Enrollment Management IT Security Training

In this training course, you will learn about our IT policies for Enrollment Management, as well as how to keep our data secure.

Introduction

We will be covering the following topics in this training:

  • Business Continuity
  • FERPA
  • Social Engineering
  • Access and Passwords
  • Email, Phishing, and Messaging
  • Browsing
  • Data Destruction
  • Working Remotely
  • Help Requests
  • Conclusion

Business Continuity

Business Continuity in Enrollment Management

UMBC Enrollment Management (Undergraduate Admissions, Financial Aid, Academic and Pre-Professional Advising, and Registrar) provides critical and time sensitive services to members of our community including internal and external constituents.  Rare and unforeseen circumstances may occur which could impact delivery of these services.  In the event of such occurrences, we are committed to being prepared to promptly resume critical operations, minimizing the impact of these disruptions on our constituents.  Members of the UMBC community can be assured in knowing that our business continuity planning has prepared us well to sustain critical services without significant disruption.

In our planning, we have 1) identified potential scenarios which could significantly impact delivery of services and 2) developed strategies to mitigate these risks:

  • Campus Delayed Opening/Closure
  • Staff Absence and Transition
  • Disruption of Data System
  • Disruption of Interdependent Services

Each area in Enrollment have created business continuity plans and documentation specific to their area. Your supervisor will go over these with you in detail.

You can read about our commitment in detail here: http://enrollment.umbc.edu/commitment/

FERPA

FERPA

Family Education Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act of 1974 (FERPA), as amended, is a Federal law that sets forth requirements designed to protect the privacy of student education records.  The law applies to UMBC because it receives funds under an applicable program of the U.S. Department of Education.  UMBC is committed to protecting education records of students to the extent required by law.

The purpose of this procedure is to ensure UMBC’s compliance with FERPA which sets forth requirements designed to protect the privacy of student education records.  FERPA gives students certain general rights with respect to their education records:

·      Students have the right to inspect and review the student’s education records maintained by UMBC;

·      Students have the right to request that UMBC correct records which the student believes to be inaccurate or misleading; and

·      UMBC must have written permission from the student in order to release any information from a student’s education record.

This procedure applies to all employees, students, contractual agents of UMBC, parents of dependent students, and individuals or organizations requesting access to student information.

Your supervisor will go over FERPA procedures specific to your area.

You can read more about FERPA in detail here: http://registrar.umbc.edu/services/records/privacy-and-the-release-of-education-records/

Social Engineering

Social Engineering

Social engineering is the art of human manipulation. Cyber attackers pretend to be someone or something you know or trust, such as your bank, a coworker, or a tech support company, and then use that trust to get what they want, often by simply asking for it.

These attacks can happen a variety of ways, including email, instant messaging, over the phone, or in person. They use numerous tricks to get your attention, such as offering free downloads, announcing that you won a contest, or pretending that your computer is infected. In addition, these attacks often appear to be legitimate, such as including an official logo or a formal signature. Their goal? To get you to share information or take a specific action, such as opening an infected attachment.

How can you protect yourself from social engineering attacks? Be suspicious if someone asks you for information they should not have access to, they use confusing or technical terms, or they create a tremendous sense of urgency. If you feel you are under attack, simply hang up the phone or ignore the message and contact the IT team right away.

---

To learn more, view the SANS Securing the Human video titled Social Engineering.

Access and Passwords

Access and Passwords

Your passwords help secure your identity, your personal information, and our organization. Make your shield even stronger by using strong passwords and protecting them.

To begin with, do not create passwords that use information that is widely known about you, such as your birth date or pets' names. You also do not want to use simple passwords, such as 123456. These are far too easy for cyber attackers to guess. Instead, create strong passwords by making them long. Every character you add to your password increases its strength.

Use a different, unique password for each of your accounts. That way, if one of your accounts is hacked and your password is compromised, your other accounts are still safe.

Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password it is no longer secure.

If you accidentally share your password with someone else, or believe your password may have been compromised or stolen, be sure to change it immediately and contact the IT team.

