Information SecurityTechnology Services
As a member of the Gustavus Community, we are all responsible for the data we send, store or share across all of our devices. Before we can all work together to continously develop and enhance an information security program at Gustavus, we must have a common definition of what information security is. There are several definitions, but we'll focus on the following one:
Information security is all about managing risks that apply to the confidentiality, integrity, and availability of information. To control these risks we use administrative, physical and technical controls.
Technical controls such as firewalls are only part of information security and are only complentary to administrative and physical controls. Information security is a complex business issue which requires policies, procedures, standards, and door locks in addition to firewalls, and antivirus which are all outlined in The National Institute of Standards and Technology (NIST) Cybersecurity Framework.
To learn more about how you can contribute to the Information security program at Gustavus, please review the policies and guidelines that are linked on the menu to the left to learn more.
If you have any questions, please contact Technology Services at x6111 or helpline@gustavus.edu.
Latest Threat
Spear Phishing
Spear Phishing is a particularly insidious type of email attack because it targets individuals by posing as known colleagues and associates. Without careful validation of the sender's email address, it is easy to overlook, and often, the attacker's requests are simple to fulfill. By opening attachments, clicking links, or performing some other task, the recipient can be exposed without fully understanding the gravity of the situation.
Because of a series of recent spear phishing attempts, Technology Services now requires two-factor authentication using Duo.
More Resources
Anti-virus
Gustavus recommends a current anti-virus product be installed and updated to defend against infections.
- For more information visit: https://gustavus.edu/gts/Virus_protection
Backups
All data must be stored in at least two places to ensure it is not lost. Gustavus provides Code42 CrashPlan Backup service to all Gustavus-owned computers.
- For more information visit: https://gustavus.edu/gts/CrashPlan
Full Disk Encryption
Gustavus recommends enabling full disk encryption to protect the data on your machine from offline access.
- For more information visit: https://gustavus.edu/gts/Disk_Encryption
Phishing and Social Engineering
Gustavus Technology Services will never ask for your password for any reason.
- For more information visit: https://gustavus.edu/gts/Phishing
Password/phrase
A strong unique password/phrase is recommend for all services. It is very important to not reuse your Gustavus password/phrase or any password/phrase across different services. A username and password are no longer considered a secure mechanism for securing your account. Gustavus recommends two-factor authentication
- For more information visit: https://gustavus.edu/gts/Passwords
Two-Factor Authentication
Two-Factor Authentication adds an additional layer of security to your account by requiring an additional method for authentication such as a mobile device. Gustavus requires two-factor authentication on all accounts.
- For more information visit: https://gustavus.edu/gts/Duo_Two_Factor_Authentication
Updates
Make sure to install all updates for your operating system and applications to ensure that it is protected against known vulnerabilities.
- For more information visit: https://gustavus.edu/gts/Windows_Update and https://gustavus.edu/gts/Software_Update