Uncategorized – CyberSafe GW Blog (GW Information Security Blog)

Do you worry about the security of your personal data in our digital age?

fatmeApril 14, 2023August 16, 2024

Do you get a little chill thinking about the dozens of login credentials you have set up throughout the wilderness of the internet? If so, don’t worry – you aren’t alone. Identity management, sometimes called identity and access management (IAM), increases in importance every year. That’s why we celebrate Identity Management Day!

Identity management, though, is not just a concern for businesses and organizations. You can help protect your data by understanding and implementing some simple identity management practices. You have the power to own and maintain your digital identity!

CONFIGURE YOUR SECURITY SETTINGS

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.

DON’T TAKE THE BAIT

If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.

SHARE WITH CARE

Think before posting about yourself and others online, especially on social media. Consider what a post reveals, who might see it and how it might affect you or others. Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.

SHIELD YOUR PASSWORD WITH MFA

Multi-factor authentication (MFA), or as referred to in GW as 2-Step Authentication, will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.

USE A PASSWORD MANAGER

Use password managers to generate and remember different, complex passwords for each of your accounts. While not a perfect solution, a password manager is currently the most secure way to send passwords and other login credentials to family members or coworkers. Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites.

TURN ON AUTOMATIC UPDATES

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available. Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.

For more tips and advice, visit www.identitymanagementday.org/

Original blog content provided by The National Cyber Security Alliance. For the original post, click here.

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), or visit ithelp.gwu.edu

Beware New Email Scam Targeting the GW Community

kramerd2May 5, 2020April 29, 2024

GW Information Technology (GW IT) is investigating reports of scam emails regarding GW benefits information with a link to a fake GWeb (Banweb) site that instructs recipients to login using their GWID and PIN. Logins to the fake site may allow hackers to harvest user credentials. Impacted users have been notified.

As a cautionary measure, GW Information Security recommends that recipients who may have logged into the fake site should change their PIN and verify all the information on their profile, especially bank accounts for direct deposit, addresses, and security questions are correct.

To change your PIN, follow these steps:

Log into the GWeb Information System using the appropriate button on the GWeb page.
Once you are logged into the main GWeb menu page, click on the Personal Information Menu tab at the top of the page and select Change PIN.
You will be prompted to enter your old PIN number and then enter and re-enter your new PIN.

GW IT continues to take proactive measures to keep our campus community safe. GW students, faculty and staff should ignore such requests for information and report any suspicious electronic communication to abuse@gwu.edu.

Protect your information!

Always be wary of messages requesting account verification, confirmation or upgrade, payment or personal information such as your passwords, GWID, Social Security number or credit card information.

Universities are frequently targeted by malicious actors who will attempt to acquire personal information about you and other members of the university community through email and over the phone. Please be aware that these attempts often seem legitimate.

Ask questions, trust your instincts, and if things seem off, don’t be afraid to take a message and follow-up later. Attackers will frequently use a sense of urgency to prompt the victim into making a risky decision.

Questions? Concerns? Please contact GW Information Technology at 202-994-GWIT (4948), ithelp@gwu.edu or IT.GWU.EDU.

Tech Update: Phishing Scam Currently Circulating

bmarkhamSeptember 6, 2018May 23, 2022

The US Department of Education Office of Federal Student Aid has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions. Multiple institutions of higher education have reported that attackers are using a phishing email to obtain access to student accounts by providing links to bogus student portals.

If you have received this email or a similar one, please do not reply to it, open any attachments or click on the link.

If you have responded to the phishing attempt with your GW UserID and corresponding password, please change your password immediately by visiting identity.gwu.edu and clicking on “Reset/Forgot Password”.

Please remember that you should always be wary of messages requesting account verification, confirmation or upgrade, payment or personal information such as your passwords, GWid, Social Security number or credit card information. Additionally, please ensure that your computer is patched with the most recent operating system updates.

If you receive any phishing attempts in the future, please do not reply to them, open any attachments or click on any links. Please forward the email to abuse@gwu.edu.

If you have any questions about the validity of a link you see or a message you receive, please contact the IT Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or IT.GWU.EDU.

Category: Uncategorized