The fall 2020 semester is upon us and with it has come a surge of malicious online activity as cybercriminals attempt to leverage the heightened sense of fear brought on by the unsettled times in which we find ourselves. There has been an increase in information security risks and challenges for staff, faculty and students as we continue to work and learn in a virtual environment.

With this in mind, please take a few moments to remind yourself of those helpful practices designed to keep you and the information you use safe and secure.

Be aware of suspicious emails and phishing scams
During these times, when the workload is a bit heavy and schedules are hectic, we may feel tempted to make prompt decisions in an effort to complete our to-do lists. We forget good habits and could possibly neglect to carefully analyze information that comes our way. Phishing emails are designed to catch you off guard and often come in quick succession, putting you at risk to unknowingly click on suspicious links. Once these links are accessed, personal information may be exposed to hackers resulting in account compromise, malware delivery or something else.

Phishing scam emails are often alarmist in nature and include links or attachments with a call to swift action to "click here." As always, take a moment to slow down and double-check the sender field. If a request seems unreasonable or out of character, do not respond. Contact the sender directly to verify it was actually them who sent the request.

If you encounter suspicious messages or attachments, please forward them to the Information Security team at reportphishing@mail.fresnostate.edu for further investigation.

Learn more: fresnostate.edu/technology/departments/security/phishing.html

Properly store (protected) University data
While working remotely, you may be required to access protected University data, which requires appropriate security protection. The California State University (CSU) system classifies data as Level 1 (confidential), Level 2 (business/internal) and Level 3 (general/unrestricted).

Protected university data is Level 1 (confidential) and/or Level 2 (business/internal) data.

• Level 1 data examples (not all inclusive): Social Security Numbers, Driver’s License numbers, certain health records, etc.
• Level 2 data examples (not all inclusive): FERPA (certain student records), non-directory employee information, campus financial records, etc.

Protected data must be appropriately stored and secured. The campus offers several storage services where protected data may be stored.

Learn more: fresnostate.edu/technology/departments/security/datastorage.html

Use 2-Step Verification for an extra measure of safety
Verifying your identity using a second factor, such as your desk phone, mobile device, or token, prevents anyone but you from logging in even if your password is compromised. 2-Step Verification helps to keep your account from being compromised even if your password falls into the wrong hands.

Enroll at: http://www.fresnostate.edu/help/fac-staff/security/twostepverification/index.html

Limit personal incidental use of University devices
Many face-to-face interactions have moved online and remote employees may be more inclined to use University laptops or computers for non-university work. Occasional and limited personal use of University computers is permitted, but ensure the use does not compromise the security or integrity of University information or software.

There may be a temptation to share University-issued laptops with close friends and family members for online use. This is very dangerous, since there is a risk of not being able to monitor each and every website they go to, which could put University data at risk.

Learn More: Interim Acceptable Use Policy of Information Technology Resources [APM 622]

Also, if you are using a shared workspace, be conscious of clearing it of sensitive, non-public information, especially if you have to step away. Avoid printing protected University information at home unless it is absolutely necessary. Never print protected University information in public spaces. In addition, if you are participating in meetings that could be considered sensitive or in which you share nonpublic information, be sure to put on headphones.

Learn more: fresnostate.edu/technology/departments/security/remoteworkguide.html

Avoid public or open WiFi networks
Public WiFi networks expose your laptop’s data to potential hacking, since no authentication is required to establish a network connection. Hackers can easily access all of the information you send over the internet, from confidential information, to the University’s security credentials and even credit card details.

Use Fresno State’s Virtual Private Network (VPN) if you must use a public or open WiFi network.

Learn more: fresnostate.edu/technology/departments/security/tools/vpn.html

Thank you for remaining diligent in protecting yourself and the sensitive data for which Fresno State is responsible.