Information security and data privacy starts with you. Stay up to date on practices, procedures and policies to limit risks and keep data and information out of the wrong hands.

Information Security and You

The menu below contains important information on keeping your data, accounts and devices safe and secure.

If you have an immediate question regarding information security or about any of the information presented below, do not hestitate to contact the ITS Support Center at support@colby.edu, 207-859-4222 (x4222 on campus), or by visiting Lovejoy 146 on the ground floor of Lovejoy.

Workstation and Computer Security

  • Require a password or fingerprint to log on to your computer or mobile device
  • Ensure there are no unnecessary accounts on the computer
  • Log off or password-lock computer when not in use
    • Set the screen saver to require a password
    • Lock the computer whenever leaving the workstation
  • Do not allow anyone else to use your computer unless they use their own account
    • If someone needs access to your computer, contact the ITS Support Center at support@colby.edu or 207-859-4222.
  • Do not leave removable media (discs, CD’s, flash drives, etc.) inside or connected to your computer if not in use
  • Secure your workspace by locking doors and windows as appropriate
  • Turn your computer off at night (so it is off the network)

Account and Password Security

  • Set strong passwords by meeting the following criteria:
    •  At least eight characters in length
    • One or more punctuation characters (non-letter, such as ! or &)
    • Can not contain a dictionary word (a word that can be looked up in a dictionary)
    • Can not contain any part of your name or account/login
  • Do not write passwords down
    • If you must write a password down, do not write the associated account
  • Never share password or account information
    • If someone else requires shared access to your computer, contact the ITS Support Center at support@colby.edu or 207-859-4222.
  • Never use a Colby account password with any non-Colby account (or non-Colby ITS managed account)
  • Use strong passwords (see the first line under Account and Password Security) on any account tied to personal, financial or otherwise sensitive information
  • Never use Colby passwords for such accounts on ‘junk’ accounts, such as Hotmail or Gmail
  • Never send account or password information (in text form) through electronic text communication (e-mail or chat/instant messaging)—use the telephone or deliver passwords in person
    • “Phishing” attempts (usually e-mail and web scams) often ask for passwords, account and/or financial information (credit card or bank account numbers). Visit the ITS fraudulent e-mail page for more information on e-mail scams
  • Never have web browsers, e-mail or other programs save (or ‘remember’) accounts and passwords
    • If a web browser prompts to ‘remember me,’ choose ‘never’
    • Regularly clear browser history, temporary files, and other stored information
      • Contact ITS for assistance in configuring these options. Contact the ITS Support Center at support@colby.edu or 207-859-4222.
    • Change your password often
    • If you suspect that your password has been compromised for any reason, change it immediately and notify the ITS Support Center at support@colby.edu or 207-859-4222.Services at scshelp@colby.edu or ext. 4224
    • Remember that if someone else can use your Colby computer because they have your password, they can also access all other campus resources to which you have permission.

Internet and Software Security

  • Regularly check for and download software updates
  • Employ anti-virus software
    • Ensure that it is kept up-to-date
      • College-owned computers have Sophos installed to automatically update and run daily; however, users should notify ITS if regular updates do not occur. Contact the ITS Support Center at support@colby.edu or 207-859-4222.
    • Ensure that system scans are automatically run on a regular basis
  • Delete (never respond to) unsolicited e-mails or any messages from an unknown sender or source
  • Never send account or password information through e-mail or chat/instant messaging
  • Never click an a web link in an unsolicited or unknown e-mail, even if it appears to be from a legitimate source (such as a greeting card or retail company).
  • Never forward virus or other warnings to people other than support as the warning may actually be a hoax
  • Never download files (through a web browser or other means) or open e-mail attachments unless you are sure of the provider/source and the contents
  • Do not click on web browser popup windows unless from a trusted source
    • Activate popup blockers within all browsers and only grant permission to trusted sites
    • Contact ITS if you constantly receive popups or any other browser behavior problems (such as a changed homepage or bookmarks). Contact the ITS Support Center at support@colby.edu or 207-859-4222.

