Aerial view of campus with Williamsport, the Susquehanna River and Bald Eagle Mountain as a backdrop

IT Security Awareness

Keep What's Private, Private

Trust takes effort to build, yet it readily crumbles. When privacy and information security are compromised, trust is lost and everyone loses: the victims and the institutions tasked with protecting their data. People can and should take specific steps to guard their information and maintain their privacy online.

You exist in digital form all over the Internet. Thus, it is important to ensure that the digital you is the real you. It then become critical to guard everyone's privacy to protect their identity and finances.

Following are specific steps you can take to protect online information, identity, and privacy.

  • Use a unique password for each site. Hackers often use previously compromised information to access other sites. Choosing unique passwords keeps that risk to a minimum.
  • Use a password manager. Using an encrypted password manager to store your passwords makes it easy to access and use a unique password for each site.
  • Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
  • Guard Personally Identifiable Information (PII). These are key pieces of information used for verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
  • There are no true secrets online. Use the postcard or billboard test: Would you be comfortable with everyone reading a message or post? If not, don't share it.

Don’t Get Hooked (Phishing)

You may not realize it, but you are a phishing target at school, at work, and at home. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks.
  • Avoid opening links and attachments. Even if you know the sender, don't click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender's e-mail address to make sure it's legitimate. If in doubt, just delete the message.

If something “feels” strange, then it probably “is” strange. Listen to your gut instinct and avoid becoming a victim to these scams. If you’d like a second opinion, please call or email ITS Help at x4150 or help@lycoming.edu

Personal Backup Plan

There are many precautions you can take to protect your mobile devices and laptops in case of theft or loss. Mobile phones, tablets, and laptops continue to provide us with the opportunity for school and work "on the go," but this added convenience could also mean more risk. These personal devices are making it easier to store and access information, but they are also easy to steal or misplace. Do you know what to do if your device is lost or stolen?

  • Secure your devices. Use a passphrase, password, or fingerprint to secure your device from casual intrusion.
  • Turn on location tracking. If your device has a "Find Me" feature (such as Apple's iCloud service to "Find My iPhone") make sure it is enabled. Or investigate third-party software to help you recover your devices.
  • Encrypt and backup information. Determine if your device encrypts your data at rest. That way if it's stolen, you just lose the device and don't open yourself to identity theft. If your device doesn't use encryption by default, enable it or install encryption software. Don't forget to backup information on all of your mobile devices too.
  • Write it down! Record the manufacturer, model, and serial numbers of your mobile devices and store the info in a safe place.
  • Notify providers. Keep important phone numbers such as your cell phone provider or IT support department handy so you can quickly report the device as lost or stolen. In some cases the cell provider or your support desk may be able to deactivate and wipe the device for you remotely.
  • File a report. If your device is stolen, file a police report immediately.

Safe Browsing

We go online almost every day, and no browser, app, or device is perfectly secure, so it's important to learn safe browsing habits and practice them every day. Here are some tips to help you be more safe and secure online, whether they're browsing, shopping, or gaming.

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. Also be careful when selecting browser plugins, apps, or other downloadable files since they can introduce new vulnerabilities. Here are some suggestions to make your day-to-day online browsing more productive, safe, and secure.

  • Keep your browser software up-to-date. Be sure to install antivirus updates and regularly check for and install browser plugin (e.g., Adobe Flash and Java) updates.
  • Be more secure! Make sure a URL includes HTTPS before entering any personal information.
  • When in doubt, ignore. Don't click on pop-up windows or extraneous ads.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. Consider using separate browsers for sensitive logins and general web browsing.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.

Password Management

Have you ever reused the same password for more than one account (i.e. your Lycoming network account, online banking, social media sites)? If so, please read the following for an important advisory concerning actions you should take to keep your Lycoming network account secure and to protect your personal information.

A threat to the security of your Lycoming network account, personal online banking, social media accounts, etc. could come through any online service for which you have reused or recycled passwords, so it is important that you take steps to protect your account.

How does this affect your Lycoming account?

Criminals know that it is human nature to reuse the same passwords for multiple sites. For individuals who do not have a variety of unique passwords, this could open the door to a hack of your account. Once someone has a password from one account, all they need is your username to simply log in with the reused password.

One recent example that you may have seen in the news recently is a security breach at LinkedIn. Somewhere around 117 million users’ credentials are now being offered for sale on the dark web. If you have a LinkedIn account, this number may include you. The College recently received notice that there is potential for a security breach through this attack on LinkedIn, but in reality the risk extends to any account in which you have reused a password that you have used before on other sites/accounts.

What action can you take to protect yourself both personally and professionally?

We strongly advise that you change your Lycoming password to a unique password you have not used before. If you have other accounts for which you have reused/recycled passwords, visit those sites to change the passwords to unique ones that are not used elsewhere.

Need some help to create a secure password that you can remember?

Here is one technique to create a stronger password. Think of a sentence you will remember, then take the first letter of each word:

Example - My favorite subject in school was social studies. = MFSISWSS
Change some of the letters to upper/lowercase: MfsiswSS
Change some of the letters to numbers: Mfs1sw55
Add special characters: Mfs,1sw55!

Preventing Device Theft

With an increasing amount of sensitive data being stored on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your laptop is stolen or your smartphone is misplaced.

  • Don't leave your device alone, even for a minute! If you're not using it, lock your device in a cabinet or drawer, use a security cable, or take it with you. It's not enough to simply ask the stranger next to you in a library or coffee shop to watch your laptop for a few minutes.
  • Differentiate your device. It's less likely that someone will steal your device and say they thought it belonged to them if your device looks unique. Sometimes these markings make the laptop harder to resell, so they're less likely to be stolen.
  • Delete sensitive information. Don't keep any restricted data on your laptop. We recommend searching your computer for restricted data and deleting it. Restricted data includes your Social Security number, credit card numbers, network IDs, passwords, and other personally identifiable information. You'd be surprised how easy it is to forget that this information is on your computer!
  • Back it up. Set a reminder to backup your data on a regular basis! Keep an external copy of important files stored on your laptop in a safe location in case it is lost or stolen. Your photos, papers, research, and other files are irreplaceable, and losing them may be worse than losing your device.
  • Encrypt information. Protect your personal data with the built-in disc encryption feature included with your computer's operating system.
  • Record the serial number. Jot down the serial number of your device and store it in a safe place. This information can be useful for verifying your device if it's found.

Securing Mobile Devices

Mobile devices have become one of the primary ways we communicate and interact with each other. The power of a computer is now at our fingertips, allowing us to bank, shop, view medical history, attend to work remotely, and communicate virtually anywhere. With all these convenient features come added risks, but here are some tips to protect your devices and your personal information.

  • Password-protect your devices. Give yourself more time to protect your data and remote wipe your device if it's lost or stolen by enabling passwords, PINs, fingerprint scans, or other forms of authentication.
  • Secure those devices and backup data! Make sure that you can remotely lock or wipe each mobile device. That also means backing up data on each device in case you need to use the remote wipe function.
    • Is your device connected to mail.lycoming.edu to receive Lycoming College email? If your mobile device is lost or stolen, you can login to mail.lycoming.edu. Go to Settings – Options – Phone and choose which device you need to remotely wipe. Hover over the icons and choose Wipe Device.
  • Verify app permissions. Don't forget to review app specifications and privacy permissions before installing the app!
  • Update operating systems. Security fixes or patches for mobile devices' operating systems are often included in these updates.
  • Be cautious of public Wi-Fi hot spots. Avoid financial or other sensitive transactions while connected to public Wi-Fi hot spots.