Connecting your computer and other devices to a network or the Internet increases the risk of exposing your system to malware and unauthorized access by others.
在家遵循网络安全最佳实践, and at work or school can help you stay safer and more secure online and better protect your personal information.
Antivirus/Malware
St. 云州 recommends using Microsoft Defender for Windows 10 and Sophos Antivirus for Mac Home Edition software to help faculty, 教职员工和在校学生都保护自己的家用电脑. 微软卫士是内置在所有Windows 10电脑,了解更多下文. 这些杀毒软件选项是免费的.
If you are using Windows 7 SCSU highly recommends 移动 to Windows 10 to receive current security updates. 对Windows 7的支持已经结束.
Be sure to update your virus definitions or schedule them to update automatically to ensure protection.
多因素认证(MFA)
Multi-factor authentication (MFA) enhances data security by verifying a user’s identity through multiple methods such as:
- 你知道的事(e).g. 用户名及密码)、
- 你有的东西(e).g. 移动电话),及/或
- 你是什么.g. 指纹).
St. 云州 requires multi-factor authentication for Office 365 employee and student accounts. MFA for O365 verifies an individual’s identity through their username/password combination, 设备(s)他们选择(e).g. 他们的移动电话和/或工作电话).
MFA is critical for Office 365 services at SCSU to ensure only authorized users have access to restricted and confidential data, 减少对校园社区的网络钓鱼攻击.
了解更多关于 MFA for Office 365.
互联网的守护
More information regarding 互联网的守护, including FAQs, is available on the 明尼苏达州立SharePoint site.
登录说明:
教师: starid@minnstate.edu
学生: starid@go.minnstate.edu
互联网的守护 is a security service implemented system-wide for all 明尼苏达州 institutions. 这项服务将有助于保护圣. 澳门威尼斯人娱乐城校园社区免受各种网络威胁, including phishing attempts and accidental downloads of malicious software like malware.
The service will mostly be invisible to the campus community except for those times that a user clicks on a malicious link or visits a web page identified as containing malicious software. 如果发生这种情况, you will be alerted by a browser screen that informs you why your access to a site was blocked.
If you feel the site was blocked in error, the system will allow you to report the issue to the Minn统计e帮助台. 如果你有合法的需要访问一个被封锁的site, 请联系Phil Thorson, 副首席信息官, and we will work with the 明尼苏达州 System Office to provide solutions that can reach these “bad” destinations without endangering the rest of the campus network.
The service will not protect against all security threats so we are asking users to forward all suspected phishing 电子邮件s to phishing@pulounge.com 继续养成安全使用电脑的习惯.
安全文件传输
MoveItSecurely, 通过明尼苏达州系统获得执照, allows you to transfer non-public/restricted data and large files securely to another person via a secure server. 这项服务适用于拥有StarID的教职员工和学生. 收件人不需要StarID.
作为发送者, you can indicate how many days the recipient has to download the file(s) from their MoveItSecurely "in box.“文件可以保存长达14天.
教职员工的计算机管理权限
如果你有学校拥有的电脑(包括Windows或Mac电脑), 默认情况下, 您的计算机将没有管理员级别的访问权限. The computer has been configured as part of a centrally managed service to automatically receive updates and security patches and software installed either automatically, 或由ITS职员提供, 为你. This allows us to ensure that the University network and its users are not put at risk by computers having incorrectly configured, 电脑上安装了恶意或过时的软件.
虽然这适用于大学的大多数员工, we recognize there are situations that mean some staff may need the level of flexibility given by having local administrator privileges on their computer.
请求管理员权限
要请求计算机上的管理员权限,请提交 计算机管理员权限请求表单.
- 填妥并提交表格至 HuskyTech@pulounge.com 或寄到米勒中心102. Please contact your technician or HuskyTech at (320) 308-7000 if you need assistance in completing the request form.
- 收到您的请求后,ITS工作人员将与请求者协商:
- 确定具体的需求和潜在的替代解决方案.
- Provide a brief overview of possible issues and ramifications of having computer administer privileges.
