Information Security

Information Security

Our mission is to provide technology tools and services, education, awareness, and guidance to help the FAMU community appropriately protect the confidentiality, integrity, and availability of computing and information assets.

Our responsibilities include:

  • Incident response - working with IT administrators to identify and contain security breaches
  • Information security awareness - providing education on technical threats, vulnerabilities, security trends, and approved best practices
  • Conducting forensic data analysis
  • Guiding disaster recovery and business continuity efforts
  • Developing and maintaining IT Security Policies and Procedures that address the protection needs of the university and ensure compliance with regulatory standards
Got Hacked?

 

Security How-Tos

 

In support of our University’s 5-year Strategic Plan specifically, Priority 5: First Class Business Infrastructure Goal 3 Strategies: Train personnel to implement and maintain appropriate internal controls in high-risk areas (p43)  FAMU Information Technology Services (ITS) partnered with Cyber Safe Workforce LLC. to provide this year’s annual Cyber Security Awareness Training. 

Training Material

Universities across the U.S., including ours, continue to suffer from cyber-attacks. These events have led to outages, identity theft, financial loss, and much more. These losses are not only at times detrimental to the organization but also to the employees whose personal data can be at risk.  ITS is taking every measure available to protect our employees’ information, but technology solutions aren’t always enough. Criminals are getting really good at crafting e-mails that look legitimate.

 

Password Security is Paramount

A strong password is key to protecting your personal information and securing your online interactions and transactions. The strongest passwords are often meaningful, lengthy, complex, varied, and changed frequently.

Florida A&M advocates for strong passwords by requiring members of the University community to change their passwords every 90 days. Check out the tips below to learn the dos and don'ts of creating the strongest password possible.

Devising a Strong Password

When thinking about your potential password, consider:

  • Basing a password on a full sentence (e.g., cuWnPIsd427 from "coming up with new passwords is sometimes difficult") or a line/phrase/verse from a book, poem, or song (e.g., !4scOrE&sEveNYeaRs_ag0) or
  • Using a short phrase, unique word, or acronym composed of mixed cases, special characters, capitalization, numbers, punctuation, and misspellings (e.g., #H8work! or @H0me2day)

Dos and Don'ts of Creating a Password

When actually creating your password, keep in mind the following Dos and Don'ts:

Dos

  • Use at least three (3) of the following characters: alphabetic, mixed case (upper and lower), numeric, and punctuation
  • Create passwords often
  • Create 8-character length or longer passwords or phrases
  • Use 2-factor authentication if available (Google Chrome)
  • Use memorable lies for security questions (e.g., mother's maiden name=Batgirl)
  • Use password management software (e.g., lastpass.com)
  • Lock phone or mobile device with an alphanumeric password (e.g., pattern lock option on Android phones)
  • Wipe down fingerprints on mobile devices

Dont's

  • Share your password with anyone, in-person or via e-mail
  • Use dictionary words or proper names
  • Use easy-to-remember personal information such as: name, family/pets' names, birthdates, etc.
  • Use common sequences (e.g., 12345 or april2013)
  • Use any previously-used passwords or variations of previously-used passwords
  • Use derivatives of your user ID
  • Use the same password for all of your logins
  • Write down passwords on post-it notes near device

 

Mobile computing devices are devices such as tablets, smart phones, USB devices, and laptop computers. The very features that make these devices useful (portability, access connectivity, data storage, processing power, etc.) also make them a security risk to users and to Florida A&M University (FAMU) when those devices contain university data. Major features of mobile devices that create risk to the user, and potentially the university as well, include their small size (they can easily be lost or stolen), weak user authentication mechanisms that can easily be compromised or simply disabled by the user, and their ease of interconnectedness.

This document explains general end-user security measures that can be taken on mobile devices. Taking action to personally ensure computer security helps protect everyone from data and identity theft, viruses, hackers, and other threats. Every member of the FAMU community who uses a mobile computing device can make the Maryland computing environment more secure by following these best practices.

