IT Security Basics

Security Tips
1.      
Set strong passwords that are easy to remember or your user accounts

You password is the first line of defense against malicious users and hackers.

Accounts are assigned to individuals and are not to be shared. Each User is solely responsible for all functions performed from accounts assigned to them. It is a violation of the Acceptable Use Policy for any User to allow others (including other Users within the DUCOM Network) to use or have access to their account. It is a violation to use another User's account, with or without that person's permission. Intentionally or negligently revealing one's password is prohibited. It is a violation to attempt to learn the password to another User's account, whether the attempt is successful or not.

Try this technique next time you set or change your password (do not use the provided example as your password):

1)     Think of a phrase that is personal to you and turn it into a password. For example, “my dog Arry likes to snuggle with me”.
2)     Take the first letter of each word from the phrase: m d a l t s w m
3)     Replace some of the letters with special characters, capital, and numbers: Md@1t$wM
Now you just have to remember the phrase as you type in your password.
 
You could use the following method for replacing letters or create your own technique that is easy for you to remember by adding a parenthesis or space:
  • ‘a’ with @
  • ‘s’ with $
  • space with %
  • ‘o’ with 0
  • ‘i’ with !
 
If you have any questions, please email IT_Security@drexelmed.edu or contact the Technical Support Desk at 215-762-1999.
 
2.      
Microsoft Outlook spam reporting capability
CoM-IT’s email anti-spam solution automatically quarantines spam; however, spam will occasionally go through undetected. You can report spam directly through Outlook using the “Report Spam” button.
 
Please visit our web site to learn more about Blocking Spam.

If you have any questions, please email IT_Security@drexelmed.edu or contact the Technical Support Desk at 215-762-1999.
 
3.      
Reset your forgotten DrexelMed account password through the Password Self-Service Portal
The Password Self-Service Portal is accessible through your smartphone or any computer with an Internet connection. The portal requires that you register your account and set up security questions and answers. If you have not already set up your security questions, you should do so by clicking Register. Upon login, you will be directed through the two-step setup process.
If you don't remember your answers to the security questions you set up, please contact Technical Support at 215-762-1999, or email dmsupport@drexelmed.edu during business hours to reset your forgotten password.
 
4.      
Email data loss prevention best practice
Emails sent outside of the College of Medicine will be inspected by the system for sensitive data in order to attempt to detect accidental transmission of sensitive information (e.g., if someone forgets to use “Send Secure” in Outlook) and encrypt the email before sending, per Email Encryption Policy
 
Should you accidently forgot to encrypt an email going outside of DrexelMed with sensitive data, you should receive an automated notice to let you know the message was sent and auto-encrypted from proofpoint-pps@drexelmed.edu with subject “Message Secured [your email subject]”.
 
It is best practice to follow up with your recipient(s) in a separate email or by phone to make sure they have received the secured message from you. Please visit our website’s page on How to UseEmail Encryption and review the Frequently Asked Questions.
 
If you have any questions, please email IT_Security@drexelmed.eduor contact the Technical Support Desk at 215-762-1999. 
 
5.      
Free anti-virus/malware protection from Sophos

Our Drexel University Sophos Endpoint license is extended to one home Windows computer per person for the duration of employment.

Please visit the
DrexelMed software portal to download the anti-virus program called Sophos Home Use version and follow the installation instructions. For Macintosh computers Sophos offers a free anti-virus program on their website at www.sophos.com

For software installation questions or assistance, please contact Technical Support at 215-762-1999, or email dmsupport@drexelmed.edu.

Learn about how to protect your computer from malware and viruses by visiting:http://www.onguardonline.gov/media/video-0056-protect-your-computer-malware
 
6.      
Check Microsoft Office files for hidden data before sharing with others
Hidden data could contain sensitive information that you may not intend to share (i.e, hidden tabs or cells in Excel, and text in Word, etc…)
1)     In your open MS Office 2010 document, go to “File” select “Info”
2)     Click on “Check for Issues” and select “Inspect Document” from drop down menu.
3)     In the Document Inspector Window, make sure all checkboxes are selected and click the “Inspect” button.
4)     Results will show where data is hidden data and other areas of potential risk. Review these results carefully.
5)     Click “Remove All” to delete the hidden data, where applicable.
Please contact Technical Support at 215-762-1999, or email dmsupport@drexelmed.edu if you have any questions.
 
7.      
Log out of your computer when you leave for the day
Turning off the monitor, minimizing, or closing all windows could lead to someone else misusing your account identify to perform unauthorized actions. Remember, your DrexelMed account use is your responsibility.
 
8.      
Keep software up to date
Keep your operating system and software programs up to date with the latest patches and bug fixes (i.e., Adobe, Java, etc.). Computer software security holes are constantly being identified and malicious code is written to exploit them to collect your personal information and other sensitive data.
 
Patches are automatically updated each month for College of Medicine on domain Windows Operating System computers. Please make sure you are also protecting your personal computers and devices by keeping software up-to-date.
 
 
9.      
Don’t bite on phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive information by masquerading as a trustworthy entity in an email. Phishing attacks commonly target personal or financial data such as credit card numbers, social security numbers, and account passwords. Phishing emails may contain grammatical errors or unusual sentence structure. If you receive a suspicious email asking for sensitive information:
·         Do not reply
·         Do not click on any links
·         Do not open or save any attached files
 
Report potential phishing attacks to IT_Security@drexelmed.edu or contact the Technical Support Desk at 215-762-1999.
 
Remember, Technical Support will never ask you for your password.
 
For a humorous phishing analogy, see this video from OnGuard Online, an online security awareness website managed by US Government: http://www.onguardonline.gov/media/video-0007-phishy-office
 
10.  
Back up your data regularly
Use the network share H: and T: drives to back up work-related documents. For more information about network data storage, please review the Network Data Storage Policy IT-4.
 
If you are you using Cloud Computing to store or backup your personal data somewhere online, here are some tips on how to reduce the risk of that data falling into the wrong hands:
-       Make sure your cloud service provider is a reputable company
-       Use a strong password (preferably one that is different from your other accounts)
-       Enable two-factor authentication technology that requires 2 identifications to log in, like your password and a one-time PIN
-       Encrypt or password-protect files that contain personal or sensitive information
Please contact Technical Support at 215-762-1999, or email dmsupport@drexelmed.edu if you have any questions.
 
11.  
Protect sensitive data with encryption
If it is absolutely necessary to store or transmit electronic protected health information or any other sensitive data to a laptop, smart phone or USB, make sure the device is encrypted. If your device is lost or stolen the bad guys will be unable to access the data.
 
Make sure your devices utilize standard Drexel University College of Medicine encryption solutions:
 
Sophos Safeguard Enterprise or Credant software on computers. You will have the software notification icons on the task bar
 
 
 
 
USB devices must be encrypted with approved HIPAA-regulated vendor solutions (i.e., AES 256-bit FIPS 140-2 certified cryptography) from IronKey or McAfee. Please visit the IT web site section on Encryption for more guidance.
Please contact Technical Support at 215-762-1999, or email dmsupport@drexelmed.edu if you have any questions.