Secure IT

Cybersecurity is our shared responsibility and we all must work together to improve our Nation's and LMU's cybersecurity

Welcome to National Cybersecurity Awareness Month 2018

This October, National Cybersecurity Awareness Month (NCSAM) commemorates 15 years as an annual initiative to raise awareness about the importance of cybersecurity. NCSAM 2018 is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online while increasing the resilience of the nation during cyber-threats. To learn more, visit the NCSAM web site at https://staysafeonline.org/ncsam/about-ncsam/.

Stop by the ITS Information Security table on October 18, 11:30 am to 1:30 pm, at the Emergency Preparedness Fair in Lawton Plaza to share your experiences, ask questions, and enroll in Duo which is required for all faculty and staff eligible for HR benefits.

Weekly Messages from Roberto Perez, Director, Information Security & Compliance

Week 3: We’re excited to kick off the third week of security awareness month. This week, we will focus on how to secure yourself on campus. You may not realize it, but you are a target while in campus, regardless of what you do. Bad guys have shifted how they attack organizations by now targeting individuals like you. You are an extension of our ITS Security Team and security is just as much your responsibility as it is ours. We have great resources to help you, starting with the following:

  • You are a Target!: This poster will help you understand all the different tactics a cyber-attacker would use to target you and the value you have to them. Every device you are connected to makes you increasingly more vulnerable to a cyber-attack. Cyber criminals can quickly target you and your valuable information for their personal gain if given the opportunity. Review this poster to educate you, your organization, and even your family members to better understand the methods a cyber-criminal may take to hack into your mobile device or computer. The information in this poster could provide you with the steps to become less vulnerable in the future and actively engage people in your security awareness program.
  • Social Engineering: This is one of the most common ways cyber criminals attempt to target and hack you, regardless if you are at work or at home. Learn how to detect and stop attacks.
  • CEO Fraud/BEC: This is a growing targeted attack that has become one of the most effective ways bad guys get what they want, targeting organizations like ours.

We encourage you to share these materials with others, including your family, friends. If you have any questions about our activities in October or suggestions on how to improve our cybersecurity efforts, please contact me, Roberto Perez, Director of Information Security and Compliance, I am responsible for our overall information security awareness program and will be happy to hear from you.

Week 2: In this second week of National Cyber Security Awareness Month, we will focus on how you can get started in a career in the extremely exciting field of cybersecurity. A successful career in cybersecurity isn’t just about technical skills. There are actually a growing number of opportunities for people with strong soft skills. Getting started in cybersecurity is easier than you may think. This week we will highlight exciting new ways you can get started.

  • CyberAces is a fantastic website dedicated to getting you started in cybersecurity. It teaches the core concepts needed to assess, and protect information security systems. It also includes training on the fundamentals of Cyber Security, all for FREE!!! (http://www.cyberaces.org)
  • Cyber Start Gois a website developed for students, featuring cybersecurity-related online puzzles and challenges. It introduces students to the world of cybersecurity and describes various career opportunities in the field (https://www.joincyberdiscovery.com/)
  • Cybersecurity Academies are a series of scholarship-based immersion academies that are free for participants. There are different types of academies including Veteran, Diversity, Women, and sponsor based. 
  • #ChatSTC Twitter Chat addresses ways to motivate parents, educators and counselors to learn more about the field and how to best inspire students and others to seek highly fulfilling cybersecurity careers. Use #ChatSTC to join!

Week 1: We know that you have a lot of questions about cybersecurity, especially about what you can do at home to protect yourself and your family. That is why we are so excited to announce a series of activities during October. You will have the chance to participate in a variety of events and collect numerous online resources to help better understand cybersecurity and the simple steps you can take to protect yourself, your family and our University.

We want to enable you to make the most of today’s technology. And in case you were wondering, yes, I will be participating in these activities throughout the month. I’m new to LMU and I’m looking forward to meeting you during these events. Please take them seriously and apply what you learn. I look forward to seeing the results and hearing your feedback.

To get things started, this week we want to share with you great tips on how to “Make Your Home a Haven for Online Safety.” Please check back regularly for additional tips.

