K-State broke a record in 2010, but it is not a record to be proud of: 445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.
Obviously, the first thing on this semester’s top-six security list must be:
- Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009) that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
Continue reading “Six things you need to know about IT security at K-State”
The online EDUCAUSE Conference is scheduled this Wednesday-Friday, Oct. 13-15, and K-Staters are welcome to attend the live-streamed sessions (see below) as time allows. Length of sessions vary. About 20 seats are available on a first-come, first-serve basis, so it’s a good idea to arrive early. All sessions are in 202 Fairchild Hall on the K-State-Manhattan campus.
No registration is needed. Further information about each session and the presenter(s) is available in the conference program.
Live-streaming of the EDUCAUSE sessions is being sponsored by the Information Technology Assistance Center. Questions about the sessions should be sent to Ernie Perez, firstname.lastname@example.org.
Continue reading “Live EDUCAUSE sessions: Oct. 13-15 schedule”
K-State’s Chapter 3470 on Technologically Enhanced Classrooms has been completely revised in the university’s Policies and Procedures Manual. The Vice Provost for Information Technology Services (VP-ITS) is responsible for this policy. Questions regarding this policy should be sent to Rebecca Gould, director of iTAC, at 785-532-2298, email@example.com.
Ever since Napster wreaked havoc on K-State’s computer networks in the fall of 1999, the use of Peer-to-Peer (P2P) file sharing applications on K-State’s data network has been prohibited by policy. Partly because of new requirements outlined in the Higher Education Opportunity Act of 2008, K-State revised its P2P file sharing policy during the fall 2009 semester to clarify expectations and to articulate the risks of P2P file sharing that go far beyond violating copyright laws.
Continue reading “Peer-to-Peer file sharing programs prohibited on K-State computers”
In 2009, 431 K-Staters were duped by spear-phishing scam e-mails and gave away their eID password to criminals, who then used the stolen information to sign in to webmail and send hundreds of thousands of spam messages. Obviously, the first thing on this semester’s top-five security list must be:
- Never give your password to anyone in an e-mail message. K-State was plagued by nearly 300 instances of e-mail scams in 2009 that try to trick people into replying with their eID password. It has not slowed down in 2010. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
Continue reading “Spring 2010: Five things you need to know about IT security at K-State”
Jan. 1 through Wednesday, Feb. 10, is the timeframe for all K-Staters to change the passwords on their K-State eIDs for the spring semester. This mandatory password change, which occurs each fall and spring, applies to both individual eIDs and group eIDs. After Feb. 10, unchanged passwords will lose access to K-State webmail, iSIS, K-State Online, K-State dial-in, free laser printing, university computing labs, and other IT services.
An e-mail reminder is typically sent to K-Staters with unchanged passwords a week or two prior to the password deadline. Note that K-State will never ask for your eID password via e-mail. Any message that asks for your password is a phishing scam and should be deleted immediately.
Continue reading “Jan. 1 starts timeframe for changing eID passwords”
To protect sensitive university data from unauthorized disclosure when the media that stores the data is disposed of or reused, K-State’s new Media Sanitization and Disposal Policy is now in effect and has been published in the university’s PPM.
“Media sanitization” is a process by which all data are permanently removed from storage media in a manner that prevents their recovery. This applies to anything that can store data — computer hard drives, CDs and DVDs, backup tapes, USB flash drives, and even paper. We can employ the most strict security controls to protect data while in our possession, but it is all for not if the data remain on a computer hard drive when that system is disposed of, recycled, or reused.
Continue reading “New IT security policy requires removal of data before disposing of media”
K-State’s new System Development and Maintenance Security Policy helps ensure that security is considered at all stages of an information systems’ life cycle. Too often, security is an afterthought when a new application is implemented, or a change to an existing system introduces a new security vulnerability and thereby places university data at risk.
This policy targets anyone involved in the acquisition, implementation, or maintenance of an enterprise information system or “systems that require special attention to security due to the risk of harm resulting from loss, misuse, or unauthorized access to or modification of the information therein.” An example of the latter would be a departmental or college system that contains confidential student or personnel data.
The policy addresses the following areas: Continue reading “System Development and Maintenance Security Policy now in effect”
Two new IT security policies that K-Staters need to be aware of were published recently in K-State’s Policy and Procedures Manual (PPM):
The purpose of these new policies is to help the University better protect its information and technology resources.
Continue reading “Two new IT security policies published”