widely used security protocol that is designed to protect wireless communications. When a user first attempts to connect to a wireless network, a handshake occurs where a password is exchanged for permission to connect. According to the researcher who discovered the vulnerability, malicious agents can utilize the flaw to potentially hijack connections and eavesdrop on the connections between the devices. However, there have been no reports about this vulnerability being utilized by hackers.

What is Information Technology Services doing for this?
Luckily, the United States Computer Emergency Readiness Team (“US-CERT”) has known about the vulnerability for quite some time, which has allowed vendors to prepare patches before the vulnerability was made public. Many vendors have begun to release patches, including Microsoft Windows, who released a fix on October 10th. While newer versions of iOS are considered unaffected, Apple is working on rolling out a software update for macOS, watchOS and tvOS in a few weeks. Android devices are particularly vulnerable and many phone makers are still developing patches with release dates not yet identified.

Information Technology Services will continue to deploy patches and updates to vulnerable devices as they become available. As always, we encourage our users to have automatic updates enabled to ensure patches are installed in a timely manner. If you need assistance, installing updates on your Northeastern devices, please reach out the ITS Service Desk at 617.373.4357.

How can I protect myself off campus?

While many vendors are working diligently to provide patches, it is ultimately the responsibility of the user to install the available updates. Make sure to check for updates on anything that connects to a wireless network, including thermostats, refrigerators and security cameras. Ensuring automatic updates are enabled on all your devices will make sure you receive patches as soon as they are available.

Posted in Uncategorized | Comments closed

How to Avoid Spear Phishing

Posted in Uncategorized | Comments closed

Spring 2017 Quarterly Information Security Reminder

NU Logo
Dear Members of the Northeastern Community,

This edition includes some quick recommendations for securing your personal information while on and off campus, along with reminders about your responsibilities around protecting sensitive university and student information.

Spring 2017 Information Security Tips:

Spring Forward

Daylight Savings Time begins at 2 a.m., Sunday March 12, 2017. Remember to set your clocks forward one hour. And while most computer and electronic systems will automatically make the change, it is always a good idea to verify that it has occurred correctly to ensure proper functionality.

Are you Truly Ready for Tax Season Scams?

Tax season is upon us, and government and law enforcement entities have reported an uptick in the number, and sophistication of tax fraud schemes targeting the public. Last year the IRS reported over $21 BILLION in fraudulent tax refund claims in 2016. One way to keep this from happening to you is to ensure that you protect your personal information, and to use only reputable and certified tax preparers. Your fees for tax preparation should never be tied to the amount of your refund. All tax preparers will also have a preparer tax identification number (PTIN), which can be checked at http://www.ptindirectory.com/. Also keep in mind that the IRS will never contact you by telephone if there are issues with your returns, or if they need information. They will always send information by U.S. mail, and only by email if you have requested and provided them with an address. Do not respond to any contact that is threatening or attempts alarm you (threatening audits etc). Always contact the IRS through their official website (www.irs.gov) or call for telephone assistance.

It is ALWAYS Phishing Season

Social engineering and Phishing scams are still the single greatest vector in data compromises and computer virus infections.  This risk is heightened with the massive surge in Ransomware attacks across multiple industries. Healthcare, Financial, Higher Education and even Law Enforcement have been targeted, and have fallen victim.  The computer virus will encrypt your files, data, even any online backups or network drives. Then offer you the chance to retrieve them, for a modest fee of $200‐$5000. This can cause irrevocable harm to businesses if they have no available off‐line back‐ups. Recently a California Hospital had to transfer patients out of their facility, when all their systems and patient files where encrypted.  Many of these incidents start with a simple Phishing email. Contact the Office of Information Security at OIS@northeastern.edu to find out how you can protect yourself and the institution.

Hold Your Password Close

Northeastern University WILL NEVER ASK FOR YOUR PASSWORD. Any email you receive claiming to need your login and password is spurious and should be deleted without replying. If you have given a Northeastern password to another person, change the relevant password immediately. Each of us at the university is held responsible for all activity conducted under our user ID and password.