If you have any questions about our activities in October or suggestions on how to improve our cybersecurity efforts, please contact us by email at secureit@lmu.edu

 

Week 2: Educating for a Career in Cybersecurity!

  • CyberAces: A fantastic and FREE website to get you started in cybersecurity with the core concepts needed to assess, and protect information security systems. Visit http://www.cyberaces.org.
  • Cyber Start Go: A website developed for students, featuring cybersecurity-related online puzzles and challenges. It introduces students to the world of cybersecurity and describes various career opportunities. Visit https://www.joincyberdiscovery.com/.
  • Cybersecurity Academies: A series of scholarship-based immersion academies that are free for participants. There are different types of academies including Veteran, Diversity, Women, and sponsor based. 
  • #ChatSTC Twitter Chat: #ChatSTC will address ways to motivate parents, educators and counselors to learn more about the field and how to best inspire students and others to seek highly fulfilling cybersecurity careers. Use #ChatSTC to join!
 

 

 

Week 3: It's Everyone’s Job to Ensure Online Safety at Work!

  • You are a Target!: This poster will help you understand all the different tactics a cyber-attacker would use to target you and the value you have to them. Every device you are connected to makes you increasingly more vulnerable to a cyber-attack. Cyber criminals can quickly target you and your valuable information for their personal gain if given the opportunity. Review this poster to educate you, your organization, and even your family members to better understand the methods a cyber-criminal may take to hack into your mobile device or computer. The information in this poster could provide you with the steps to become less vulnerable in the future and actively engage people in your security awareness program.
  • Social Engineering: This is one of the most common ways cyber criminals attempt to target and hack you, regardless if you are at work or at home. Learn how to detect and stop attacks.
  • CEO Fraud/BEC: This is a growing targeted attack that has become one of the most effective ways bad guys get what they want, targeting organizations like ours.

 

 

 

 

 

 

Week 4: Safeguarding the Nation's and LMU's Critical Infrastructure!

 

 

 

 

LMU Information Security

The Information Security team is the primary point of contact for all information security issues on campus, including: computer hacking incidents, malware outbreaks, intrusion prevention, data loss prevention, vulnerability scanning, firewall auditing, guest and temporary access to resources, information security awareness training, privacy legislation compliance, PCI-DSS auditing and compliance, Digital Millennium Copyright Act (DMCA) notices, change control procedures and auditing, and much more. 

Below you'll find a list of important information on major security subjects, and links to subpages where you can learn more about each. At the bottom of the page, you'll find some helpful videos.

 

Password Security

The thing about passwords is, strong ones are far too complicated, annoying, and easy-to-forget. But a weak password can compromise personal information and sensitive data. Click through to learn some helpful tips in creating a strong, easy-to-remember password and watch a playful video on the subject. 

Phishing

While easily mistaken for an activity undertaken at a Phish concert, phishing is serious business. As per your standard definition, phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Learn all about this practice here.

Malware

Malware is seriously bad news. It can corrupt, ruin, or delete your data, or hackers can use it to take your data and hold it for ransom. To learn more about Malware and how to protect yourself from it, click through to this page.

Mobile Device Protection

Chances are, your mobile device contains a deluge of sensitive information and personal data. Watch the video we've embedded on this subpage to hints on how to protect your mobile device and the information stored thereon. 

Digital Shredding

Believe it or not, you can digitally "shred" documents to erase all trace of them. Doing this makes the documents impossible to recover. To find out more about this relatively simple process, click here.

Encryption

You can easily encrypt documents and emails containing sensitive information as an extra security measure. Learn how to do so here.

ITS Security and Support Policies

You'll find all the information you need on ITS security and support policies on this subpage, which contains a list of all such policies with links the appropriate documents and sections of the LMU website. 

Legislation Compliance

While this might not be something you spend a lot of time thinking about, LMU must comply with state and federal legislation governing the use of technology and data security. You can learn all about that legislation by clicking here.

LMU's InCommon Participant Operational Practices

As a participating member of the InCommon Federation, Loyola Marymount University provides information about its practices so others can decide whether to trust our systems based on these declarations.

Full Policies

Read LMU InCommon POP for LMU's full policies.

 

Don't Take the Bait!

 

Security Secrets Revealed: Ransomware