General Security - Your department’s IT staff may be able to assist you with the following:

  • Obtain management approval of mobile devices prior to using the devices to handle and store university data. Management may also require the completion of training on proper device handling and management practices prior to receiving authorization.
  • Keep your mobile devices with you at all times or store them in a secured location when not in use. Do not leave your mobile devices unattended in public locations (e.g. airport lounges, meeting rooms, restaurants, etc.).
  • Deploy approved hardware encryption software. Ensure that the selected software employs whole disk encryption.
  • Mobile devices should be password protected and auto lockout should be enabled. The password should block all access to the device until a valid password is enabled. The password used should be as strong a password as your device will support. 
  • If available, enable a “remote wipe” feature. This also includes features that delete data stored on the mobile device if a password is not entered correctly after a certain number of specified tries.
  • Do not circumvent security features or “jailbreak” your mobile device.
  • Wipe or securely delete data from your mobile device before you dispose of it.
  • Lost or stolen mobile devices should be immediately reported to the police. If your mobile device contained Florida A&M University data, also inform your IT department about the loss or theft of the device. 
  • Apply computing device security software patches and updates regularly.
  • Apply computing device operating system patches and updates regularly.
  • Apply computing device application software patches and updates regularly (e.g. word processor software, IM clients, and other programs).
  • Install and use anti-virus and anti-spyware software on the computing device, keep software definitions up to date, and run regular scans. We recommend you obtain antivirus software. For anti-spyware we recommend the following free software: Malwarebytes, SUPERAntiSpyware, and Spybot.
  • Install and enable a hardware and/or software firewall. Information about firewalls can be found at:
  • Configure computing device so that it runs in least privilege mode (e.g. user) and times-out after a 15-minute period of inactivity.
  • Activate and utilize a lock feature prior to leaving the computing device unattended.
  • Regularly verify that system security measures are enabled on your computing device.
  • Never share directories and files without access controls.


Transmission Security

  • Where possible, data transmissions from mobile devices should be encrypted.
  • Wireless access (Bluetooth, Wi-Fi, etc.) to mobile devices should be disabled when not in use to prevent unauthorized access to the device.
  • If available, wireless access should be configured to query the user for confirmation before connecting to wireless networks.
    • For example, when Bluetooth is on, select the “check with me before connecting” option to prevent automatic connections with other devices.
  • If available use the VPN Client Software offered by FAMU to connect to campus resources.
  • Avoid unencrypted public wireless networks. Such Wi-Fi networks require no authentication or password to log into, so anyone can access them--including the bad guys.


Application and Data Security

  • Do not install software from unknown sources as they may include software harmful to your device. Research the software that you intend to install to make sure that it is legitimate.
  • When installing software, review the application permissions. Modern applications may share more information about you than you are comfortable with, including allowing for real time tracking of your location.
  • Be careful when storing your personal data on your mobile device. If you lose the device, you could lose your data.
  • Follow the National Institute of Standards and Technology’s recommendations for Mobile Security (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf) with respect to Florida A&M University data stored on your mobile device.

For help, please contact the Security Team of the Information Technology Services Department at phishbowl@famu.edu and/or call the HelpDesk at 850-412-4357.

 

Phishing is an attempt made by an individual or group to obtain personal information from unsuspecting users by posing as a trusted organization or individual, such as technical support or one’s bank. Commonly, this is done through email messages that are specifically crafted to look similar to actual communications sent by the organization or individual, at times even using real company logos and information. Please forward any possible phishing email messages to phishbowl@famu.edu. You may also call the IT Help Desk at (850) 412-HELP(4357) to speak with a customer service agent about the issue. 

What is phishing?

Phishing is an attempt made by an individual or group to obtain personal information from unsuspecting users by posing as a trusted organization or individual, such as technical support or one’s bank. Commonly, this is done through email messages that are specifically crafted to look similar to actual communications sent by the organization or individual, at times even using real company logos and information. Within the email users may be asked directly to provide specific personal information or they may find instructions directing them to a link that they must click on, leading them to a fraudulent website designed to look legitimate. Once on the site the user is often requested to provide personal information, such as usernames and passwords, which can be used to assist with future compromises or lead to identity theft. In some cases these fraudulent sites may contain malicious code meant to infect the user’s computer with a virus or other form of malware.

What to do if you fall victim to phishing or think you are being phished?

Email: Please forward any possible or known phishing email messages to phishbowl@famu.edu.

Phone: You may also call the IT Help Desk at (850) 412-HELP(4357) to speak with a customer service agent about the issue.

  • Update your password. If you use the same password for other online accounts, change the password for those accounts.
  • Change the security questions associated with the online accounts.
  • Monitor your accounts for suspicious activities.
  • Refer to our instructions on How to Run A Virus Scan.

How to avoid phishing attacks?

United States Computer Emergency Readiness Team – Avoiding Social Engineering and Phishing Attacks

United States Computer Emergency Readiness Team – Recognizing and Avoiding Email Scams