Tag Archives: security

A message from public safety & student life

As we begin to wind down the semester, Chief Law and I ask that each of you keep the following in mind

Stay safe: Each and every one of us represents Drake University. Respect each other, respect yourself, and watch over each other during these last few weeks of the fall semester. If you plan to participate in social activities this weekend or next prior to finals, please do so in a manner that ultimately highlights the best of who you are and who we are as a University. Remember:

  • Take advantage of the Drake Safe Ride program.
  • Utilize the Drake Guardian App.
  • Be an active bystander: If you see a fellow Drake student at risk, intervene to help.
  • If you see something, say something by calling Drake Public Safety at 515-271-2222 or the Des Moines Police Department at 911.
  • If you choose to use alcohol, do so responsibly. Drake offers exciting and enriching social activities and cocurricular events throughout the semester that are alcohol-free alternatives.
  • Pay attention to your surroundings.

Enjoy the holiday break: If you will be going home for winter break, be sure to spend your time reconnecting with family and friends and recharging your batteries for what promises to be an exciting and eventful spring semester.

Get excited for J-Term: For those of you participating in J-Term travel seminars, please immerse yourself in the opportunity to further understand what it means to be a responsible global citizen. If you are taking an on-campus J-Term course, we hope you enjoy this educational experience.

Celebrate December graduates: To those whose journey here at Drake is coming to an end and who will be graduating on Dec. 19, congratulations! You are entering into an esteemed group of Drake alumni, and you will carry that honor with you throughout the rest of your life.

The Division of Student Life and the Department of Public Safety wish all of you and your families the very best as we move into 2016—good luck with your final exams!

—Jerry Parker, Acting Dean of Students, & Scott Law, Director, Public Safety

Phishing education

phish·ing
noun
The activity of defrauding an online account holder of confidential information by posing as a legitimate company.

We’ve all been the target of a phishing attack. Whether it’s a warning of an expiring email account or an “urgent message” from a financial institution, these attacks put the confidential information of our students and employees at serious risk, and require significant personnel and technology resources to resolve.

Faculty, staff, and students of Drake are no exception, and the attackers have been making their email attacks even more difficult to spot. Several of the attacks recently spotted have used a forged copy of our webmail login page to convince people to give up their username and password.

The login page below is from an email phish that we received, but there’s nothing on the page giving it away. The page gives the appearance of legitimacy but is designed to steal passwords and information.

phishing

However, the URL at the top gives it away. As you can see, pilatesg.com isn’t affiliated with Drake or with Microsoft, our email provider. If you are ever asked by email to take an urgent action regarding your account, go to the page you know and trust rather than following a link.

Drake webmail is located at: outlook.com/drake.edu

Links to safe login pages for Blackboard, blueView, EMS, and more are also located at the following pages:

www.drake.edu/facstaff/

www.drake.edu/students/

If you think you’ve received a legitimate email but aren’t sure, don’t take chances! Call Client Services at 515-271-3001 or email informationsecurity@drake.edu. If you think you may have already opened a malicious link, call or email right away to get your password changed.

Drake utilizes a service called PhishMe to provide education on these types of attacks—what attackers are after, how they get through our spam filter, how to spot them, and, most importantly, what to do if you’ve been targeted. For more information on phishing and how to avoid becoming a victim, please visit the DTS Information Security website.

—Submitted by Jeffrey Sabin, Information Security Officer

Protecting your identity—tips for campus

Is it possible to prevent identity theft?

Experts say yes and no.

Think of identity theft like someone attempting to break into your home.

Can you prevent someone from breaking in? You can definitely make it difficult. Door and window locks and alarms, security cameras, even guards are possible deterrents.

Would it still be possible for a break-in to occur with these things in place? Yes, if they are determined enough and had more manpower or better technology.

The same is true for protecting your identity. You can make it more difficult to misuse or steal, but it’s impossible to 100 percent guarantee that it won’t happen. Making some thought-out choices will greatly reduce your chances of being a victim.

Your personal information is a goldmine.