电子邮件威胁
网络钓鱼
网络钓鱼 is online criminal activity involving fraudulent 电子邮件 messages sent in an attempt to obtain your online account information such as 信用卡, 银行, 或者登录信息. 一旦网络罪犯掌握了你的账户信息, 他们可能会用它来窃取你的身份, 用你的账户购物, 或者发送更多的网络钓鱼邮件.
网络钓鱼通常会:
- 冒充银行, 信用卡, 在线服务或组织IT部门使用看起来真实的徽标
- request personal information or ask for verification or confirmation of information
- 包括一种紧迫感或威胁感
- 以节日、税收季节或新冠肺炎等时事为主题
- 语法和/或拼写错误
- 包括有文本标记为一体的超链接, 而是把鼠标悬停在链接上, 实际的url会有所不同.
诈骗
诈骗 usually arrive by 电子邮件 in the form of spam or fake virus or vulnerability warnings, 促销或优惠听起来好得令人难以置信.
常见的诈骗包括但不限于:
- “如果你收到一封标题为[病毒骗局名称]的电子邮件,不要打开它! 立即删除!"
- "此病毒今天由"(此处指定的信誉良好的组织名称)宣布, 如微软或IBM)
- multiple > > > > > signs in front of each line
- 通过电子邮件连锁邮件向你提供金钱,让你传递信息
- job offers including "work part time from home" or "$300 for a few hours a week"
- 礼品卡或电汇请求
勒索邮件
In these 电子邮件s the cybercriminals claim they hacked into your computer and installed malware. 其中包括对资金的要求, 经常比特币, and threaten to release private information about you if you don’t pay in a certain amount of time.
- 声称拥有你的个人资料和文件
- 可能会说他们记录了你访问可疑site
- 是否可以加入最近数据泄露的密码以使其更可信
举报可疑电邮
- 如果您收到垃圾邮件或网络钓鱼邮件到您的收件箱, 请使用Outlook内置的“报告消息”功能进行报告. 有关说明,请参阅 如何举报滥发讯息及网络钓鱼讯息 知识库文章.
- 如果你没有“报告消息”选项: 创建一个新的空白电子邮件,收件人如下: phishing@pulounge.com
- 将钓鱼邮件拖放到新邮件中. This will save the junk or phishing message as an attachment in the new message.
垃圾邮件文件夹
- St. 云州电子邮件使用微软的高级威胁防护服务. This service helps protect us from malicious phishing attacks by automatically sending most spam and phishing messages to the “Junk” folder.
- 我们警告所有用户不要打开, 转发, 移动, 或回复垃圾邮件文件夹中的任何信息. Unless you were expecting a message or see a message that was incorrectly identified as Junk, all messages in the 垃圾邮件文件夹 should be considered potentially harmful and can safely be ignored.
- “垃圾”文件夹中的电子邮件不需要报告, 因为服务已经确定消息是不合法的.
安全链接
- 安全链接 is a feature that provides an extra layer of security on hyperlinks in 电子邮件 messages. When a link is clicked, the destination is first checked against know malicious websites. If the link is determined to be malicious, a page opens explaining the site is blocked.
- 引用 Office 365 ATP安全链接和安全附件常见问题解答 有关更多信息的知识库文章.
受版权保护的数字媒体
下载或发行受版权保护的音乐, movie and other content from online sites that offer these items free of charge is illegal, 直接违反了联邦数字千年版权法, 违反明尼苏达州立大学和SCSU的政策, 并对您和SCSU网络上的其他人构成网络安全风险.
海盗的site, stream-rippers, 和点对点(P2P)网络是一些常见的获取方法, 分发, 或者分享这些非法盗版材料.
风险
侵犯版权
这是严重的违法行为. Most 音乐 and movies are protected under federal copyright law and cannot be freely shared. Court cases and fines may be filed against those that illegally download and share protected content.
数字千年版权法案, 一项旨在解决数字版权问题的法律, 有非常具体的程序,明尼苏达州立大学和圣. 澳门威尼斯人娱乐城 must follow when notified that someone using our network is allegedly violating copyright law.
