National Cybersecurity Awareness Month (NCSAM)
October 5, 2012
Dear Faculty and Staff,
October is National Cybersecurity Awareness Month (NCSAM). Computing Services Information Security Office (ISO) is celebrating by first thanking you for everything you do to keep Carnegie Mellon’s data and information systems secure. To aid in that pursuit, we are offering a variety of training classes and on-line resources. Check them out at https://www.cmu.edu/iso/aware/ncsam/index.html
Cloud computing is a current trend both in business and personal computing due to the variety of options and the low cost it offers users, e.g., Google Docs, Gmail, Yahoo, Microsoft cloud services. Here are some tips on how to use these services securely and within the framework of university policies and guidelines.
In closing, the ISO reminds you once again to think before you click on attachments in email, instant messages and untrusted web sites. Be particulary alert for email scams that ask for your login id and password. Several recent email scams have successfully tricked people into divulging their Andrew account and password by posing as legimate university offices. Some scams even link to convincing forgeries of university login pages. When in doubt, check with the ISO or the university office represented. Additional tips on how to stay safe online and how to protect your data and computers are available on the ISO’s website at https://www.cmu.edu/iso/aware/pledge.html
- Use a strong and unique password/passphrase when setting up a cloud services account. Follow the ISO's Guidelines for Password Management for recommended practices for safeguarding your password/passphrase. Consider using two-factor authentication if your cloud provider offers it, e.g., Google’s 2-step verification.
- Use caution when storing sensitive data in the cloud. Know how your data is being protected via encryption and other controls and use available security features effectively. Consider keeping a copy of your data in another secure location as an independent back-up. Remember that university data is subject to the Information Security Policy and Guidelines for Data Protection whether stored on campus computers, in the cloud, or at home.
- Read the fine print and contact the University Contracts Office before you click. Cloud service providers commonly require users to agree to their terms and conditions by clicking a box on their website. These click-through agreements require University Contracts' review like any other contract. Before you take that step though, review the agreement for yourself. There are often security, privacy, content ownership, and other issues discussed in the fine print that you’ll want to consider before moving forward.
- Contact the Information Security Office if you are unsure about the security risks of using cloud services for work related purposes. We are happy to help.
Have a wonderful October.
Mary Ann Blair
Director of Information Security
Information Security Office
Carnegie Mellon University