Secure IT

Information Security Starts with YOU! Be safe online and offline. Safeguard your online presence and your belongings. Do not leave your computer or personal items unattended in public spaces.

7 Online Safety Tips for College Students

ITS Security Update 8.20.2019

Welcome to the Fall 2019 semester. Here are seven tips that will get your digital house in order and keep you safe online this semester. These tips are not just for students. Anyone who uses computers can benefit from these tips. 

  1. Don't Download Entertainment From Third-Party App Stores 
  2. Beware of Phishing Campaigns 
  3. Watch Out for 'Evil Twin' Hotspots
  4. Rethink Your Social Media Presence
  5. Only Do Business with HTTPS Sites
  6. Opt for Two-Factor Authentication
  7. Download All Updates and Use Backups

To read the full article, click here.

###

 

For LMU Zoom, the video option is set to Off to prevent any potential security risks. Keep in mind that users have the option to turn video on during a meeting.

Critical Zoom security flaw could let websites hijack Mac cameras

UPDATE: Both Zoom and Apple have pushed patches to address this security flaw. As of Friday, July 12, 2019, if you are running the most up-to-date version of Zoom, your computer is not at risk. To find out whether you're running the most recent version, click here.

Read a full chronology of events, as well as official statements, on the Zoom blog.

-----------

ITS Security Update 7.9.2019

The Information Security team has just learned of this potential vulnerability and wants to assure LMU Zoom users of the following:

  • It only impacts Mac users.
  • As a precaution, we have turned video off as a default setting for scheduling and attending meetings. 

See the screenshot below if you'd like to locate your default camera settings to check for yourself. If you have any questions, please contact the ITS Service Desk at 310-338-7777 or servicedesk@lmu.edu.

 

 

 

###

 

The IRS Dirty Dozen Scams

ITS Security Update 3.7.2019

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, the IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the IRS’s Dirty Dozen alert, check the IRS website for more daily Dirty Dozen tax scams, and see CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.

How to Detect IRS-Related Phishing Emails
A tax-related phishing email often mentions "IRSgov,” instructing you to update your IRS online account right away. The most telling sign that it’s a scam is the missing dot between “IRS” and “gov" in the web address.

Other phishing emails can state that:

  • You qualify for a refund, but you must click on a link and fill out a form to access it.
  • Your credit card funds were fraudulently used by someone else, but you can recover some of the money by visiting the included website.
  • You will get a large sum in lottery winnings, a tax refund or an inheritance if you provide your personal and financial information.

Remember, the IRS will never contact you via phone, email, fax or social media to request personal or financial data or demand immediate payment. If you’re unsure whether a mailed notice is genuinely from the IRS, call the agency to find out.

Visit ITS Phishing web site at https://its.lmu.edu/secureit/phishing/ for additional information.

###

 

McAfee Endpoint Security (ENS) Upgrade Starting Feb. 18

ITS Security Update 2.15.2019

McAfee ENS upgrade to provide additional security protection against malware and virus infections for all the LMU-issued computers

ITS Security is upgrading the McAfee endpoint security product to the latest version called McAfee Endpoint Security (ENS). This new platform upgrade will provide additional security protection against malware and virus infections for all the LMU-issued computers.

This new platform has already been extensively tested by the ITS security team, and all of the ITS staff members have already been migrated to this new version.

This message is to make sure you are aware of this upgrade. No action is required from you as the upgrade will be transparent.

As always, should you have any issues or concerns about this upgrade, please contact the ITS Service Desk.

Frequently Asked Questions on McAfee ENS

What is McAfee ENS?
MacAfee Endpoint Security (ENS) is the latest endpoint security platform from McAfee, which is LMU's endpoint security vendor, this new version adds additional layers of malware protection to our computer systems.

Why do we need to have this on the LMU-issued computers?
Every LMU-issued computer already has the McAfee endpoint agent installed, this is simply an upgrade to the latest version.

How will this affect my daily work?
This upgrade is a non-intrusive process, you should not experience any issues during the upgrade process or after the upgrade is completed.

When will my computer be migrated?
The upgrade process will begin on Monday, Feb. 18th, and should last through the end of March. We are planning on migrating about 100 or so computers every week. Again, the process should be transparent for end users.

###

 

Email Security Breach Alert

ITS Security Update 2.1.2019

This was not a breach at LMU, but from an unknown site or sites where you registered using your LMU email.

In early 2019, news of the Collection #1 email breach arrived. An astounding 772,904,991 (773 million) email addresses were compromised in this breach.

If you received an email with the subject line "ITS Security Alert: Change Your Password ASAP", your LMU email was part of the breach. If this is the case:

Change your LMU network password ASAP. 

Information Technology Services has learned that some user's LMU account has been identified as one of the accounts that were part of this. This was not a breach at LMU, but from an unknown site or sites where you registered using your LMU email. ITS recommends that at least you change the password everywhere you have it shared and avoid sharing passwords across multiple sites in the future.

