Information Security
While Campus Safety works hard to ensure the physical safety and security of campus is enforced, ITS is similarly focused on ensuring the computers, accounts, servers, and network are all secure and risk-free. This article goes over things ITS does to provide security for campus as well as tips or responsibilities ITS asks all associated persons to accept in ensuring we are secure.
End-User Responsibilities
Passwordphrase
The first line of defense for all security with MVNU’s technology is a personalized passphrase. We use the term passphrase because we’ve found that limiting to a single password is much less secure than utilizing a phrase. Combining several unrelated words, when coupled with the password requirements make for an unbreakable account.
To illustrate, please enjoy this Humorous Web Comic
Everyone is issued a temporary first-use password that can be used to initially get in to confirm your access, but is not meant to be used full-time for your time here. The password is very simple and extremely easy to hack for anyone with malicious intent. As such, we recommend you utilize the first-use password to login to portal.office.com in order to establish the MFA access (see below).
After getting your MFA set up, we recommend going and changing your password to something easier for you to remember. Visit password.mvnu.edu and you should be able to follow the directions to change your password using the new MFA solution you just finished.
MFA (multi-factor authentication)
Every employee, student, and/or associated vendor with access to an MVNU account needs to have a second layer of protection activated and enrolled. We utilize Microsoft’s multi-factor authentication (MFA) tool to require either a cell phone number for text verification or an authentication app. These tools provide a further level of security so that if someone’s password is hacked, the malicious party still would not have access unless they are also able to bypass or duplicate the user’s phone number or app access.
Before you do anything else, you should sit down at a computer and go through the MFA setup.
*Be cautious that if you get a text message or app notification that you didn’t authorize it is usually indicative that your account password has been breached and you should take steps to reset it. Visit password.mvnu.edu to change it.
Understanding PII (Personal Identifying Information)
What is PII?
Any verification Data (Security Questions)
Mother’s Maiden name, Pets' & Kids' names
Medical Information
Prescriptions, Records, Exams, Images
Financial Information
Bank, Insurance, Investments, Credit Cards, FAFSA
Identity Information
Birth Place, Birthdate, Race, Gender, Religion, Location Services, GPS
School Information
Class schedule, FERPA, Financial Aid, Account Information, MVNU ID#
Contact Information
Email address, physical address, phone numbers
Government-issued identification
SSN, Driver’s License, Passport, Birth Certificate
Online Information
Social Media, Website Passwords
Email Security
Phishing
Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
The good news is we can avoid the phish hook and keep our accounts secure with these tips.
1. Recognize
Look for these common signs:
Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
Requests to send personal and financial information
Untrusted shortened URLs
Incorrect email addresses or links, like mnvu.edu
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
2. Resist
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish (scroll down for more instructions on reporting emails) to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. NOTE: If you cannot find the report button in your MVNU account, you can forward the email as an attachment to Cyber.Security@mvnu.edu.
3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
A common practice among hackers is an attempt to solicit an end-user’s account credentials or personal identifiable information (PII) through trickery or by mimicking reasonable emails. The rule of thumb is that any email you receive that is asking for any personal information should be met with hesitation and wariness. Things to watch for with emails:
Report Button
For any emails you receive that seem risky, ITS requests you report them to us so we can confirm/refute their legitimacy and so we can monitor for similar (or the same) emails across all the other accounts. There is a button added to every email account in the toolbar that looks like the example here to the right. Clicking this button will remove the email from your inbox and flag it for our cybersecurity team to evaluate.
Malware
Emails can include malware in the form of attachments, and/or even hidden HTML in the email.