bryyxrbedaybrdvx

Our Information Security team is responsible for the university's safe and secure collection, transfer, and processing of information through technology.

Overseeing security of systems, risk management, and incident response, we not only monitor the growing and pervasive cybersecurity threat environment, but also focus on building and sustaining a culture of security, deterrence and vigilance.

We develop and maintain JWU's information technology security strategy, policies, and best practices.

And, we are responsible for security training and awareness programs, as well as PCI (payment card industry) compliance and contract reviews.

Objectives

  • Maintain the confidentiality and integrity of all JWU data collected, transferred and processed through technology
  • Ensure compliance with all applicable federal, state, and local laws, regulations and statutes, as well as contractual obligations
  • Ensure the protection of the university's information technology resources from unauthorized access or damage

Email scams are attempts to defraud you. Classic examples include notices that you've won the lottery and charities requesting donations after a recent disaster.

And, now more frequent, are the emails that state your email account or payroll information needs to be updated.Don't be fooled, these are scams created by criminals who are after your money.


About Phishing

Of the many scams facing JWU students, faculty, and staff while navigating the Internet, phishing is potentially one of the most damaging, with serious consequences if an Internet user is not prepared to identify and avoid such fraud.

In the first 3 months of 2015, our JWU community had 16 victims fall prey to email phishing. (We had a total of 15 victims for the entire 2014 year.)

Phishing is a scam, an email-based attack, that attempts to fool you into taking an action. It tries to trick you into revealing personal or confidential information which the scammer can use illicitly. Typically, such an email looks to be from someone you know or trust, and entices you to take an action, such as clicking on a link or opening an attachment.

Phishing scams come from everywhere, both forged @jwu.edu accounts and others. Although JWU currently blocks most phishing, there are still many cases of JWU users being affected.


Protect Yourself 

  • Be cautious
  • Never give out personal information or credentials via email
  • Look for incorrect grammar, capitalization, and verb tenses
  • Do not immediately click on links. First, hover your cursor over the links; look for inconsistencies. These links may be directing you to a fraudulent website, different from the one claimed.
  • Do not respond to suspicious emails
  • Be suspicious of "immediate action" emails that create a sense of urgency
  • Be suspicious of emails with a generic greeting
  • Just because you receive an email from a friend does not mean he/she sent it. Your friend's computer may have been infected, and malware is sending the email with your friend's list of contacts. Check with your friend to confirm that he/she sent it.
  • Do not download anything from unknown and/or untrusted websites
  • If an email seems odd or too good to be true, it is most likely an attack
  • Never provide login or personal information via email or via a website you click to from a suspicious email.
  • Try this Spam Scam Slam video game -- Do you know when an email is a scam?
  • Manage spam in your JWU email

What JWU IT Does

JWU will never ask for your username or password via email or phone.

There is no emergency or special situation that will ever override this. Do not believe emails directing you to other web pages that ask for your JWU credentials. These are always bogus attempts to steal your information.

Our Information Security team reviews any email that looks suspicious.

Any email determined to be malicious is blocked from going through JWU's network, thus preventing it from spreading within the JWU community.

Email IT with any suspicious email that is received in your JWU email.


If You Think You've Received a Scam Email

Check the email address -- does it really match the email content? Does it match the legitimate email address of the organization it is supposed to be?

Do not click on links in an email you believe to be fraudulent -- it could be a link to a malicious software auto-download.

Check the security certificate of any website into which you are entering sensitive data. The website address should begin with https://. And, some browsers will display padlock symbols in the address and status bars. Anything on a website can be falsified, even if it says it's safe, and it can't be verified by the browser you are using; thus, it shouldn't be trusted.

Type in web addresses yourself -- some emails may link you to a website that appears to have a legitimate address, but is actually fake (ie, jwu.scholarships.com is not the same as a jwu.edu website).


Receive a suspicious email to your JWU email account, that looks like it was sent from a @jwu.edu address? Forward it to ITSecurityTeam@jwu.edu.

