Secure IT
The Information Security team is the primary point of contact for all information security issues on campus, including computer hacking incidents, malware outbreaks, intrusion prevention, data loss prevention, vulnerability scanning, firewall auditing, guest and temporary access to resources, information security awareness training, privacy legislation compliance, PCI-DSS auditing and compliance, Digital Millennium Copyright Act (DMCA) notices, change control procedures and auditing, and much more.
Below you'll find a list of important information on major security subjects and links to subpages where you can learn more about each. At the bottom of the page, you'll find some helpful videos.
- Mandatory Information Security Awareness Training Program for Faculty and Staff - Complete by May 31. Login to MyLMU and click the Brightspace icon on the home page.
- Information Security Reminders for working remotely
- Computer Checklist for working remotely
Phishing On The Rise
In Fall 2018, LMU has seen an increased number of fraudulent emails, or SPAM messages, designed to trick recipients into clicking links, opening attachments, or taking other actions. Specifically, we have seen a large number of Email Impersonation Scams targeting key individuals within the university. These attacks typically seem to come from personnel in positions of authority, and ask targets to perform money transfers, pay invoices, or send sensitive data.
To learn more about how to recognize these phishing emails and protect yourself and our organization from getting hooked, familiarize yourself with the following key phishing identifiers.
Suspicious Email Addresses
If an email seems to be from a legitimate source by came from a nonofficial doman (i.e., @hotmail.com instead of @lmu.edu), it's probably fraudulent. Also check other recipients of the email - if it was sent to a lot of people, especially ones you don't know, you should be suspicious.
Generic Salutations
You should be suspicious of any email that isn't addressed directly to you. Watch out for salutations like "Dear Madam" or "Valued Customer".
Spelling Mistakes and Grammatical Errors
Everyone makes mistakes, but glaring and obvious errors such as "Loyola Mary Mount University" or a plethora of spelling mistakes and grammatical errors are reasons be wary.
Immediate Action Required
Phishing emails frequently have an alarmist tone, to try to rush recipients into taking action and making mistakes. Legitimate organizations rarely ask for immediate action or personal information.
Suspicious URLs
If you hover your cursor over a link, the destination will appear; phishing emails often use URL text in emails that seems legitimate, but directs to not-secure sites.
Attachments
As a general rule, don't open attachments you aren't expecting. If you get a strange attachment from someone you know, contact them before opening it.
Too Good To Be True
If something seems too good to be true, it probably is, especially if you receive offers from companies or services you've never used, or get prizes from a contest you never entered.
Weird Messages From Friends
Phishing emails may come from someone you know, if a friend's email has been hacked or if a hacker created a new email address using a friend's name to try to trick recipients. If you receive a suspicious email from a friend, call or text them about it before opening the message.
Areas Covered by Secure IT
Password Security
The thing about passwords is, strong ones are far too complicated, annoying, and easy-to-forget. But a weak password can compromise personal information and sensitive data. Learn some helpful tips in creating a strong, easy-to-remember password and watch a playful video on the subject.
Phishing
While easily mistaken for an activity undertaken at a Phish concert, phishing is serious business. As per your standard definition, phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."
Malware
Malware is seriously bad news. It can corrupt, ruin, or delete your data, or hackers can use it to take your data and hold it for ransom. Learn more about Malware and how to protect yourself from it.
Mobile Device Protection
Chances are, your mobile device contains a deluge of sensitive information and personal data. Watch the video on this page for ways to protect your mobile device and the information stored thereon.
Digital Shredding
Believe it or not, you can digitally "shred" documents to erase all trace of them. Doing this makes the documents impossible to recover. Learn more about this relatively simple process.
Encryption
You can easily encrypt documents and emails containing sensitive information as an extra security measure.
ITS Security and Support Policies
You'll find all the information you need on ITS security and support policies on this page, which contains a list of all such policies with links the appropriate documents and sections of the LMU website.
Legislation Compliance
While this might not be something you spend a lot of time thinking about, LMU must comply with state and federal legislation governing the use of technology and data security.
LMU's InCommon Participant Operational Practices
As a participating member of the InCommon Federation, Loyola Marymount University provides information about its practices so others can decide whether to trust our systems based on these declarations.
Full Policies
Read LMU InCommon POP for LMU's full policies.