恶意软件
许多P2P应用程序和盗版site都可以安装 广告软件 和/或 间谍软件 在你的电脑上. These programs can cause annoying pop-up advertisements and collect information about you and your computing habits. 除了, these programs often interfere with your computer’s operation and can make tasks such as browsing the 网络 frustrating.
P2P网络也经常被用来传播病毒. 虽然你可能认为你正在下载一首新歌或一个节目, you are actually downloading a virus which will infect your computer and spread to other computers on our network and the Internet.
虽然反病毒和反间谍程序可能会有所帮助, viruses and 间谍软件 can be very difficult to completely remove once they get installed. The best way to avoid viruses and 间谍软件 is to not engage in activities (such as P2P file sharing) which put your computer at risk.
资源
网络安全贴士及建议
保持机器清洁
- 保持最新的安全软件: 安装最新的安全软件, 网络浏览器和操作系统是防御病毒的最好武器, 恶意软件和其他在线威胁.
- 自动化软件更新: many software programs will automatically connect and update to defend against known risks. 打开自动更新,如果这是一个可用的选项.
- 保护所有连接到互联网的设备: 还有电脑, 智能手机, gaming systems and other web-enabled devices also need protection from viruses and malware.
- 插头 & 扫描: usb和其他外部设备可能被病毒和恶意软件感染. 使用安全软件扫描它们.
保护您的个人信息
- 锁定您的登录: fortify your online accounts by enabling the strongest authentication tools available, 比如生物识别技术, 通过移动设备上的应用程序提供安全密钥或唯一的一次性代码. 你的用户名和密码不足以保护像电子邮件这样的关键账户, 银行和社交媒体.
- 让你的密码变成一句话: 强密码的长度至少为12个字符. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “我喜欢乡村音乐."). 在许多site上,你甚至可以使用空格!
- 唯一账号,唯一密码: 为每个账户设置单独的密码有助于挫败网络罪犯.
- 写下来并妥善保管: 为每个账户设置单独的密码有助于阻止网络罪犯. 至少, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
小心连接
- 当你有疑问的时候,把它扔出去; 电邮中的连结, social media posts and online advertising are often how cybercriminals try to steal your personal information. 即使你知道消息来源,如果有可疑之处,也要删掉.
- 了解wi-fi热点: limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
- 保护你的$$: 当进行银行和购物时,请检查site是否启用了安全功能. 查找带有“http://”或“shttp://”的网址,这意味着该site采取了额外的措施来保护你的信息. “http://”不安全.
网络明智
- 保持当前的: keep pace with new ways to stay safe online: check trusted websites for the latest information, 和朋友分享, 家庭, 和同事,并鼓励他们对网络明智.
- 三思而后行: 警惕那些要求你立即行动的信息, offer something that sounds too good to be true or ask for personal information.
- 备份: 保护您宝贵的工作, 音乐, photos and other digital information by making an electronic copy and storing it safely.
做一个优秀的网络公民
- 对我更安全,对所有人更安全; what you do online has the potential to affect everyone – at home, at work and around the world. 养成良好的上网习惯有利于全球数字社区.
- 在网上评论别人,就像你让别人评论你一样。 这条黄金法则也适用于网络.
- 帮助当局打击网络犯罪: report stolen finances or identities and other cybercrime to the internet crime complaint center (ic3.政府),并酌情向当地执法部门或州检察长举报.
拥有自己的在线形象
- 个人信息就像金钱. 它的价值. 保护: information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
- 注意被分享的内容: set the privacy and security settings on web services and devices to your comfort level for information sharing. Restricted你分享信息的方式和对象是可以的.
- 小心分享: 在网上发布自己和他人的信息之前要三思. Consider what a post reveals, who might see it and how it could be perceived now and in the future.
数据分类、存储和共享
St. 云州 has chartered a Data Classification initiative to inventory and classify data that is stored on campus systems. Data Classification establishes a foundation for identifying appropriate and consistent information security controls.
