Category Archives: ITS

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

  • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
  • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
  • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
  • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
  • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
  • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .

 

@MiddInfoSec: Beware of Presidential Election Related Phishing Emails

Every election year we find our senses pounded with propaganda from pundits and candidates trying to sway us to one political camp or another. Computer attackers are leveraging our curiosity, and perhaps desensitization to political messages to launch attacks with purportedly political themes.

Recent phishing attacks that have been reported by security firms such as KnowBe4 include:

  • Trump Withdraws from Presidential Race
  • Sanders Withdraws from Presidential Race
  • Update your voter registration
  • Hillary Clinton Indicted by FBI on Email Scandal

Watch for these and other email phishing attacks. Know how to spot a phish. Learn more at http://go.middlebury.edu/phish.

@MiddInfoSec – New Phishing Threat

Information Security has become aware of a new phishing threat with a subject line of “ITS Help-desk”. Please see below for the full content of this attack. Note this email is a hoax and should be deleted from your email. Do not reply to this message and do not click any links in this message. If you have any questions please feel free to contact the help desk at x2200 or forward the message to phishing@middlebury.edu.

phish

Important reminders to spot a phish include:

  1. Read the entire email from start to finish to ensure that the content and language fits with the sender.
  2. Hover your mouse over links to ensure the link directs you to the destination indicated by the email.
  3. Look for miss placed language, such as copyrights or signatures, that do not match the sender.

For additional information on phishing please visit http://go.middlebury.edu/phish

@MiddInfoSec: Information Security RoadShow: 2/23/2016

Plan ahead for a lunch and learn RoadShow. On February 23rd, 2016 ITS-Information Security will be hosting a RoadShow conversation on safe computing practices and phishing avoidance techniques in Lib145 from 12:00 to 1:00. This conversation is open to the entire Middlebury community. All are encouraged to come.

Topics include:

  • How to spot a phish
  • Safe download practices and installing applications on your computer
  • Data classification and sensitive data
  • Removable media and when to use it
  • Password management and what to do with all of those passwords

 

Follow ITS-Information Security on Twitter: @MiddInfoSec

@MiddInfoSec: Guard Your Privacy When Offline or Traveling

Information Security has a New Twitter feed and other new content on their website. Follow us at @MiddInfosec or visit our website at http://go.middlebury.edu/infosec

Planning a spring break vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and guard your privacy.

  • Track that device! Install a device finder or manager on your mobile device in case it’s lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
  • Avoid social media announcements about your travel plans. It’s tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to “check in” to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you’re traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
  • Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.

Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for “shoulder surfers” at the ATM.

Canvas Adoption Proposal

Below is the official proposal for the adoption of Canvas, crafted and submitted by the Curricular Technology Team. Many faculty, students and staff contributed to the pilot that informed the proposal, we sincerely appreciate everyone’s efforts. There are a couple of notes about the proposal: The proposal assumes that the Canvas budget request will still…

[Continue reading]

Protect Your Privacy

Information Security has a New Twitter feed and other new content on their website. Follow us at #MiddInfosec or visit our website at http://go.middlebury.edu/infosec

You and your information are everywhere. When you’re online you leave a trail of “digital exhaust” in the form of cookies, GPS data, social network posts, and e-mail exchanges, among others. It is critical to learn how to protect yourself and guard your privacy. Your identity and even your bank account could be at risk!

  • Use long and complex passwords or passphrases. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
  • Take care what you share. Periodically check the privacy settings for your social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet¬¬ usually stays on the Internet.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.
  • Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
  • Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.

Digital Media Bootcamp Update

We’ve added another session to the Digital Media Bootcamp.

Wilson Media Lab

Wilson Media Lab

Quicktime, SnapZ Pro, MPEG Streamclip, Scanners, Plotters and more @ 2:15pm

Date: January 18, 2016

Mack Roark – This workshop will teach you the basic functionality of Apple’s Quicktime, how to use SnapZ Pro to do a screen capture of video, and how to use features of MPEG StreamClip to view and convert video clips. Also included is an overview and demonstration of the scanners, plotter, and capture station located in the Wilson Multimedia Development Lab. You will learn the basics of how to operate these devices and the software associated with them. This is a 2 hour workshop.

Current List of Workshops

Title Date
Quicktime, SnapZ Pro, MPEG Streamclip, Scanners, Plotters and more @ 2:15pm January 18, 2016 View & sign-up »
Liberal Arts Data Bootcamp – Working with Data @1pm until 4pm January 19, 2016 View & sign-up »
Liberal Arts Data Bootcamp – Visualizing Data @1pm until 4pm January 20, 2016 View & sign-up »
Liberal Arts Data Bootcamp – Mapping Data @1pm until 4pm January 21, 2016 View & sign-up »
Liberal Arts Data Bootcamp – Analyzing Textual Data @1pm until 4pm January 22, 2016 View & sign-up »
Introduction to Information Literacy @ 2:45pm January 25, 2016 View & sign-up »
Safe Computing Practices at Middlebury @ 1pm January 25, 2016 View & sign-up »
Online Identity: Your Story to the World @ 2:45pm January 26, 2016 View & sign-up »
Online Recording Lab: SANSSpace @ 1pm January 27, 2016 View & sign-up »
Intro to Audio Literacy @ 3:30pm January 27, 2016 View & sign-up »
Intro to Visual Literacy and Presentations @ 3:30pm February 3, 2016 View & sign-up »

Friday Links — December 18, 2016

Virtual Reality

Image: Shawn Whiting, Erin Carson/TechRepublic

Virtual reality in 2016: The 10 biggest trends to watch – one point of view on what to expect, and what not to expect, in virtual reality in the coming year.

The 10 most important lessons IT learned in 2015 – Before moving on to the new year it is a good idea to reflect back on lessons learned during the previous 12 months. It is also a good idea to compare our experience to that of others.