Happy Data Privacy Day!

January 27th is Data Privacy Day! 

The internet has opened so many doors for us and truly is a part of our day to day lives. We don't often take the time to think about the fact that we put a lot of our personal information out there. On Data Privacy Day we are reminded that we need to be vigilant in taking care of our precious personal data and making sure it is protected. 

Some Simple Tips for Protecting Your Data:

1. Check your privacy settings. Most of your social and eCommerce accounts will have a place where you can view and change your privacy settings. Every couple weeks you should review your privacy settings and make sure that it is set to what you want. You should consider the personal data that you are willing to make public (ie: email, phone number, birthday, location). 

2. Don't use a public service to store any private data. Google Docs is a great tool and very helpful for students and businesses alike that need a central place to store their work. However, you should not store personal information such as passwords or other sensitive data on a public service. 

3. Use private browsing. Using a private browsing window like a Incognito window, is very helpful for deterring internet tracking. Normally when you open a browser, it stores the websites you visit, the items you search for, or anything you might have bought. This information can be given to marketers. When you use a private browsing setting, this information is not stored. 

4. Use strong passwords. When you create a password is should not have any personal info like your name or birthday. It is also strongly advised that you create a long password, 12 characters (letters, numbers, and symbols) long. Additionally creating unique passwords for each of your services is strongly advised. While it may seem convenient to have the same password for everything, it puts you at a larger risk and makes it easier for potential malicious users to access your accounts. 

5. Use passwords and passcodes for access to your electronic devices.  Make sure you are protecting the device or devices you have that store all your precious information! A simple passcode or password being enabled on a device can go a long way in protecting your data. 

6. Use secure WiFi. A secure WiFi connection is very important. Public WiFis do not always have data encryption and this means that anyone that has access to the WiFi can track your browsing information. Try and keep login and monetary transactions to a minimum on public WiFi to avoid your passwords and credit card data getting into the wrong hands. 

Information partially taken from: https://www.kaspersky.com/blog/privacy-ten-tips-2018/23022/. 

Please continue checking our blog for more helpful tips and posts!

Take Control of Your Personal Info to Help Prevent Identity Theft

Identity theft has become a fact of life during the past decade. If you are reading this, it is a safe bet that your data has been breached in at least one incident. Does that mean we are all helpless? Thankfully, no. There is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.

First, take control of your credit reports. Examine your own report at each of the "big three" bureaus. You get one free report from each credit bureau once per year. You can request them by going to AnnualCreditReport.com. Make sure there's nothing inaccurate in those reports, and file for correction if needed. Then initiate a credit freeze at each of those plus two other smaller ones. Instructions can be found at Krebs on Security. To keep an eye on your credit report all year, space out your credit bureau requests by requesting a report from a different credit bureau every four months.

Next, practice good digital hygiene. Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:

1. Keep your operating system up to date. When OS updates are released, they fix errors in the code that could let the bad guys in.
2. Do the same for the application software you use. Web browsers, plug-ins, email clients, office software, antivirus/anti-malware, and every other type of software has flaws. When those flaws are fixed, you are in a race to install that fix before someone uses the flaw against you. The vast majority of hacks leverage vulnerabilities that have a fix already available.
3. Engage your brain. Think before you click. Think before you disclose personal information in a web form or over the phone.
4. Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to "security questions" that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
5. Use a password manager and keep a strong, unique password for every site or service you use. That way a breach on one site won't open you up to fraud at other sites.
6. Back. It. Up. What do you do if you are hit with a ransomware attack? (Or a run-of-the-mill disk failure?) If you have a recent off-line backup, your data are safe, and you can recover without even thinking about paying a ransom.
7. Full disk encryption is your friend. If your device is stolen, it will be a lot harder for a thief to access your data, which means you can sleep at night.
8. Check all your accounts statements regularly. Paperless statements are convenient in the digital age. But it is easy to forget to check infrequently used accounts such as a health savings account. Make a recurring calendar reminder to check every account for activity that you don't recognize.
9. Manage those old-style paper statements. Don't just throw them in the trash or the recycle bin. Shred them with a cross-cut shredder. Or burn them. Or do both. Data stolen from a dumpster are just as useful as data stolen from a website.

If you've been a victim of identity theft:

• Create an Identity Theft Report by filing a complaint with the Federal Trade Commission online (or call 1-877-438-4338).
• Use the Identity Theft Report to file a police report. Make sure you keep a copy of the police report in a safe place.
• Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800-685-1111); TransUnion (888-909-8872); or Experian (888-397-3742).
• Check if you have an account that has been compromised in a data breach have i been pwned?

Partially reposted from: Educause Review: March 2019: Take Control of Your Personal Info to Help Prevent Identity Theft

Data Privacy in an Era of Compliance

January 28 is Data Privacy Day. Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity. Data privacy for higher education institutions extends these principles to caring for other people's data, from collection, processing, sharing, and storing to destruction. 

The internet is full of data about you. Whenever you play a game, shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared.

Similarly, the business of higher education requires us to collect, process, and store the digital information of others. Whenever we handle such information, we need to think about how we want our own information treated and treat other people's data with the same care and respect.

Protect yourself by following these tips:

• Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
• Guard your date of birth and telephone number. These are key pieces of information used for identity and account verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
• Keep your work and personal presences separate. Your employer has the right to access your email account, so you should use an outside service for private emails. This also helps you ensure uninterrupted access to your private email and other services if you switch employers.

