| LIFE AT WSU | Information Technology | Security Awareness
Information Security is the responsibility of every member of the Worcester State University community. It affects us all in some way, even if your position at the University doesn’t require you to handle sensitive information on a daily basis. Data is one of the University’s most important assets, and its loss or theft can lead to serious financial and security consequences. In order to protect both the institution’s and our own personal information, we need to be aware of what comprises good data handling practices. Information security involves not just electronic data—it applies to any sensitive material in both electronic and paper form.
Setting passwords, best practice and what to avoid:
Higher education and Data securityIn General, our institutional systems are designed on the principles of free information exchange to accommodate diverse user populations. The concept of free exchange of information, ideas and research do however create unique security challenges. Compliance with various regulations including FERPA, HIPAA, PCI DSS as well as other state and federal privacy regulations often puts the burden of protection on all our shoulders. The following are beginning steps, we as a community can take, to share the security responsibility.Institutional culture
What steps can you take to better secure your information?
Encryption of laptops, desktops, and removable media
Remember YOUR WSU Network Username/Password is key. Don’t Give It Away!
Report lost or stolen items immediately.
Lock offices; do not leave laptops unattended for even a short-time
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as the Worcester State University Help Desk or technology department or financial organizations related to the university.By tricking campus users into giving away their information, attackers can:
The goal of most Phishing emails is to trick you into visiting a web site in order to steal your WSU credentials. Attackers will setup web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demand you to "update your account information" or "login to confirm ownership of your account". If you enter your WSU credentials into these illegitimate web sites you are actually sending your WSU username and password directly to the attackers.This information adapted from the UC Berkley What is Phishing webpage.