Security

NCSAM Week 5: Ransomware

October is National Cybersecurity Awareness Month. For week five CSU, Chico’s Information Security is focusing on Ransomware.

Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion) while some may simply lock the system and display messages intended to coax the user into paying.

What To Do if You Get Infected with Ransomware

  • Do NOT pay the “ransom” or attempt to contact the ransomware creator.
  • Immediately disconnect your computer from the wired or wireless network, to help avoid your computer from infecting others on the network.
  • Contact ITSS for assistance.

ISEC has recommendations for avoiding ransomware on their web page. Please read this information about ransomware and review all of the Cybersecurity Month content to stay safer and more secure online.

Security

NCSAM Week 4: Malware

October is National Cybersecurity Awareness Month. For week four CSU, Chico’s Information Security is focusing on malware.

Malware: Malware is short for malicious software, it is a software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Viruses: A computer virus is a form of malicious software that piggy backs onto code in order to spread and reproduce itself. It is deployed by an attacker to damage or take control of a computer.

Trojan: A Trojan is a type of malware that disguises itself as legitimate software to gain access into the users system.

Spyware: Spyware is software that enables a user to obtain convert information about computer activity by transmitting data covertly from their hard drive.

ISEC has recommendations for avoiding all types of malware on their web page. Please read this information about malware and follow along each week of Cybersecurity Month to stay safer and more secure online.

Security

NCSAM Week 3: Data Security

October is National Cybersecurity Awareness Month. For week three CSU, Chico’s Information Security is focusing on data security.

NCSAM banner

University data is grouped into three categories:

  • Level 1 – Confidential
  • Level 2 – Internal
  • Level 3 – General

Each of these levels should be protected to varying degrees detailed on ISEC’s Week 3 NCSAM page.

Please read this information about university data security levels, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

NCSAM Week 2: Phishing

October is National Cybersecurity Awareness Month. For week two CSU, Chico’s Information Security is focusing on Phishing.

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft. ISEC has listed some tips for spotting phishing and what to do about phishing scams. This includes paying attention to the From email address, the formatting of the email, and the content.

Please read these tips to avoid becoming a victim of phishing, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

October is National Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCSAM) – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

This year’s Cybersecurity Awareness Month theme is “Own IT. Secure. IT. Protect IT.” with the following calls to action:

  • Own IT.
    • Never Click and Tell: staying safe on social media
    • Update Privacy Settings
    • Keep Tabs on Your Apps: best practices for device applications
  • Secure IT.
    • Shake Up Your Passphrase Protocol: create strong, unique passphrases
    • Double Your Login Protection: turn on multi-factor authentication
    • Shop Safe Online
    • Play Hard To Get With Strangers: how to spot and avoid phish
  • Protect IT.
    • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
    • Stay Protected While Connected: Wi-Fi safety
    • If You Collect It, Protect It: keeping customer/consumer data and information safe

Additionally CSU, Chico Information Security has created weekly cybersecurity themes that will be detailed on their website at www.csuchico.edu/isec. The Week 1 NCSAM theme is Protecting Yourself Online. Surprising statistics, common risks, and cybersecurity best practices have been identified to help you protect yourself and CSU, Chico. Please follow along each week of Cybersecurity Month to stay safer and more secure online.

Security, Workstations

End of Support for Windows 7

After January 14th, 2020 Microsoft will no longer provide security updates or support for Windows 7. As part of CSU, Chico’s commitment to a secure computing environment, ITSS will be migrating existing Window 7 installations to Windows 10 on campus-managed computers by the end of this year.

If you use a campus Windows 7 computer, you can request a migration to Windows 10 at https://support.csuchico.edu/TDClient/Requests/ServiceDet?ID=8031. Please include “Upgrade Windows 7 to Windows 10” in the subject.

The process usually involves a complete erase and install of the computer. We’ll backup user data (if needed), change some firmware settings, install the new OS, and restore the user data.

Personal computers should also be upgraded to Windows 10 before Microsoft ends support. CSU, Chico employees and students can get Windows 10 at https://csuchico.onthehub.com.

Security, Workstations

Critical Windows Updates TODAY

Scheduled Change: Today, August 15th 5:00 PM
Services Impacted: All Windows desktops and laptops

Google Project Zero has disclosed a critical vulnerability in Microsoft’s Text Services Framework that allows an attacker to gain system level access to any computer. The patch for this vulnerability has been released to campus already, with the deadline for applying it set to next Thursday.

Since Google has now released a proof of concept attack based on this vulnerability it is highly likely that malicious versions will be created and deployed as malware in the next few days.

With this in mind, we have pushed up the deadline for applying this month’s security patches to today at 5pm. This means that the patches will begin applying after 5pm and computers will automatically reboot to apply the patches no later than 5pm tomorrow.

Please leave your computer on when you leave work today so the patches can be applied. If you turn your computer off for the weekend, the patches will apply first thing Monday morning and your computer will reboot once the patches are installed.

Campus technicians who have special exceptions to not have enforced updates should install these updates from software center manually as soon as possible. If you have a Windows computer at home, you should also be sure to check for and apply any updates from Microsoft.