Think your computer has been compromised as a result of phishing (slow performance, pop-up ads for anti-virus software, etc)? Contact IT, and reset your JWU account password.

If you have responded to any message of this type, or think your computer has been compromised as a result of phishing (slow performance, pop-up ads for anti-virus software, etc), please contact IT. We will send you a follow-up email with instructions on how to proceed.

And, remember to always reset your JWU password immediately afterwards.

If you think you may have given relevant account information to identity thieves, change the passwords for your personal accounts and call the organizations that maintain those accounts (especially for bank accounts).

Next Steps

Here are common file sharing questions and answers, provided for informational purposes only.

Note: Peer-to-peer (P2P) file sharing applications are not supported by JWU IT.


What is file sharing?

In general, file sharing is the practice of making files available for other individuals to download. It can be as simple as sharing a file on a web page for general consumption, or enabling file sharing on your personal computer in order to access them from work. 
What is P2P sharing?


What is P2P sharing?

The most common and controversial method of file sharing is use of peer-to-peer (P2P) software. This includes software such as Limewire, E-Donkey, Kazaa, Morpheus and BitTorrent.

P2P software is installed by the computer owner and appears somewhat innocuous in its behavior. You install the software, then use it to download "free" music, videos, etc. However, this "free" music is generally copyrighted material that you have downloaded from other computers in the P2P network. In addition, your computer becomes part of this network, enabling other individuals on the Internet to download music from your computer. You have now illegally downloaded and distributed copyrighted material.


Why is file sharing illegal?

The majority of P2P file sharing involves copyrighted or restricted material such as music; sharing such material is illegal. A copyright grants exclusive rights to the material's creator/owner of the material and its distribution. By distributing this material without permission, the distributor is violating copyright law and is subject to penalties under the law.

However, not all file sharing is illegal. For instance, it is legal to share non-copyrighted material or material with permission of the creator.

For more information, see Wikipedia's article on File Sharing and Wikipedia's article on Copyright.


What harm can P2P software do to my computer?

Several commercial P2P file sharing programs install adware and/or spyware on your computer. They are also a common source of malware, such as viruses and Trojan horse software.

For more information see Wikipedia's article on File SharingMalware and Trojan Horse software.

In addition to serving up unwanted advertisements, these programs may gather personal data from your computer to send back to the parent company, alter your computer settings, and interfere with your computer's performance.

For more information see Wikipedia's article on Spyware.


What are the consequences if I choose to use P2P software on my computer?

Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505.

Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.

For more information, see the U.S. Copyright Office website, especially their FAQ's.

Violations may result in the termination of your access to the Internet via the university's Internet system and student conduct review actions up to and including dismissal from the university.


What is the RIAA?

RIAA, Recording Industry Association of America, is the trade group that represents the US recording industry.


Legal Alternatives for Acquiring Copyrighted Material

EDUCAUSE maintains a list of legal alternatives for downloading or otherwise acquiring music, video, images, or other copyrighted material:

Music Download and Streaming Sites

  • Sound Cloud
  • Ektoplazm - Free and legal pystrance, techno, and downtempo music
  • Bandcamp - Music directly from artists
  • Archive.org - Live music archive; listen and download thousands of hours of free music from over three thousand bands and artists
  • Archive.org - Recorded music
  • UnsignedBandWeb.com - Unsigned and emerging bands and artists
  • SoundClick.com - Unsigned and emerging bands and artists
  • DJBooth.net - Hip hop songs
  • Jamendo.com - Creative Commons licensed music
  • CCMixter.com - Remixes, samples, and mash-ups licensed under Creative Commons
  • StereoKiller.com - Punk, Hardcore, Metal
  • Sterogum.com - Indie music for download and streaming
  • IndieRockCafe.com - Indie rock music, new songs, popular rock bands, top album releases, free MP3s
  • Anti.Com - "Real artists creating great recordings on their own terms”
  • MP3.Com - Huge collection of free music for download and streaming
  • Spinner.com - Free music every day
  • iCompositions.com - Music created with Apple's GarageBand
  • FreeMusicArchive.org - Free music archive from WFMU

 

Movie Download and Streaming Sites

  • Open Culture.Com - 550 free movies online; Great classics, indies, noir, Westerns, etc
  • Archive.Org Movies - Free archive of classic, new, animations & cartoons, movies, etc
  • Open Culture - Free cultural and educational media on the web
  • Filmnet.Com - Social community-based video content
  • YouTube Screening Room Channel - Top films from around the world
  • Creative Commons - Search for movies and media under the CC license
  • Vodo.net - Independent films released on P2P Networks

Where can I get more information?

