As part of National Cybersecurity Awareness month, Information Technology Services would like to share the importance of cybersecurity and tips that can help you protect Metro State, yourself, and your information. We will publish cybersecurity information, tips and resources each week in October. Did you know that malicious email and hackers are targeting higher education? Learn more here: The Increasing Threat of Ransomware in Higher Education (Educause).
- The number of ransomware attacks have more than doubled as cybercrime operations increased throughout the Coronavirus pandemic.
- Surprisingly, education is the most affected sector for malware attacks when compared to other industries like business and professional services, retail and consumer goods, and high tech.
- Within the last thirty days, educational organizations have been the target of more than 6.1 million malware attacks, while the second-most affected industry (business and professional services) has only seen 900,000 attacks.
- FBI's Cyber Division recently warned that ransomware poses a huge risk for higher education, as cybercriminals using this type of attack are now focusing heavily on colleges and universities.
We all share a role in Cybersecurity. Please take a moment to review some Cybersecurity basics.
Multi-factor authentication
You are probably familiar with pop-up reminders that tell you software updates are available for your computer. Software updates and patches are important to your digital safety and Cybersecurity.
Patches can fix potential bugs and security holes while increasing the performance of your devices. IT deploys software and patch updates to university owned computers regularly. Software updates and patching often include security updates that address vulnerabilities to keep hackers out and protect your data. Make sure to restart your computer when you receive a notification prompt to enable the patches and updates to complete. Installing patches regularly on your personal devices is just as critical.
Another added layer of security protection that helps prevent unauthorized access and keeps your information, university and Minnesota State system data protected is Multi Factor Authentication (MFA).
Multi-factor authentication provided by Minnesota State System Office will be required for all Metropolitan State accounts, and for all accounts across Minnesota State by mid-November of 2021. If you have not already set up MFA please enroll now: MFA Schedule and Setup Instructions. To learn more about MFA visit: MFA: FAQs Multi-factor Authentication.
Secure File Storage
Are you familiar with the statement “do not save your files to the local computer c:\ drive or hard drive”? Did you know that if your computer becomes compromised, due to phishing/hacking, you may not be able to retrieve your files? Don’t assume your computer hard drive won't crash because it's new. Hard drives, new and old, all have the potential for hardware failure or crashes. Protect your valuable work and other digital information by making sure documents are backed up.
Resources
Metro State IT urges everyone to save your files using these, backed up, secure file storage resources:
-
University employee network folders, such as H:, S:
-
OneDrive file storage using your Minnesota State O365 account. Each licensed user (typically faculty, staff, and active students) has personal storage of 1 TB (one terabyte, or 1,024 gigabytes).
OneDrive / SharePoint
-
OneDrive is a cloud-based file storage and sharing utility, as so it can present some potential risk, therefore it is important to be aware and intentional about the permission you set to share files, folders, documents and links to them. Everyone has a responsibility to know what type of data you are sharing and with whom you are sharing that information. For instance view files you’ve shared in OneDrive. Additionally, you can Stop sharing OneDrive or SharePoint files or folders, or change permissions.
-
Use your Minnesota State O365 account rather than a personal account, as there may be differences in what you see based on the account you are logged into.
-
Consider using Secure File Transfer to transfer and share files that are more sensitive restricted data.
Secure File Transfer
MoveItSecurely, licensed through the Minnesota State System, allows you to transfer non-public/restricted data and large files securely to another person via a secure server. This service is available to faculty, staff, and students with a StarID. Recipients do not need a StarID. As the sender, you can indicate how many days the recipient has to download the file(s) from their MoveItSecurely "in box." Files can be saved for up to 14 days.
-
MoveItSecurely site: https://securefileshare.minnstate.edu Use your StarID and password.
-
MoveIt Securely: Secure File Transfer instructions (Metro article)
-
MoveItSecurely Support Resources: Knowledge Base and Support Guide
-
Click here for information on Data Security Classification
Password Security
In a recent employee survey, across various industries, more than half surveyed (57%) saved passwords on sticky notes, according to Keeper Security. And it has only increased since the pandemic. The same survey found that 66% of workers are more likely to write down passwords when working from home.
- Do not write down login and password information on paper!
- Never write or type your passwords on a Word document or Excel spreadsheet. Doing this may seem easy for you, but it makes it easy for a hacker to find those passwords and exploit them.
Your University StarID account provides you with access to many computing services at Metro State, including email. These services may provide access to personal and sensitive information and data. Increasingly, malicious software and other methods such as “phishing” are being used to obtain your password. If someone acquires your password, they can gain unauthorized access to your account and university systems. Periodic password changes will help to safeguard your account as well as setting up multi-factor authentication.
The StarID system sends reminder emails to your preferred email address 21 days, 7 days, and 1 day before your password expires. When you receive password expiration email notifications, it is a good practice to go directly to the known resource site you’re familiar with to change your password. For instance, rather than clicking on a link in an email, go directly to StarID Self Service at: https://starid.minnstate.edu/. There is always the potential to receive phishing/malicious email masquerading itself as being from an official system or source, and doing this is an added safeguard you can put into practice.
Create Strong Passwords!
Create a password from a unique, easy-to-remember phrase of 8 to 12 characters. Caution: Do not use the names of children or pets; hackers watch what you do on social media and figure that out. It is better to create and stick to one strong password than to make minor changes to a weak one.
StarID password requirements:
The password complexity requirement associated with the StarID complies with the Minnesota State password security guideline. Passwords must meet or exceed these criteria:
- Changed at least every 180 days.
- Between 8 and 128 characters long.
- Use at least 3 of these types of characters: uppercase, lowercase, numbers, special characters (ex: ?,!,#,”,$,etc.)
- May not have been used before.
- May not contain your first name or last name if they are longer than 2 characters.
All Minnesota State users have a responsibility and must protect their password from unauthorized use and must not share passwords with others. Minnesota State Guideline 5.23.1.1 Password Usage and Handling
The National Cybersecurity Alliance (NCSA) states, “The reality is that passwords are still here, and you need to create robust passwords, enable MFA, and run the security updates and patches. You don’t have to be a technical wizard to do this.”
If you have questions or need assistance please contact the IT Service Desk.