How to Avoid Hackers by Mike Ciri, IT Services Director
Nine motions have been endorsed by Chief Human Resources Officer
This recent phishing message (pictured below) was specifically tailored to UAS employees. The hacker was able to take advantage of Google apps to make the message appear to come from email@example.com. Since Google allows hackers to set up web forms on secure pages, they were able to provide an HTTPS link to make it appear that the site was valid. Finally, they also added a University of Alaska copyright and a legal message at the bottom to make it seem more legitimate.
IT Services will continue working to promote security awareness, but security awareness needs to be on every employee’s mind. I encourage you to work within your units to help protect our sensitive data. Here are some things to keep in mind:
- Be very suspicious of messages asking you to click on a link and provide information.
- If you are providing information, always check that you are on an alaska.edu website.
- If you are collecting data, avoid using systems hosted outside of the University. These may be unsecure, and it encourages users to provide data to third-party servers.
Regarding files on computers, tablets, smartphones, etc.:
- The standard UAS windows computer build is configured to automatically encrypt data on desktop and “My Documents”. In addition, copies of these files are automatically retained on UAS file servers.
- This is not true for other equipment. If a department wants to provide non-standard equipment to employees, they need to consider the increased risk this creates.
- IT Services recommends that sensitive data (such as student grades or personally identifiable information) only be stored on the standard computers.
- Don’t hoard data. Only store the minimum data needed, and delete any sensitive data once the immediate need is past.
- Avoid storing any sensitive data on removable devices like USB drives. These are seldom encrypted and are easily lost.