Information Security

Padlock on keyboard next to credit cards

Information Security is the practice of defending information from unauthorized access, use, disclosure, modification or destruction. In today’s world, the proliferation of electronic media has brought a new level of awareness of both the plethora of available information and the dangers associated with not protecting it.

The Fitchburg State IT department is always looking for tools to safeguard student and employee information. It takes a village, however, and our goal is to be a partner in the mission to both protect data and educate our community to be responsible for the information and data (personal and business-related) with which we come in contact every day. 

Working to Protect

At Fitchburg State we are always working to keep the campus safe from cyber attacks. You may see these tools in use on your devices while going about your day-to-day.

  • Multi-Factor Authentication - Helping to make sure you are the one logging into your account
  • Endpoint Protection - Antivirus software is a key component to help keep your devices safe.
  • Enterprise Firewalls and DNS security - These tools work to keep you safe when browsing the internet.
  • DLP software - This works in tandem with encryption to make sure sensitive data on your system can be protected.
  • Policies and planning - Keeping a handle on all the regulations needed to protect your data. Take a moment a review those that apply to you.

University Credentials (formerly Falcon Key) / Passwords

Security experts always tell you to choose a long, complicated password, which preferably contains numbers and punctuation characters rather than just letters. Because a password, which consists of a combination of entries from a 26-character repertoire (a-z), is much easier to crack than if the range of characters is 52 (a-z and A-Z) or 62 (including digits too).

If you've ever wondered just how secure your favorite password is, here's a simple website that will tell you. Just go to How Secure is My Password and start typing. As you type, the indicator is updated after every character to tell you approximately how long a desktop PC typically takes to crack it.

At home, remember: it's far more convenient to choose a good password in the first place than it is to change it. You can write your passwords down and keep them in a safe location or use a program like Password Safe.

The main reason for regular password changes is to limit your account's exposure to misuse. Whenever you type your password, it is at risk of compromise - by someone looking over your shoulder, through interception as it travels across the network, and possibly through a Phishing scam. Have you ever shared your password with a friend or family member? If so, you might be inadvertently putting your information in unintended hands. Certainly, if you break up with someone with whom you've shared a computer, change them all!

If a hacker gets your password either by guessing or stealing it, he can access your network or account for as long as your password is valid. Updating your password every quarter significantly limits the utility of that password to an attacker.

If you suspect your account has been compromised, we strongly recommend you contact the Help Desk <Link to Help Desk> and change your password. This goes for personal accounts too. If you suspect a virus or malware on your phone, it is crucial to clean up the device before entering any other passwords on it.

When you sign into your account for the first time on a new device or app (like a web browser), you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

The three most common factors are:

  • Something you know. Your password or a Pin on your phone
  • Something you have. Your smartphone with an app or a secure USB Key
  • Something you are. A fingerprint or facial recognition

MFA helps protect your account by proving you are who is logging in. If your password was compromised, then the attacker could log in from anywhere. With MFA, you can prevent an attacker from using your credentials without you knowing.

Some common MFA applications are Microsoft Authenticator and Duo. 

Keeping track of passwords is a challenge many of us face in today's digital age. It is important to store passwords in a secure location that is easily accessible when needed, while also ensuring that they are encrypted. One solution to this issue is using a password manager. These applications allow you to store different passwords for various applications, while only requiring a single master password and multi-factor authentication for access. A couple of options to look at are 1password, LastPass, or Keeper

What to Watch Out For

Phishing attacks target YOU, the individual, with a sense of urgency. The goal of the attack is to get you to provide the attacker with information to access your account, your colleges account, or to send money somewhere. Once the attacker has the information, they pivot to identity theft, financial loss, or accessing sensitive information. With your credentials, the works their oyster!

To protect yourself - Think Before You Click

  • Hover over the links in an email to see what website address each is pointing to.
  • When in doubt, go directly to the website by typing the website address in your browser's address bar.
  • Verify any urgent requests that come from a contact within your organization to confirm they are valid, particularly before transferring money or divulging information.
  • Only open attachments that come from known senders.
  • Never click/enable macros or content from unknown sources.
  • Send any suspicious emails to phishtank@fitchburgstate.edu.

Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.

In many cases, the smishing message will come from a "5000" number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

Recently we have seen “Smishing” messages being sent to alumni groups. Do not respond to smishing messages.

Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. If you suspect your computer has been hit by ransomware, e.g. you start to see strange files on your computer, Turn off the computer and bring your laptop to IT or an IT professional. 

To protect yourself:

  • Ransomware commonly happens after a phishing attack. Be vigilant about suspicious links and not enabling macros from unknown sources.
  • Update your computer and phone. Vulnerable applications and OSs are the targets of most ransomware attacks.
  • Back up data regularly. Keep it on a separate device and store it offline. An external hard drive can be a great spot to keep family photos and documents in case of an attack.

Questions? Get in touch.