Data Security

  • Be organized—keep track of where your data are, both on your computer and in physical form (CD/DVD, flash drive, paper copy, etc.)
  • Verify access permissions for the folders in which you store files with sensitive information to make sure other accounts on your computer cannot access those files
    • Contact ITS support with any questions about access permissions. ITS Support Center at support@colby.edu or 207-859-4222.
  • Backup all important data
    • College-owned computer owners, ensure that central backups are being made and contact ITS if you have problems or questions. Contact the ITS Support Center at support@colby.edu or 207-859-4222.
  • Password protect and/or encrypt files containing sensitive data
    • Assume that your computer will be stolen and that the thief will have access to all your files—what will they be able to access?
  • Securely delete sensitive documents
    • Use secure file deletion that overwrites the file, making it impossible to recover the contents.

Network Security

  • Use the Colby VPN (virtual private network) when sending sensitive data (via web, email) or connecting to campus servers over untrusted network connections, such as:
    • Wireless networks (including the ‘Colby Wireless’ open network)
    • Off-campus networks (home DSL/cable networks, hotels, airports, other offices)
  • Turn off the wireless network radio in your computer when not in use to avoid accidental use and/or compromise
    • Contact ITS for assistance on locating the on/off control. Contact the ITS Support Center at support@colby.edu or 207-859-4222.
  • Be wary of any wireless networks (even those with registration or WEP encryption) especially those in public places (hotels, airports, businesses)
    • Use strong encryption (WPA or WPA2) whenever possible
    • If encryption is not available, use the VPN
    • Do not use email client software (Eudora, Outlook, Entourage, etc.) over a wireless connection without first connecting to the VPN
  • Maintain awareness of wireless network connections and profiles stored in software
    • Avoid automatically connecting to open (and especially public) wireless networks
    • Do not store open/public networks in wireless profiles
    • Contact ITS support for assistance on managing wireless profiles. Contact the ITS Support Center at support@colby.edu or 207-859-4222.

Transferring Data Securely

There are an increasing number of ways to copy or transmit data among individuals and accounts. Sometimes the easiest way may not be the most secure, especially when the data includes sensitive or private information. Use the following recommended methods of transferring or sending data especially if the data is sensitive in nature:

Transferring data between computers, mobile or other members of the Colby community

  • Use Filer to perform this action.
    • Filer is an on-campus only file server for access to file storage space.
      • Filer is firewalled, blocking it’s availability from the rest of the Internet.
    • Use this link to view access instructions for both Windows and Mac users.

Transferring data between a Colby faculty/staff/student and someone not associated with Colby

  • Use Colby’s Dropbox Service.
  • There are two distinct kinds of users that will be accessing the Dropbox system:
    • inside users, who are associated with Colby.
      • An inside user is allowed to create a drop-off that is to be delivered to anyone, whether he or she is an inside or outside user,
    • and outside users, which encompasses the rest of the Internet.
      • An outside user is only allowed to create a drop-off that is to be delivered to an inside user.
  • Colby Dropbox has a file limit of approximately 2 GB.
  • Colby Dropbox holds the information you “drop” into it for seven days before it is securely deleted.
  • Colby Dropbox encrypts the information while it is in transit and while at rest.

Data Security Tips

    • Be organized—keep track of where your data are, both on your computer and in physical form (CD/DVD, flash drive, paper copy, etc.)
      • It is poor practice to use removable devices (thumb drives, external Hard Drives etc.) to transfer sensitive information. (If the device ends up lost or misplaced, Colby, by law, will need to report the event which will cause financial and reputational loss).
    • Verify access permissions for the folders in which you store files with sensitive information to make sure other accounts on your computer cannot access those files.
    • Backup all important data
      • College-owned computer owners, ensure that central backups are being made.
    • Password protect and/or encrypt files containing sensitive data
      • Assume that your computer will be stolen and that the thief will have access to all your files—what will they be able to access?
    • Securely delete sensitive documents
      • Use secure file deletion that overwrites the file, making it impossible to recover the contents.