Wikipedia:

Other resources:

Regardless of any information you may read and follow in this or any other article, you are ultimately responsible for copyright violations and illegal file sharing, that may result from having file sharing of any type enabled on your computer.

Be Smart Everywhere: In Class, at Home, Online

Empower yourself with simple actionable steps to actively manage your online activities at work and at home. Understand how your personal information might be collected and the benefits and risks of sharing personal data.

 

Use your Smartphone Smartly

Your phone can be just as vulnerable as any other computer device. Apps, staying logged in, plugging in via USB... these are all potential ways that hackers can get to your phone.

Great articles on this: 


Public WiFi is Not Secure

Anything you type can be intercepted. This leaves your text message to a friend or online payment open to anyone. Protect Yourself While Using Public WiFi (video). And, remember that one of JWU"s connections is an open network, WIFIJWU.


Own Your Online Presence

On your computer and mobile devices, set the privacy and security settings to your comfort level for information sharing. It's ok to limit how and with whom you share information.


Privacy is Everyone's Business

Ninety-one percent of Americans believe they've lost control over how their personal information is collected and used by companies. ( Pew Research Center)

Empower yourself -- and protect JWU information and your own personal information -- with simple steps to actively manage your online activities at work and at home. One first simple step is to use technology tools that meet JWU's information security and legal standards.

JWU's Skype for Business is a one example of how we can securely and reliably conduct conference calls via phone and/or video. Staff & faculty: Get your own Skype for Business account.

Privacy vs. Security: Both Matter

Hackers can guess as many as 200 word combos a second. So, make your passwords long, complex and unique for every site.


Your Password is the Key to your Kingdom

It proves who you are (sometimes called 'authentication'), when you use your email, are banking or shopping, and when you use your smartphone or tablet. So, to protect your information, and JWU's, be sure to make your passwords strong.


Strengthen Your Passwords

The best way to create a strong password is to use a long password; the more characters you have, the better. And, instead of using a single word, use multiple words -- or even a complete sentence. This type of password is called a passphrase. It will be stronger, and you'll remember it more easily! Learn how to create a passphrase and use it securely. (PDF)


Your Privacy Settings

Software updates for apps and products can change privacy preferences back to a default setting. This can mean less privacy and more sharing. Check your privacy settings often; make sure they're set at your comfort level of sharing.


Do Not Share Passwords

Remember to keep your passwords to yourself. And, no one should be asking you for it. JWU employees will never ask for your password -- and you should not offer it. If someone IS asking, beware -- it could be a scam.

Strengthen Your Cyber Defenses

Keep cyber threats away from your devices. Play in Nova Labs' Cybersecurity Lab and learn about real-world attacks, cyber terms, and how to defend against malicious hackers.


Your Post Can Last a Lifetime 

Before posting online, think about how it might be perceived now and in the future, and who might see it.


Know What's Being Shared

When you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.


What Info are You Sharing, and with Whom? 

Your selfie can be more than just a cute photo, similar to everything you do online. See if you pass Nova Labs' privacy and over-sharing quiz.


Golden Rule = Do Unto Others 

Post about others as you'd have them post about you.


Data Can be Permanent

Think before you post. Stop TMI (video).

Submit junk (spam) or phishing scam messages to Microsoft:

1. Create a new, blank email.

2. Address the email to the Microsoft team that reviews messages as follows:

3. Copy and paste the junk or phishing scam message from your inbox into that email (as an attachment).

4. Click Send.