Security Awareness at Wesleyan

Security Awareness is an umbrella term that encompasses a lot of things. For our purposes, let's confine it to the security of your devices and data. Keeping your mobile devices like phones, tablets, and laptops secure can be done by the following—keep your laptop locked-up (even at your desk (think cable lock)). Turning on password protection on your tablet/mobile phone and enabling "Find my xxx" (iPhone, iPad, MacBook, etc) are great ways to help in recovery if needed. If your device has no recovery tools built-in, then installing some sort of recovery software like free "Prey" (preyproject.com) is one option. Do not provide your credentials to anyone, not even to a Desktop Support staff member. Not clicking links in email you did not expect to receive and things of the sort are all ways we can thwart the criminals looking to separate you from your money and/or gain access to Wesleyan data and resources.  Below are some videos to to help you secure your belongings and data. Many of these can be applied to your own personal life at home. If you have questions, please contact Desktop Support at x4777 or submit a request via the "ITS Help" link in WesPortal.

 

To report an IT-related security issue (Phish, compromised account, suspicious email, etc.) feel free to send an email to security@wesleyan.edu or submit a ServiceNow ticket (Portal->"IT Help" icon/link on top with other menu icons). 

 

Videos to watch

 

The playlist--

Wesleyan Security Awareness playlist at Lynda.com

 

Chapter 1 (5m 12s) --IT Security overview

Chapter 2 (2m 55s) --Understanding Phishing

Chapter 3 (2m 23s) --Advanced Phishing methods

Chapter 4 (4m 44s) --Types of Phishing

Wesleyan Phishing message

Chapter 5 (5m 52s) --Social Engineering introduction

Chapter 6 (2m 51s) --Social Engineering Background

Chapter 7 (3m 0s) --PII (Personally Identifiable Information): What you should know

Chapter 8 (4m 52s) --PII: Market Value

Chapter 9 (7m 33s) --Password hygiene

Chapter 10 (4m 47s) --Common attacks

Chapter 11 (6m 53s) --How to protect yourself

Chapter 12 (6m 15s) --Unsecure WiFi hotspots

Chapter 13 (1m 47s) --WiFi at home

Chapter 14 (1m 50s) --Social Media

 

 

Blog Posts and examples of Phishy smelling and Spam email 

 

Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

If you received an email and you are unsure if it is a legitimate message, forward the message to security@wesleyan.edu We will verify whether or not it is legitimate.

Remember: Wesleyan ITS will never request a username and password via email or a link in an email.

What is a phishing email?


Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic. There are two types of phishing emails:

  1. Emails that ask you to reply to the message with confidential information, such as your user ID and password. Never respond to any email with confidential information. Wesleyan and other legitimate businesses will never ask for this information via email.
  2. Emails that ask you to click on a link to a webpage, which then asks you to provide confidential information. Many times these webpages look like legitimate sites, such as Bank of America or PayPal, but they are not. When you provide your user ID and password, this information is captured by the phisher, who can then use it to log into the legitimate site.
  3. Use your mouse to hover over links in an email. This will show you the actual website you will be directed to if you click on the link. It is always best to type the address yourself into your web browser, rather than clicking a link in an email.
  4. Read here for how to check for legitimate links

How to identify and protect yourself from a phishing email

  • May show the sender on behalf of someone, such as Wesleyan, and generally does not contain the sender's email.
  • May contain fuzzy logo symbols, which are not genuine.
  • May not contain email signatures or any contact information.
  • May contain bad grammar and capitalization errors.
  • Generally require you to take quick action, such as verifying your account to prevent it from being deactivate.

Best Practices to Protect Yourself and Your Information

  • Beware of messages that claim your account has been suspended.
  • If the email demands immediate action or has a sense of urgency think twice before clicking or responding, it is most likely a scam.  Most of these emails threaten to shut off your access if you don’t fill in the information or click on the link. 
  • Never click on a link in an email. Instead, always type the legitimate Web address of the site you want to reach directly into your Web browser.
  • Setup multiple email accounts.  Your Wesleyan email account should only be used for Wesleyan business.  Setup a personal email account for your personal communications. Lastly a third email account can be used for mailing lists, coupon sites, chat rooms, webinars, etc. This account should be cleaned out monthly. 
  • Never open any attachments that you are not expecting. Many of these attachments are virus infected MS-Office files or other similar type files.
  • Be suspicious of email messages and other electronic communications from sources you do not know or recognize.
  • Use the latest versions of your operating system (OS) and applications.
  • Have the latest security software updates (patches) installed. This includes patches for your OS and applications.
  • Keep your anti-virus software up to date.
  • Report any suspicious emails via submitting a support ticket or sending an email to security@.