UVM technology leaders and staff are monitoring the news around emerging global cybersecurity threats as a result of recent sanctions against Russia. We continuously engage with partners across Higher Education and in law enforcement to improve UVM’s defensive posture. As always, though, we need your help, and “the usual advice” is now more important than …
Author Archives: Sam
When the Attacks Aren’t Just Cyberattacks
5 min. read ISO intern Josh Baker contributed the “protecting others by protecting ourselves” theme to this article. Others have eloquently addressed the injustice that is the ongoing Russian aggression against the people and the state of Ukraine; suffice it to say that no one deserves to be subject to physical violence, and we dearly …
Continue reading “When the Attacks Aren’t Just Cyberattacks”
The Password Is Dead: Long Live…Anything Else!
Executive Summary [read time: approx 1.5 min.] Passwords by themselves are no longer sufficient for protecting your information and UVM’s information from everyday attacks. UVM is moving to require multi-factor authentication (MFA) to protect the most critical information at first, and all of the university’s online assets in the long run. This means that logging …
Continue reading “The Password Is Dead: Long Live…Anything Else!”
Ransomware Alert
A new form of malware is making its way to the University of Vermont: Ransomware is a particular form of malicious software which prevents you from accessing your own data. Once the software has locked down any data to which you have access, it demands that you pay a ransom in order to have access …
Visiting Questionable Websites (or, Using Your “Internet Hazmat Suit”)
National Cybersecurity Awareness Month is an annual opportunity for folks like us to encourage folks like you to adopt a simple, three-point approach to keeping yourself and your information safe online: STOP. THINK. CONNECT? With each phishing campaign that’s conducted against UVM’s students, faculty, and staff, the Information Security Office receives dozens of notifications from astute members of …
Continue reading “Visiting Questionable Websites (or, Using Your “Internet Hazmat Suit”)”
Physical Information Security for Everyone
National Cybersecurity Awareness Month is an annual opportunity for folks like us to encourage folks like you to adopt a simple, three-point approach to keeping yourself and your information safe online: STOP. THINK. CONNECT? As weird as it might seem, there are physical aspects to securing information about you: Before your data are stolen or corrupted, there’s a need …
Continue reading “Physical Information Security for Everyone”
Traveling Abroad without Making the News (Mobile Tech Edition)
Occasionally, a member of the community approaches the ISO Team to ask for our advice on traveling safely with mobile technology. While individual circumstances (including the nature of the mobile technologies/data in play, the nature of the trip, the particular destination) will dictate specifics, our general recommendations (below) will cover a lot of ground for …
Continue reading “Traveling Abroad without Making the News (Mobile Tech Edition)”
How Do *You* Spell “Shutdown”?
With so much (*ahem*) “excitement” in Washington this week, it’s little wonder opportunists would seize the moment and go on a domain-registration spree, seeking to capitalize on interest in these topics of nationwide scope. The incident handlers at the Internet Storm Center (sponsored by SANS) posted an entry to their Diary today entitled: “Obamacare related …
Stolen Devices and the Inconvenience of Time Travel
Since the beginning of 2010, UVM Police Services has sought ETS’s help in 104 device-theft cases pertaining to UVM students, faculty, and staff. One recurring theme is that there are two simple steps that users can take to reduce the impact a stolen device has on themselves and the institution, and that these steps can …
Continue reading “Stolen Devices and the Inconvenience of Time Travel”
Using URL Shorteners
We’ve all seen URLs shortened by bit.ly and its cousins: Unwieldy juggernauts like http://www.megaconference.us/register.qxv?event=megacon%20xxviii&wonderment=true%20enough%20for%20mom&prepop=1&campaign=225817558&api_key=3e7a67b1f9c00d601dbe reduced to tidy morsels like http://blag.foo/5Vf2. Who doesn’t enjoy that? It’s cleaner! Efficient! More user-friendly! Information security pros, that’s who. Why? Because it’s opaque. How did you know that clicking http://go.uvm.edu/9utlr (if that’s how you got here) was going to bring …