Belinda Perkinson

Belinda works with the ITCS Training and Communications team at East Carolina University.

Jan 272014
 

Phishing is a method by which someone tries to lure you into revealing your valuable personal information, such as an account password or credit card number. The intent of this type of scam is to gain access to your user accounts or money—something we all want to avoid.

The problem we face today is that phishing scams are becoming more and more convincing. They look like authentic communications from people and organizations that we know and trust. No longer can we depend on finding misspelled words in a hastily written email or obvious mistakes on a fake website to know that something is amiss.

Phishing attacks are being carried out with far greater attention to detail. Emails and websites look surprisingly authentic, easily fooling the casual observer. But how can we tell the difference?

Fortunately, most phishing scams have some telltale signs that will give them away. Here’s what to look for and what to do:

  • BE WARY of any request for your password, account number or other personal information, especially if the request is urgent and a web link is given for you to submit your information. This is the key signature of a phishing scam.
  • DO NOT click on the imbedded link, even if you are curious. Sometimes, these links will take you to a fake website to harvest your information and sometimes they will infect your computer with malware.
  • DO check with your trusted source (e.g., your bank, online retailer, IT department) to determine if the request is legitimate. Be sure to open a new browser window and type in the home address and navigate from there. Or simply give them a call on the phone.

For more information see Don’t be “Phooled” by Phishing Scams at http://www.ecu.edu/cs-itcs/itsecurity/Phishing-Scams.cfm.

Apr 152013
 

Do you know what to do if your ECU computer is stolen? What if you actually respond to a phishing email? These two scenarios and more are termed a security incident, and it’s important to report them to the IT Help Desk.*

The term, security incident, is any computer, network or paper-based activity which could result in misuse, damage, denial of service, compromise of integrity or loss of confidentiality of the ECU network, your computer (which is connected to the ECU network) and data (paper or digital).

Threats, misrepresentations of identity or harassment of or by individuals using these resources can also result from a security incident.

It is important that all incidents, whether benign and accidental or malicious and deliberate, be reported so that appropriate resolution is undertaken with the least data loss or compromise.

Security incidents you are required to report include, but are not limited to, the following:

  • Lost or stolen computer or smart device
  • Lost or stolen files containing sensitive information
  • Unauthorized access to sensitive information
  • Unauthorized access to your computer
  • Compromise of your ECU user account passphrase
  • Compromise of your personal computer
  • Unauthorized use of your user account
  • Unauthorized access to your locked office or files
  • Unusual activities on your computer or network
  • Unauthorized scans of your computer or the network
  • Accidental disclosure of personally identifiable or sensitive information in response to a phishing scheme
  • Virus, worm or Trojan horse activity on your computer
  • Disclosure of sensitive data, including paper disclosure, email release or inadvertent posting of data on a website
  • Suspected information technology policy violation

To report any security incident, call the IT Help Desk 252.328.9866 or 800.340.7081. If you’re unsure whether or not an activity is a security incident, call the IT Help Desk who can help make a determination.


*Do not call the IT Help Desk if you receive a threat to yourself or others. Report any threats to yourself or others to the appropriate law enforcement agency.

 

Mar 252013
 
What does your smartphone know about you?

More than you realize.

When you think about it, we use our smartphones for a lot of routine activities in our daily lives. We send email, keep up with family and friends, and even shop online. While these activities seem harmless, they can leave behind data footprints that reveal information about us we’d rather keep private. We certainly don’t want others to know about our personal conversations, our family activities, or anything related to our bank accounts and credit cards.

What does your smartphone know about your work?

Using your smartphone to access your ECU work email can expose sensitive university information to others. For example, using your work email to address sensitive personnel issues, confidential business decisions, legal matters, and patient treatments can leave sensitive details on your smartphone.

If your phone is lost or stolen and is not properly secured, the thief may now have unrestricted access to your email and other sensitive work information.

For more information see the ECU Smartphone Security Guidelines.

Keep your smartphone safe and secure

Smartphone Maintenance

Smartphones are essentially pocket-size computers that are just as vulnerable to viruses and other attacks as your laptop or desktop. So it’s important that you protect your smartphone as you would any other computing device.

It’s important that you do:

  • keep your smartphone operating system (OS) and apps updated
  • password protect your smartphone
  • enable data encryption on your smartphone
  • use remote data wipe (removal) features on your smartphone

And that you don’t:

And be sure to report lost or stolen smartphones, which have been used to access or store ECU sensitive information to the IT Help Desk at 328-9866.

See the Smartphone FAQ below for additional guidance.

Smartphone Security

In the coming months, ECU will test a Mobile Device Management (MDM) solution to assist with the management of personal and university-owned mobile devices, such as smartphones and tablets. This solution will enable us to provide a more secure computing environment for the university community.

The MDM solution includes such features as passcode protection, device encryption, remote data wipe and auto-configuration for accessing ECU resources.

Frequently Asked Questions

Why am I being instructed to avoid storing sensitive data on my smartphone? It’s very convenient and helps me be more efficient and effective in my work.

The availability, capability and ease of use of personally-owned smartphones have resulted in an explosion of use in business, education and patient care. The use has quite honestly out-paced the security and compliance framework needed to ensure secure access to and storage of sensitive information. The loss or theft of your smartphone could lead to a data security breach resulting in costly fines and reputational damage for the university.

What should I do if I am accessing or storing sensitive data on my personal smartphone?

Please delete any sensitive data from your smartphone. The university does not have appropriate policies and tools in place to safeguard sensitive data on smart devices. ECU will soon begin pilot-testing a mobile device management tool to assist in providing safeguards for mobile devices. You will see announcements soon on information forums to discuss the features of this tool and plans for the rollout.

I use my smartphone to access ECU email. What can I do to protect my email?

See the Smartphone Best Practice Guide for tips on securing your smartphone. A few simple steps can help protect your ECU email. Password protection, device encryption, deletion of emails from smartphones, enabling remote wipe, installing antivirus, avoiding downloading games and applications from untrusted sources are examples of steps to take.

I don’t know how to implement the steps you suggest. How do I secure my smartphone?

Check with your phone manufacturer for the specific steps to secure your phone. You can also check the manufacturer’s website. Many providers offer free classes on using your smartphone. Check the Smartphone Security Best Practice Guide and Smartphone Encryption Guide for additional resources.

What is “jailbreaking”?

The term, “jailbreaking,” refers to changes made to an iPhone, iPad, or iPod that allows users to install software applications that are not available through the Apple Store.  Hence, the device is liberated and free to load whatever apps the user desires.

“Rooting” is a similar activity for Android smartphones that provides users with privileged access to the phone’s internal settings and controls. This allows users to load applications that could not be installed otherwise, because they require root access to function.

There are stability and security concerns with jailbreaking/rooting smartphones; what’s more, jailbreaking/rooting your phone may negatively impact vendor support for your device.