Institutional Security Resources and Awareness
As the world shifts increasingly online in response to the global health situation, Strayer University wants to remind students to stay virtually vigilant. We offer the following tips and simple steps you can take to avoid becoming the victim of phishing fraud campaigns targeting your sensitive personal information.
What is phishing?
"Phishing" is a type of identity theft where criminals impersonate a person or organization via email or text messaging to try to trick recipients into giving access to their personal information.
A phishing e-mail or text will often include a link and guide recipients to a fake website purporting to be a website belonging to a legitimate organization. After navigating to that website, recipients may be asked to disclose confidential financial and personal information like a login user ID, password, credit card number, Social Security number, student ID/account number, or email address. The most familiar type of phishing scam is an email threatening serious consequences if you do not log in and take some immediate action. Some emails may look authentic, featuring corporate logos and layouts similar to ones used by institutions for legitimate communication.
Actions You Can Take to Protect Yourself
We strongly encourage you to take the following steps to guard against phishing attacks:
- Review the Federal Trade Commission’s guidance on How to Recognize and Avoid Phishing Scams.
- Always assess whether an e-mail or text appears suspicious—Does it claim to be urgent? Is it from an unknown sender, or an e-mail address that does not align to the sender? Does it ask for highly personal information? Never respond to emails, open attachments, or click on suspicious links from unknown senders, and do not respond to communications that appear to come from reputable institutions if those emails ask for personal or financial information.
- Always remember that Strayer University will never send you unsolicited emails or text messages asking for confidential information. Furthermore, Strayer University will never ask you to validate or restore your account access through email, through text, or through a pop-up window online.
- If you have received a suspicious email or text that looks like it’s coming from Strayer University please delete it.
- If you’re unsure as to whether a communication is legitimately coming from Strayer University, you can always contact your coach with any questions you may have. They can direct you to the correct department that can validate your account status to confirm whether there is legitimate information that is needed.
- If you believe you have been the victim of phishing, follow the Federal Trade Commission’s guidance on steps to take When Information is Lost or Exposed, linked here.
Do I need a firewall?
Firewalls can be thought of as guards at various entrances and exit points (ports) on your computer as data flows through it to and from the Internet. This data may include email, Web page information, or files transferred to or from the Internet. These guards can close the specific doors to your system or they can block specific types of information from flowing through these doors. Considering the many types of items you would not like to have on your computer - Trojans, viruses, unwarranted email (spam) - firewalls are an essential tool to protect your computer from these attackers. The following reference provides good information about firewalls:
Shields Up by Steve Gibson, Gibson Research Corporation
What is spyware, and how do you get rid of it?
Spyware are programs that run unknown to the user with the purpose of gathering user information (i.e., visited Web sites, personal information, etc.) and sending it to a remote sever for both benign and malicious purposes. Spyware is installed on your PC through visiting Web sites, opening email or agreeing to utilize third-party software that in very fine print asks you to agree to the installation and use of this software. Because it runs in the background, usually unknown to the user, it takes up computer resources and causes the computer to behave sluggishly. This is currently one of the most serious problems on the Internet and viewed as a more rancorous issue than viruses by some security experts.
The following resource further describes Spyware and list both free and purchasable programs that can be used to remove Spyware from your computer and immunize your system from further infections: How Spyware And The Weapons Against It Are Evolving by Brian Posey
What are safe email practices?
Email is one of our most powerful communication tools and critically important to our jobs and personal lives, but it also is one of the most susceptible avenues for attacking our systems. Email also has many characteristics and is utilized for many purposes that it is difficult to simply and clearly define email best practices. The links below provide excellent advice in working with email in a safe fashion. A link is also provided that defines the many acronyms and terms associated with email and Internet security. A simple but effective guidance in using email still is, if you do not know who sent it and were not expecting it, do not open it. If the message in an email seems strange (asking for your bank account numbers), do not respond to it.
Check out the email/Internet security policies listed at the bottom of this site. They contain excellent guidance and rationale for various activities related to email: Email Definitions is a whitepaper from cisco is an excellent source of term commonly found in information security discussion and publications.
What are safe browsing practices?
Web surfing on the Internet can be a lot of fun, uncover a lot of research, and give one great convenience, but it also can bring problems for the unsuspecting user. Visiting untrusted sites and allowing sites to run programs on your browser (with or without your knowledge) can cause severe consequences to your PC, possibly to the point where the PC has to be reformatted and reloaded with the operating system again. Below are some Web resources that discuss malicious sites, and what you can do to protect yourself when Web surfing.
CERT Coordination Center
Where can I find more information on security awareness?
Security awareness is very important to the Internet user. It helps the user understand and identify potential threats and possible vulnerabilities. It is important that you understand the possible problems with security and are aware of what can happen when you use the Internet. The U.S. Government has done a lot of work in this area, and the following link is a comprehensive list of security awareness practices and documentation.
Computer Security Resource Center
How can I protect my password?
Passwords are one of the most vulnerable items a user creates. If they are too complicated, the user may resort to writing them down, but if passwords are too easy, they can be easily guessed by a hacker. Further, humans are creatures of habit, and usually will use the same password on multiples logins. It is important to protect your password and make it strong enough that a potential hacker cannot use any of the available password-cracking tools to uncover your password. Below are a couple of links that will help you maintain a strong password.
The Simplest Security: A Guide To Better Password Practices by Sarah Granger
Choosing Good Passwords