Skip to content

Month: January 2018

Published on

Over the past few months, GW has been introducing two-step authentication to all students, faculty and staff for GW Google apps. By February 28, 2018, the entire GW community will be required to use two-step authentication to sign into GW Google email, calendar and drive.

Two-Step Authentication Image

Two-step authentication is a second layer of security in addition to your password for any kind of login. It means you have to confirm your identity in two ways – with something you know (your password) and something you have (a code sent to your phone).

OK, how does this work?
GW uses Microsoft two-step authentication to ask individuals for a second confirmation of their identity at login, using a physical device in their possession. The device may be a smartphone or tablet using the free Microsoft Authenticator app, a text message sent to your phone, or an automated voice call to landline or cell phone.

Why do we need two-step authentication?
Passwords alone aren’t good enough to protect your personal information and our systems and networks. Two-step authentication makes it much harder for unauthorized individuals to access your account, in addition to GW systems and networks.

Isn’t this an inconvenience?
We hope not! Many people already use two-step authentication systems for online banking and shopping. Even social media sites may ask you to confirm your identity when you’re trying to log in from a new device or location. If you try to use your credit card to buy gas, you may be asked to enter your ZIP code. That's two-step authentication at work.

In addition, the GW community has the ability to select a “Remember me for 14 days” option. This means you’ll only have to use two-step authentication every 14 days to sign into your GW email from a trusted device.

Does two-step authentication really provide better protection?
Yes. While it’s not foolproof or perfect, it is a great additional measure to safeguard your accounts and data. At GW, the most secure option is to use two-step authentication with the Microsoft Authenticator app, which will generate a one-time code each time you login, even if you don’t have cellular reception. This eliminates the possibility of getting hacked through your text messages or email. Although two-step authentication isn’t perfect, it’s one of the best options to protect your data.

The Division of IT is committed to providing the GW community with resources to be more secure. To learn more about two-step authentication at GW, visit https://it.gwu.edu/two-step or check out this November Hatchet article.

If you’re interested in learning more about security best practices and data privacy, the Division of IT is holding a Data Privacy Event on January 30, 2018 in the lower level of District House.

If you like winning things, please take our short data privacy survey: https://it.gwu.edu/data-privacy-survey. Respondents will be entered to win one of two books about data privacy. Your feedback will help us develop better data privacy practices here at GW.

Published on

data privacy graphicThis month, we’re talking about the importance of data privacy and steps you can take to better protect your data online. Data Privacy Day is Sunday, January 28 and was created to start a conversation about the importance of data privacy and provide resources to help you protect your data.

Here at GW, the Division of IT provides students, faculty and staff access to GW Google Drive and GW Box to store and collaborate on files. These document management solutions provide plenty of storage space and have features that allow users to easily share documents with others.

Image for security best practices in boxIn order to protect your data and GW’s data when using these services, follow these security best practices:

  • Evaluate the business need
    • If you don’t need to store or maintain a document, don’t
    • If the document contains regulated data, use GW Box, not GW Google Drive
    • If the document contains restricted or public data, you can use GW Box or GW Google Drive
  • Share with care
    • Be mindful of what you are sharing and with whom you are sharing it. It’s easy to make mistakes when it comes to sharing files so be mindful of typos and these options when you share:
      • Share with “People with the Link” - Anyone with the link to this file is able to access the document (this sharing means public)
      • Share with “People in your company” - Anyone with the link at GW will be able to access the document
      • Share with “People in this folder” - Anyone who has access to the folder will be able to access the document
  • Don’t store credit card numbers
  • Limit use and storage of Social Security Numbers (SSN)
    • Most of the functionality and use of SSN has been replaced by the GWID
    • If you do work with SSNs, be mindful of what you are storing on your local machine and in GW Box and GW Google Drive
    • Only store Social Security Numbers in GW Box and only if there is a valid business need

You can learn more about document management solutions at GW by visiting https://it.gwu.edu/document-management-services.

privacy matters to us graphicThe Division of IT is holding a Data Privacy Event on January 30, 2018 in the lower level of District House. Join us to learn more about data privacy resources.

If you’re interested in helping to shape a data privacy program at GW, please take our short survey: https://it.gwu.edu/data-privacy-survey. Respondents will be entered to win one of two books about data privacy.

Published on

spectre and meltdown graphic

By now you have likely heard of the security vulnerabilities known as "Meltdown" and "Spectre." The purpose of this blog post is to give you a brief description of these vulnerabilities and what you need to do to mitigate the associated risks.

Let's discuss Meltdown first. Meltdown is the name given to a CPU (central processing unit; basically the microchip that runs your computer) design flaw that affects the security boundaries enforced by the CPU or processor. It essentially breaks down the boundary that separates user applications from accessing privileged system memory space. The Meltdown vulnerability is confirmed to exist in all Intel processors since 1995, except for Intel Itanium and Intel Atom before 2013. This includes computers by popular vendors such as Apple, Microsoft, Dell, HP, and Lenovo.

Spectre is similar but different in some important ways. Spectre is the name given to a CPU design flaw that allows an attacker to utilize a CPU's cache channel to read arbitrary memory from a running process. Unlike Meltdown, Spectre can only read memory from the current process, not from kernel or system memory. Also, unlike Meltdown, Spectre is confirmed to affect Intel, AMD, and ARM processors. This includes computers, tablets and smartphones made by popular vendors such as Apple, Microsoft, Dell, HP, Google, and Lenovo. The relatively good news is that it is much more difficult to successfully exploit Spectre and the attack surface is limited to user space processes, e.g. web browsers, desktop applications.

There's two important things that we want you to know about these vulnerabilities. If you remember nothing else, remember this:

1.) Don't panic. While these vulnerabilities are widespread and definitely very bad, there is no need to panic. There's no need to go buy a new computer or go back to using pen and paper. You may read some very scary media reports about the potential impacts of these vulnerabilities. This is common when widespread vulnerabilities are announced.

2.) Keep your software up-to-date. This is good cyber-hygiene no matter the circumstance. This includes your operating system (Windows, MacOS, Linux, iOS, and Android), your browser (Microsoft Edge, Google Chrome, Firefox, Safari), and your browser plug-ins. Vendors are working very hard to produce software to mitigate the risks of these vulnerabilities. Make sure you install these updates when they are available.

If you have any questions about how to make sure that you're running the latest software, call the IT Support Center at 202-994-4948 or e-mail ithelp@gwu.edu.

Want to learn more? Check out the following:

Apple announcement: https://support.apple.com/en-us/HT208394

Simple, brief write-up by security researcher Daniel Miessler: https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/

Vulnerability website: https://spectreattack.com/

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.