Below are some practical ways to prevent or reduce the chances of identity theft, as well as put a stop to existing fraud that may be occurring without your knowledge.

Minimize exposure of your Social Security and credit card numbers. Do you know how many websites currently have your information on file? Most companies offer to save this information for you, but if the company suffers a breach, information may be disclosed that you’d forgotten was entrusted to them.

Credit cards are still a relatively safe option. Credit card companies limit the liability of fraud victims, often better than banks do with debit cards. Keep the contact information of your financial institutions in a place you’ll remember in case you do suspect fraud.

Watch out for phishing emails and calls. Phishing schemes can take many forms, but have a general theme: coercing you into giving up personal information, whether passwords protecting financial data, or account information via phone. If you’ve suffered from fraud in the past, you are at additional risk. Additional information on how to spot these scams is located on Drake’s information security website.

Manage your passwords effectively. We all use dozens of websites that require passwords. Using a password manager or even a written list kept in a locked drawer is safer than using weak passwords or the same password on multiple sites. Think of your most valuable sites such as online banking, retirement, healthcare, etc., and focus on creating strong, unique passwords for these sites to that they are not at risk if passwords at other sites are stolen.

Upgrade authentication where possible. Some companies are starting to offer two-factor authentication, or “2FA”—a smart phone app or automated phone call used to confirm your identity in addition to a password. It does introduce a layer of complexity and hassle, but it could be a small price to pay to secure your finances and other online accounts.

Protect mobile devices. Your phone and tablet probably have your email account, which can easily give a thief access to other accounts through password resets or social engineering. Using screen locks and encrypting these devices are two easy steps to protecting yourself if they are lost or stolen. Apple and Google both offer a service to remotely wipe the device if it’s ever lost so that your information is safe, even if the device is gone.

If you receive notification from a company that holds your personal information, such as a financial institution or the IRS that your information has been compromised or that they suspect fraud on your account, the following steps can help limit the damage and get your life back to normal.

  • Place a fraud alert on your financial accounts and credit reporting bureaus so they are aware of the situation.
  • Order your credit reports. The credit reporting bureaus provide copies for free once notified of potential fraud.
  • File an identity theft report with the FTC (Federal Trade Commission) and your local police.
  • Monitor your accounts and dispute any fraudulent charges on your account as soon as you notice them

There is quite a bit more information online about this topic through the FTC and IRS websites. Information security staff within Drake Technology Services can also provide information and assistance; they can be reached at informationsecurity@drake.edu.

—Submitted by Jeff Sabin, Information Security Officer/Head of Infrastructure and Security

Protect your devices for free

Drake Public Safety, Student Life, and Technology Services are happy to offer all Drake faculty and staff electronic device security software free of charge. This patented program—FrontDoorSoftware Loss, Recovery, and Personal Safety—is designed to help you to prevent theft, protect information, and recover lost or stolen devices.

We strongly encourage you to register your devices as soon as possible—you can register your professional and personal laptops, cell phones, and/or tablets. Once registered, you are covered for four years. To register, visit http://frontdoorsoftware.com/drake. You will need to use your Drake email to register a computer or tablet and the code “drake” to register a cell phone. The software is completely free and installs in seconds.

Once you register your device(s), the program does the following:

  • Collects ownership information and the unique MAC address of the machine
  • Turns the monitor into a information screen, so when someone starts your computer or connects to the Internet, the first screen seen displays the owner/contact information you provide
  • Installs a tracking feature so you can see where your computer or device is at any time via your web account with FrontDoorSoftware

For a full overview of how the software works and the different features available, visit www.frontdoorsoftware.com/products/product.html

While this software is a great tool to help protect your property, no software can guarantee the safety of your electronics. Do not leave your devices unattended in public spaces, and be sure to lock your office door, car, home, or wherever your devices may be when you are not there.

If you have questions or concerns, please contact Scott Law, director of Drake Public Safety, at scott.law@drake.edu or 515-271-3860.

—Submitted by:
Scott Law, Director of Drake Public Safety
Jerry Parker, Acting Dean of Students
Jeff Sabin, Head of Infrastructure and Security, Drake Technology Services