Protect the information, identity, and privacy of others by following these tips:

• Know what policies are in place at your institution. A privacy policy governs how the institution collects, processes, stores, and deletes the personal data of constituents; a data classification policy governs how the institution organizes the data it interacts with and what rules are in place for processing it; and an information security policy articulates how the institution governs and prioritizes information security activities. For reference please review the Manhattan College Data Security Policy
• Keep constituents' personal information confidential and limit access to the data.
• Only use data for its intended purpose. If you need to use data for another reason, always check relevant resources and policies first for guidance.
• Destroy or de-identify private information when you no longer need it.

Partially reposted from: Educause Blog January 2019: Data Privacy in an Era of Compliance

Do You Have a Personal Backup Plan?

Most of us would like to say that we are extremely diligent about protecting our data and backing it up on a regular basis. However, we know that this is not always the case. 

Fortunately, backups are easier than ever before thanks to a plethora of options available to most end users. It is critical to create a backup plan for important files and make sure those backups are stored in a separate location (physically or in the cloud) so you can avoid losing valuable information if your computer is lost, stolen, compromised, or simply fails to turn on one day. 

When it comes to backups, just like security, you want to find a balance of being thorough but efficient. We have all heard disastrous stories of losing homework due to the blue screen of death or a misplaced cell phone that tragically stored the only copy of family photos. In addition, you could fall victim to ransomware or another malicious attack that leaves you with no choice but to reinstall your computer's operating system (OS). It never hurts to consider your backup strategy and come up with a plan that leaves you feeling safe and secure. Here are some tips to get you started.

• Data loss happens all the time, but it is entirely preventable. You just need to create a backup plan.
• Your critical data should never reside in a single place.
• The ideal backup strategy will typically include both an online backup service (Google Drive) to ensure your data is secure no matter what happens to your mobile device or computer.
• Running consistent, automatic backups is a straightforward process that will take little time to set up and will require even less to maintain.
• Backups can be configured to run in real time when files on your computer are changed.
• Routinely test your backup solution to ensure you can recover your data in the event that you do actually need to restore from a backup.

Manhattan College IT Services provides unlimited cloud storage with your JasperNet credentials to faculty, staff and students so you can back up your files. If you upload your files to Google Drive you can access them from anywhere. IT Services recommends Google Drive File Stream for storage and back up of files.

Source: STOP. THINK. CONNECT. 

Partially reposted from September 2018: Do You Have a Personal Backup Plan?

How to Protect Your Data and Devices While Traveling with Tech

Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.

Good to know:

• While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
• Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.

Protect your tech and data when traveling:

• Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
• Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
• Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
• Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.

Get your device travel ready:

• Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
• Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
• Delete apps you no longer use.
• Update any software, including antivirus protection, to make sure you are running the most secure version available.
• Turn off Wi-Fi and Bluetooth to avoid automatic connections.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
• Charge your devices before you go.
• Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
• Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
• Don't overlook low-tech solutions:
  • Tape over the camera of your laptop or mobile device for privacy.
  • Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
  • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
  • Label all devices in case they get left behind!

These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.

Partially reposted from https://er.educause.edu/blogs/2017/9/march-2018-how-to-protect-your-data-and-devices-while-traveling-with-tech

Avoiding Ransomware Attacks

Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. According to a 2016 Symantec report, the average ransom demand is almost $700 and “consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.”

Similar to a phishing attack, ransomware executes when a user is lured to click on an infected link or e-mail attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

• an embedded malicious link in an e-mail offers a cheap airfare ticket (see figure 1);
• an e-mail that appears to be from Google Chrome or Facebook invites recipients to click on an image to update their web browser (see figure 2); or
• a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.

Figure 1. Phishing e-mail with ransomware embedded in a link

Figure 2. A fake Google Chrome e-mail

To avoid becoming a victim of ransomware, users can follow these tips:

• Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.
• Avoid clicking on unverified e-mail links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan).
• Use e-mail filtering options whenever possible. E-mail or spam filtering can stop a malicious message from reaching your inbox.
• Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
• Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimize the likelihood of someone holding your computer or files for ransom.
• Back up your files. Back up the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files.

Figure 3. An example ransomware e-mail message

Protect Yourself and Your Identity

In light of the recent Equifax breach, ITS wants to remind our campus community to be aware of steps you can take to protect yourself.
According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen. Online fraud is an ongoing risk. The following tips can help you prevent identity theft.

• Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
• Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
• Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
• Take advantage of free annual credit reports. In the US, the three major credit reporting agencies provide a free credit report once a year upon request.
• If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your social security number, password, or account number in a pop-up ad, e-mail, text, or unsolicited phone call.
• Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
• Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
• Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Consider waiting to access online banking information or other sensitive accounts until you are at home.
• Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.

If you become a victim of identity theft:

• File a report with the US Federal Trade Commission at IdentityTheft.gov
• Use the identity theft report to file a police report. Make sure you keep a copy of both reports in a safe place.
• Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800-525-6285), Experian (888-397-3742), or TransUnion (800-680-7289).

Partially reposted from: https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/community-engagement/security-awareness

Don’t Be Fooled! Protect Yourself and Your Identity

According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen. Online fraud is an ongoing risk. The following tips can help you prevent identity theft.

• Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
• Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
• Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
• Take advantage of free annual credit reports. In the US, the three major credit reporting agencies provide a free credit report once a year upon request.
• If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your social security number, password, or account number in a pop-up ad, e-mail, text, or unsolicited phone call.
• Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
• Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
• Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Consider waiting to access online banking information or other sensitive accounts until you are at home.
• Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.

If you become a victim of identity theft:

• File a report with the US Federal Trade Commission at IdentityTheft.gov
• Use the identity theft report to file a police report. Make sure you keep a copy of both reports in a safe place.
• Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800-525-6285), Experian (888-397-3742), or TransUnion (800-680-7289).

Partially reposted from: https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/community-engagement/security-awareness