Information Security is everyone’s responsibility. We need to ensure best practices when it comes to online activities. Visit our  to learn more about password security, phishing, and related topics that will increase information security awareness and help prevent a situation like this in the future.

If you need assistance in changing your LMU password, please contact the ITS Service Desk.

###

 

 

Phishing On The Rise At LMU

Click here for our guide to safe shopping online.

In Fall 2018, LMU has seen an increased number of fraudulent emails, or SPAM messages, designed to trick recipients into clicking links, opening attachments, or taking other actions. Specifically, we have seen a large number of Email Impersonation Scams targeting key individuals within the university. These attacks typically seem to come from personnel in positions of authority, and ask targets to perform money transfers, pay invoices, or send sensitive data. To learn more about how to recognize these phishing emails and protect yourself and our organization from getting hooked, read the following list of key phishing identifiers, or click here to see an example of a phishing email: Anatomy of a Phishing Email

 

 

1. Suspicious Email Addresses - If an email seems to be from a legitimate source by came from a nonofficial doman (i.e., @hotmail.com instead of @lmu.edu), it's probably fraudulent. Also check other recipients of the email - if it was sent to a lot of people, especially ones you don't know, you should be suspicious. 

2. Generic Salutations - You should be suspicious of any email that isn't addressed directly to you. Watch out for salutations like "Dear Madam" or "Valued Customer". 

3. Spelling Mistakes and Grammatical Errors- Everyone makes mistakes, but glaring and obvious errors such as "Loyola Mary Mount University" or a plethora of spelling mistakes and grammatical errors are reasons be wary. 

4. Immediate Action Required- Phishing emails frequently have an alarmist tone, to try to rush recipients into taking action and making mistakes. Legitimate organizations rarely ask for immediate action or personal information. 

 

5. Suspicious URLs - If you hover your cursor over a link, the destination will appear; phishing emails often use URL text in emails that seems legitimate, but directs to not-secure sites.

6. Attachments - As a general rule, don't open attachments you aren't expecting. If you get a strange attachment from someone you know, contact them before opening it. 

7. Too Good To Be True - If something seems too good to be true, it probably is, especially if you receive offers from companies or services you've never used, or get prizes from a contest you never entered. 

8. Weird Messages From Friends - Phishing emails may come from someone you know, if a friend's email has been hacked or if a hacker created a new email address using a friend's name to try to trick recipients. If you receive a suspicious email from a friend, call or text them about it before opening the message. 

 

 

LMU Information Security

The Information Security team is the primary point of contact for all information security issues on campus, including: computer hacking incidents, malware outbreaks, intrusion prevention, data loss prevention, vulnerability scanning, firewall auditing, guest and temporary access to resources, information security awareness training, privacy legislation compliance, PCI-DSS auditing and compliance, Digital Millennium Copyright Act (DMCA) notices, change control procedures and auditing, and much more. 

Below you'll find a list of important information on major security subjects, and links to subpages where you can learn more about each. At the bottom of the page, you'll find some helpful videos.

 

Password Security

The thing about passwords is, strong ones are far too complicated, annoying, and easy-to-forget. But a weak password can compromise personal information and sensitive data. Click through to learn some helpful tips in creating a strong, easy-to-remember password and watch a playful video on the subject. 

Phishing

While easily mistaken for an activity undertaken at a Phish concert, phishing is serious business. As per your standard definition, phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Learn all about this practice here.

Malware

Malware is seriously bad news. It can corrupt, ruin, or delete your data, or hackers can use it to take your data and hold it for ransom. To learn more about Malware and how to protect yourself from it, click through to this page.

Mobile Device Protection

Chances are, your mobile device contains a deluge of sensitive information and personal data. Watch the video we've embedded on this subpage to hints on how to protect your mobile device and the information stored thereon. 

Digital Shredding

Believe it or not, you can digitally "shred" documents to erase all trace of them. Doing this makes the documents impossible to recover. To find out more about this relatively simple process, click here.

Encryption

You can easily encrypt documents and emails containing sensitive information as an extra security measure. Learn how to do so here.

ITS Security and Support Policies

You'll find all the information you need on ITS security and support policies on this subpage, which contains a list of all such policies with links the appropriate documents and sections of the LMU website. 

Legislation Compliance

While this might not be something you spend a lot of time thinking about, LMU must comply with state and federal legislation governing the use of technology and data security. You can learn all about that legislation by clicking here.

LMU's InCommon Participant Operational Practices

As a participating member of the InCommon Federation, Loyola Marymount University provides information about its practices so others can decide whether to trust our systems based on these declarations.

Full Policies

Read LMU InCommon POP for LMU's full policies.

 

Don't Take the Bait!

 

Security Secrets Revealed: Ransomware