Information Security

Technology Services

As a member of the Gustavus Community, we are all responsible for the data we send, store or share across all of our devices.  Before we can all work together to continously develop and enhance an information security program at Gustavus, we must have a common definition of what information security is.  There are several definitions, but we'll focus on the following one:

Information security is all about managing risks that apply to the confidentiality, integrity, and availability of information.  To control these risks we use administrative, physical and technical controls.

Technical controls such as firewalls are only part of information security and are only complentary to administrative and physical controls.  Information security is a complex business issue which requires policies, procedures, standards, and door locks in addition to firewalls, and antivirus which are all outlined in The National Institute of Standards and Technology (NIST) Cybersecurity Framework.

To learn more about how you can contribute to the Information security program at Gustavus, please review the policies and guidelines that are linked on the menu to the left to learn more.

If you have any questions, please contact Technology Services at x6111 or

Latest Threat

Spear Phishing

Spear Phishing is a particularly insidious type of email attack because it targets individuals by posing as known colleagues and associates. Without careful validation of the sender's email address, it is easy to overlook, and often, the attacker's requests are simple to fulfill. By opening attachments, clicking links, or performing some other task, the recipient can be exposed without fully understanding the gravity of the situation.

Because of a series of recent spear phishing attempts, Technology Services now requires two-factor authentication using Duo.

More Resources

Plus Icon Anti-virus

Gustavus recommends a current anti-virus product be installed and updated to defend against infections.

Plus Icon Backups

All data must be stored in at least two places to ensure it is not lost. Gustavus provides Code42 CrashPlan Backup service to all Gustavus-owned computers.

Plus Icon Full Disk Encryption

Gustavus recommends enabling full disk encryption to protect the data on your machine from offline access.

Plus Icon Phishing and Social Engineering

Gustavus Technology Services will never ask for your password for any reason.

Plus Icon Password/phrase

A strong unique password/phrase is recommend for all services. It is very important to not reuse your Gustavus password/phrase or any password/phrase across different services. A username and password are no longer considered a secure mechanism for securing your account. Gustavus recommends two-factor authentication

Plus Icon Two-Factor Authentication

Two-Factor Authentication adds an additional layer of security to your account by requiring an additional method for authentication such as a mobile device. Gustavus requires two-factor authentication on all accounts.

Plus Icon Updates

Make sure to install all updates for your operating system and applications to ensure that it is protected against known vulnerabilities.