Phishing and Fraudulent Email

Telling the difference between a legitimate email, message or popup and a fraudulent one is not easy. Vigilance is needed to carefully review who is sending the message, the address that the message actually came from, and what the message says or is asking for. Some common methods of identifying phishing or fraudulent email include messages that contain some of the following elements:

  • Claims to be from a company or vendor that you do not have an account with
  • Spelling or grammatical errors in the subject line or text
  • Vague references in the subject line or text, such as ‘RE: Your Account’ or ‘Dear Valued Customer’—if they know you have an account, they should know who you are
  • Requests for unnecessary or irrelevant information (such as a date of birth)
  • URL/website links within the message, such as unnamed (direct IP address, i.e. http://10.42.107.92) and manipulated or invalid host names (the name does not match the vendor’s or has been manipulated)
  • Requests to transfer money or purchase gift cards
  • No clear purpose at all – i.e. “do you have a minute?”

Test yourself by taking a simple online test.

If you receive a message that you believe is fraudulent and you do not know the sender, delete it. If you do know the sender and are suspicious about the message, contact the sender directly (at an address or phone number that you know) to verify the authenticity of the message – do not reply to the suspicious message.

If you think you may have accidentally responded to or fallen victim to a phishing attempt, make sure to immediately change any accounts or passwords that may have been compromised. If it is a Colby account, follow the instructions here: www.colby.edu/password. If it is a vendor (bank, credit card, online merchant) account, contact that vendor to have your information changed.

If you receive any email or other message on your computer requesting personal information (such as an account name, password, date of birth, or social security number), please review the following information before continuing any further. Always remember that Colby Information Technology Services (ITS) will NEVER request your personal information over electronic mail. Furthermore, you should always avoid sending any personal information via electronic mail.

As always, if you have questions about email fraud or computer security, contact the appropriate Colby ITS Support Center at support@colby.edu, 207-859-4222 or stopping by Lovejoy 146.

Ransomware

 

Ransomware Infographic provided by Wombat Security

Traveling Internationally

International travelers should limit the amount of sensitive information that is stored on or accessible to any mobile device taken on the trip.

  • Backup your data and remove files from your device that you don’t need.
    • TIP – Consider moving your documents to a College-provided folder (Filer) that you can access remotely instead of carrying these files on your local device(s).
    • TIP – Loaner computers may be available, consult ITS Support to see if this is an option.

Traveling internationally can pose significant risks to information stored on or accessible through the computers, tablets and smartphones that we take with us.  Some of the risk is associated with increased opportunities for the loss or theft of the device due to the increased amount of direct physical handling of the equipment by individuals, and just merely the distraction of traveling. Additionally, our devices are put at risk because they will use networks that may be managed by entities that monitor and capture network traffic for competitive or malicious purposes.

US Customs and Border Protection – Quick Reference

Inspection of Electronic Devices

Printable Travel Guide

Pocket Guide to Protecting your Data

Preparing for a trip:

  • Identify “high risk” countries you plan to visit
    • State.gov issues current travel alerts & warnings.
  • Understand the sensitivity of the data you bring or access.
    • Customs and Border Patrol can’t search what you don’t have. Limit what you bring with you.
    • Removing unnecessary sensitive data from any device will reduce risk of exposure who may gain access to the device.
  • Learn about software and hardware travel restrictions
    • import /export controls differ by country – care needs to be taken when traveling to certain countries.

Considerations during a trip:

    • When traveling by air, TSA recommends that travelers carry their laptops on to their flights instead of placing them inside checked baggage.
      • A laptop, even if it is in a laptop bag, does not count as a flyer’s carry-on item. In addition to a traditional carry-on bag, flyers are also allowed to bring one extra item on to a flight with them.
    • Avoid using public workstations
      • Public workstations cannot be trusted. Anything entered into one of these systems – IDs, passwords, etc… may be captured and used.
    • When accessing any Colby College resource use VPN where allowed.
      • VPN access may be limited based upon where you are located, as some do not allow VPN access from their county or province.
    • Be aware of your surroundings when working on your devices.
      • Shoulder surfing is a common way in which people can learn your passwords and usernames.
    • In the event of a theft or lost device contact the ITS Support Center at support@colby.edu or 207-859-4222.

Upon return to campus:

  • Change any passwords you used during your travel.
    • Upon returning home and returning your loaner device, change any passwords you used while you were traveling. Perform this from your normal Colby issued device