Protection of Sensitive Information / Regulatory Compliance:

Social Security Numbers, dates of birth, grades, non‐public personal financial information, protected health information, and other similar types of sensitive information are to be protected at all times from unauthorized disclosure and/or use, consistent with applicable University policies and/or applicable Federal laws, including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act  (HIPAA), the Financial Services Modernization Act (also known as Gramm‐Leach‐Bliley), the CAN‐SPAM Act of 2003, and Massachusetts Data Security Regulation MA201 CMR17.00. Personal information of members of the Northeastern community, including but not limited to students, faculty and staff, may not be posted or maintained on public networks or sites, unless the user fully complies with applicable laws and regulations governing handling of personal information.

Compliance with Copyright Law and Software Licensing Agreements:

All members of the community are required to comply with copyright law and software licensing agreements. In addition, all software installed on University‐owned devices shall be the product of legal copies, and shall be properly licensed at all times. University resources shall not be used to offer, exchange or store copyrighted materials nor the indexes pointing to such materials, unless the use is in compliance with copyright law or other applicable regulation. All use of file‐sharing technologies shall be in strict compliance with University policy and copyright law.

Responsibilities under Regulation:

Our responsibilities under regulation includes, among other reasonable steps, that we refrain from displaying or listing sensitive information in public venues such as hallway bulletin boards, office doors, globally shared computer files, and publicly‐accessible web sites, that we observe privacy practices, and that we use appropriate safeguards to protect sensitive information and information‐bearing devices from unauthorized access, alteration, theft or loss. These responsibilities include taking appropriate steps to ensure confidential/sensitive paperwork is properly discarded, that mobile devices are appropriately protected from loss or theft, and that computer disk drives and information storage devices are properly processed to remove sensitive information prior to reallocation or disposal.

Consequences Arising from Unauthorized Disclosure or Loss of Sensitive Information:

The potential consequences of unauthorized disclosure or loss of sensitive information may include for the individual, loss of privacy, identity theft, financial loss, erosion of customer confidence, and for the University, damage to reputation, civil penalties, and regulatory sanction. By recognizing the value in protecting sensitive information, the University is better positioned to avoid these consequences, maintain customer trust, and enjoy a reputation more demonstrative of the University comment to excellence and distinction, and other goals to which the University aspires.

Requirement to Read and Comply with the Appropriate Use Policy (AUP):

The Appropriate Use Policy describes policies for use of all computers, networks and telecommunications facilities at the University. All members of the University community are required to read and comply with the AUP, which can be read at www.northeastern.edu/aup. Use of University computer/telecommunication networks and/or computers, implies agreement with the terms of the Appropriate Use Policy.

Shared Responsibility

Security is a shared responsibility. Do your part to help promote a safer and more secure computing environment by observing and supporting secure practices in your academic or business unit. If assistance is required, please contact OIS@northeastern.edu

Posted in Quarterly Security Reminder | Comments closed

Phishing in the New Year

Follow us on Twitter @securenu for the latest security bulletins and alerts.

Its 2016 and criminals have not stopped trolling the waters for usernames and passwords. Today the following phishing message was sent to members of the Northeastern community. If you have clicked on the link in the email and entered your myNEU username and password please contact the Service Desk (x4357) immediately. Please delete this message from your inbox.

phish

Follow us on Twitter @securenu for the latest security bulletins and alerts.

Posted in Malware, Anti-Virus, Phishing, Scams | Comments closed

Phish Tank Contest – DAY 5

From: ITS Service Desk <northeastern@service-now.com>
Sent: Friday, October 30, 2015   2:55 PM
To: OIS@neu.edu
Subject: We have received your Northeastern myHelp incident INC0129989

Hi OIS,

We have received your request for assistance. You should hear back from us within one business day. Should you need help sooner, please call the Information Technology Services Customer Service Desk at: 617-373-4357.

Your request was assigned a ticket number of INC0129989 with a description of “Phishing e-mail”. The details of your request are available at the following link: LINK

Thank you,

Information Technology Services
Customer Services

helpKnowledge Base — 24×7 Answers to your Northeastern Technology Questions.

 

lockNortheastern University will never request details of your password or account by email at any time. 

Email Notification: Incident Opened

Ref:MSG3136961

Posted in Cyber Security Awareness Month, Malware, Anti-Virus, Phishing, Scams | Comments closed