Below are the classifications and examples of data elements that fit into each category. It is important to note that those who have access to highly restricted and restricted data must ensure that it is kept secure.
在确定要处理的数据类型之后,使用 最终用户数据存储和共享建议 为存储或共享数据提供指导.
高度Restricted
Institutional data must be classified as "highly restricted" if the data requires limiting access to only persons with a legitimate need to know, 和:
- the data elements for which loss of confidentiality could facilitate identity theft; or
- by law, regulation, or contract, the data requires high-level security controls, or
- the loss of confidentiality could cause significant personal or institutional harm
包括:
- 社会安全号码
- 信用卡/支付卡号码及相关信息
- 财务帐户号码,如银行或投资帐户号码
- 用于访问高度受限数据的安全或访问代码或密码
- Personal health/medical information including insurance policy ID numbers and any information covered under HIPAA
- 非公开调查资料(由法律顾问确定)
- Credentials for IT systems that manage data elements in this classification level
- 生物识别信息
- 受保密协议保护的商业秘密或知识产权
Restricted
Institutional data must be classified as “restricted” if it does not classify as “highly restricted” but the data:
- 按法律是不公开数据的,还是
- 要求Restricted只有合法需要知道的人才能接触,或者
- whose unauthorized disclosure will require statutory notification to affected parties (i.e.,违规通知).
包括:
- 学生记录-入学申请, 成绩单, 试卷, 考试成绩, 评估, 成绩, 学生纪律, 学生课程表, 学生工作者信息, 金融援助, 贷款催收记录
- Student directory information that has been suppressed by the Student class lists
- 大学, university, system office, or faculty trade secret or intellectual property
- 图书馆使用情况
- 包括年龄在内的个人人口统计数据, 比赛, 种族, 性别, 公民身份, 签证状态, 退伍军人或伤残人士, 员工家庭住址/电话, 相关的信息
- 教职员工就业申请, 人事档案, 福利信息, 出生日期, 以及个人联系方式
- 捐赠人联系方式及非公开捐赠金额
- 律师与当事人之间的保密沟通
- 大学, 大学或系统办公室内部备忘录, 电子邮件, 报告, 财务数据被认定为非公开的
- 驾驶执照号码
- 学号(如果不是目录数据)和密码
- 员工绩效信息和其他私人人事数据
- 停车场租赁信息
- Request for proposal vendor responses and scoring information prior to contract award
- Credentials for systems that manage data elements in this classification level and systems classified as Low
- 部分社会安全号码
- 业务连续性和灾难恢复计划
- 根据Minn定义的安全信息. 统计. § 13.37
Low
Institutional data must be classified as "Low" if by law it is available to the public upon request.
包括:
- 某些员工信息名称, 职称, 工作描述, 工作地点和电话号码, 员工标识符, 工资, 养老金总额, 附加福利的价值和性质, 工资考勤表, 教育/培训和以前的工作经验, 第一次和最后一次工作日期, 投诉的存在和状态, 劳动条件解决纠纷, 纪律的最终处置, 在明尼苏达州获得的荣誉和奖励. 统计. § 13.43岁的再分. 2.
- 学生信息(除非被学生压制)姓名, other information identified as directory information by the college/university in its published FERPA policy • Financial data on public sponsored projects
- 课程
- 发票和采购订单
- 预算
- “摘要”或统计数据,不识别个人
- Information authorized to be made available on or through a website that does not require a 明尼苏达州 recognized authentication system (e.g.StarID)
- 发表的研究数据
- 校园地图
- 招聘信息
- 公共领域的信息
报告虐待
技术滥用是指对科技的普遍滥用. 澳门威尼斯人娱乐城的计算资源. Examples of abuse include physical damage to computers and equipment or using St. 以违反法律或政策的方式云计算状态资源, 例如在网上骚扰某人或从St . mail发送垃圾邮件. 云状态电子邮件帐户.
举报滥用资源和任何形式的骚扰涉及St. 云州 电子邮件 or technology services, please contact the IT Security Office at abuse@pulounge.com.