Smart Computing is everyone's responsibility. 

EKU Information Security Plan

It isn't easy but you should arm yourself with the knowledge you need to keep your private information safe while keeping other university users safe too.

Every day there are hackers trying to get at your personal information and the personal information and data of the university.

We work hard to make sure your private information is protected but security takes a village and no cheese stands alone in the fight!

The first thing everyone should do is arm themselves with knowledge and follow through with plans (e.g. strong passwords you change every 3-6 months, backing up your data, etc.).

The second thing everyone should do is help arm those they are connected to--family, friends, co-workers, etc.  We are stronger together and our networks must work together to gain strength!

The third thing everyone should do is report incidents when they occur--this includes everything from removing viruses and malware as soon as they appear, forwarding IT spam & phishing at spam@eku.edu instead of responding to, clicking, and opening attachments on unsolicited emails, etc.

Incident Response 

Our incident response form.  This form is for all incidents related to:

• University data (PII, etc.)
• HIPAA-protected data
• FERPA-protected data

Spam & Phishing

If you believe an email is a spam or phishing message, please forward to IT here: spam@eku.edu 

In the unlikely event you forward the spam email a legitimate email, we will tell you it is legitimate.

• Phishing Basics
• Spotting Phishing and Suspicious Email

Other Incidents

• If you get a virus or other malware on your PC, use antivirus and/or Malwarebytes Anti-Malware to remove it immediately  If you are an EKU student, you can leave your PC with the IT Geeks in the Crabbe Library Atrium and they will do this for you, for free!  Faculty/staff can ask the IT Service Desk in Combs 208 for assistance if it is on your EKU machine.
• Anything else you want to report, you can always reach out to IT at support@eku.edu .  Just give us as many details as possible regarding the incident, along with your full contact information (e.g., full name, EKU or other email address, and a working phone number with area code)

Alerts

IT monitors and responds to reports of spam and phishing in order to keep your information safe.  If you receive one of these emails or messages similar to the ones on our alert page here, do not respond or click on any links in the message and never open any attachments.  Forward them to spam@eku.edu then delete them.

When we receive one of these messages:

1. If the email originated from an EKU user (faculty, staff, or student) we immediately reset the password on the account(s).
2. If we can find the domain owner for the malicious link, we contact them about disabling the account and taking the link down. Sometimes this is not possible or it takes them a few days to disable it.
3. We also contact Google search so they know and can flag it as malware. Again, this could take a few days to happen.
4. We also post it to social media--IT Twitter first.  Sometimes we also use IT Facebook and sometimes IT Geeks will re-tweet the message but the best place to look is the IT Twitter feed.
5. Next, we sometimes update our phishing alert page on the website but often they are so similar to others already on the page, we skip that.
6. Lastly, if we feel it is warranted, we will send a mass email to users from the IT Notice account.

EKU IT Code of Ethics for Computing & Communication

This policy defines the privileges and responsibilities of computer and communications for users at Eastern Kentucky University. 

Antivirus & Malware Protection

Antivirus software detects and removes malicious software from your computer.  Up-to-date antivirus is an essential component of technology security on all devices, including computers, smartphones, and tablets.

EKU does not support these software titles, but offer as a jumping off point if you want to use an antivirus on your personal devices!  According to Tom's Guide, the best free antivirus programs of 2019 include Kaspersky Lab (available on Windows PCs, Macs, Android Tablets, Android Smartphones) and a free version too and Bitdefender (available on Windows PCs, Macs, and Android devices) and a free version too.  PC Magazine rated both products high and these two also: Avast and AVG.  Avast is a free antivirus for Windows PCs only but if you want more security, you will pay for it.  AVG is another one that is free (Windows PCs, Macs, Android devices, and iOS). With AVG they also have paid expanded versions.

Passwords

• Creating a Strong Password
• Password Security Checklist
• Banner Password
• Resetting Your Password
• Employee Password Policy 

Disk/Tape Destruction

• Personal PC Backups
• University Server Backup and Retention Policy
• Data Security
• Web, Data, and Servers

Disk Encryption

EKU uses BitLocker to encrypt computer hard drives owned by EKU.  Encryption protects data from unauthorized disclosure by encoding it with a password.  You should always encrypt sensitive data where there is a risk that it will be stolen or lost.

• BitLocker Basics
• BitLocker Recovery

Travel

Whether you are traveling internationally or domestically, it's important to know how to protect your devices and data while you travel.  Criminals know that many of us let our guard down while traveling, choosing convenience over security. 

• Technology Travel Tips
• Workplace Security
• Using a Secure Network Connection
• Network Security

Mobile Security

Mobile devices include laptops, tablets, smartphones, and removable storage devices (e.g., USB drives, external hard drives).  Smartphones and tablets are incredibly powerful computers that are just as susceptible to security issues and malicious attacks as desktop and laptop computers.  Mobile devices create an even greater danger because they are easily lost or stolen.

• Mobile Device Security Tips

Physical Security

• Don't let people 'tailgate' behind you when you are doing tech stuff--a very common way to hack you is to stand behind you when you type in a password or PIN
• Protect your valuables in locked rooms, drawers, etc.
• Like your devices, lock up your passwords too
• Set your devices and screens to automatically lock when you're away or lock them manually yourself.  Even if you walk away just a second you can get hacked!
• Shred old documents--especially those dealing with financial information, including applications for debit/credit cards
• More on physical security

Other Security Tips

• App & Software Security
• Browser Security
• Copyright
• Cyberbullying
• Hack the Human (SANS PDF)
• Identity Theft
• Protect Your Privacy
• Social Engineering 
• Social Media Security
• Viruses and Malware

Consultation

The EKU IT Security Team offers security consulting to help all members of the EKU community understand and comply with best practices in protecting themselves and EKU data and systems.

The IT Service Desk is always happy to answer questions. support@eku.edu

The IT Geeks is always happy to answer student questions and to do presentations to classes and small groups regarding IT security topics.  We will also sit down one-on-one with users and small groups to assist you! geeks@eku.edu

Checklist

Here are a few things you can do today to significantly increase your workplace and personal security:

1. Choose and use unique and strong passwords
2. Don't reuse passwords
3. Don't leave your computer, tablet, or phone unattended
4. Lock your computer, tablet, or phone when not in use
5. Don't open unsolicited or suspicious email attachments or click on links
6. Use antivirus software
7. Turn on your computer's firewall
8. Patch and update operating systems and other software
9. Reboot your computer daily
10. Use a password manager

External Links

StaySafeOnline

Data Privacy Day

FTC Online Security

Better Business Bureau (BBB) Scam Tips

Scams and Identity Theft

FBI Common Fraud Schemes