---

To learn more, view the SANS Securing the Human video titled Passwords.

Email, Phishing, and Messaging

Email, Phishing, and Messaging

Phishing is a type of social engineering attack. It works by an attacker sending you an email or message that tricks you into believing it is real, such as pretending to come from your bank or a well-known store. The email then fools you into taking an action, such as clicking on a link, opening an attachment or completing a form. Taking any one of these seemingly harmless actions could infect your computer.

Be suspicious of any messages requesting highly sensitive information, such as your credit card number or password.

If you receive a message from someone you know, but the tone or message just does not sound like him or her, be suspicious. Call the sender to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.

In addition to phishing, you can be your own greatest risk. It is very easy to accidentally email or message the wrong person. For example, with email features like auto-complete, you may try to email someone in finance, but accidentally end up emailing an old friend. Always check that you are emailing the correct person before sending your email, especially when sending something sensitive. Also, remember that once you send an email, that email is no longer under your control. It could be forwarded to others whom you never intended to have read it.

If you are not sure if an email or message is a phishing attack, contact the IT team.

---

To learn more, view the SANS Securing the Human video titled Email, Phishing, and Messaging.


Browsing

Browsing

Browsers are one of the primary ways we interact with the Internet. As a result, browsers are primary targets for cyber attackers.

Always use the latest version of your browser. Updated browsers have the latest security patches and are much harder to hack into. Not sure if you have the latest browser update? Contact the IT team to confirm.

Stay safe online by not connecting to websites when you receive a warning. Modern browsers can recognize certain malicious websites designed to cause you harm. If your browser warns you that the website you are about to visit is dangerous, close it and find the information on a safer website.

---

To learn more, view the SANS Securing the Human video titled Browsing.

Data Destruction

Data Destruction

The goal of disposing data is to ensure that it cannot be recovered. Utilize our shredding bins to securely dispose of paper documents. If you find confidential data on your hard drive, be sure to delete the file(s) AND empty the trash can. CDs and thumb drives that contain confidential data can be given to the IT team to be properly destroyed.

---

To learn more, view the SANS Securing the Human video titled Data Destruction.

Working Remotely

Working Remotely

Technology is enabling more and more of us to work away from the office, either from home or while on the road. This gives you tremendous flexibility, but also has certain risks.

Ensure that only authorized individuals have access to any system used for work. For example children, guests or other household members may not have access to or use your work computer.

While at home or traveling, ensure that any devices you use for work are physically secure. For example, if you must leave your laptop in your car, first secure it in your trunk. If you are using your laptop at a conference all day, consider using a laptop cable lock to secure it. In addition, always double check and be sure you do not forget your devices while traveling, such as when you go through security at the airport, dropping off a car rental or when checking out of your hotel room.

When connecting your laptop or tablet to a public Wi-Fi network like those at an airport lobby, coffee shop or a hotel, remember that other people may be able to monitor your online activities or even attack your device and your communications. Be sure to login into the VPN prior to logging into online systems.

Always be sure to password lock your device whenever you leave it. This protects your device from people walking up to it while you are away and accessing it. Do not allow others to connect devices to your laptop such as their smartphone or USB sticks, as these could be infected as well.

Finally, if you believe any of the devices or systems you use for work have been compromised, lost or stolen report it to the IT team immediately.

---

To learn more, view the SANS Securing the Human video titled Working Remotely.

Help Requests

Help Requests

We have a growing knowledge base of IT topics common to Enrollment Management. You can access it anywhere at any time at emtech.umbc.edu. You can also submit help requests on this website on the Submit a RT Ticket tab. Help requests are answered within 24 hours, unless it is an emergency.

Conclusion

Conclusion

We hope our training has made you feel more confident to protect yourself against today’s cyber attackers. Remember, cyber attacks can happen anytime and anywhere. While technology can help protect us, you are ultimately the best defense we have. When you do your part to help protect our systems, we are all safer and more secure. If ever you have any questions about information security, please contact the IT team.