Information Security

Owned by Joshua Cunningham
Last updated: Nov 19, 2024 by Adam Diener
3 min read

While Campus Safety works hard to ensure the physical safety and security of campus is enforced, ITS is similarly focused on ensuring the computers, accounts, servers, and network are all secure and risk-free. This article goes over things ITS does to provide security for campus as well as tips or responsibilities ITS asks all associated persons to accept in ensuring we are secure.

End-User Responsibilities

Passwordphrase

The first line of defense for all security with MVNU’s technology is a personalized passphrase. We use the term passphrase because we’ve found that limiting to a single password is much less secure than utilizing a phrase. Combining several unrelated words, when coupled with the password requirements make for an unbreakable account.

To illustrate, please enjoy this Humorous Web Comic

Everyone is issued a temporary first-use password that can be used to initially get in to confirm your access, but is not meant to be used full-time for your time here. The password is very simple and extremely easy to hack for anyone with malicious intent. As such, we recommend you utilize the first-use password to login to portal.office.com in order to establish the MFA access (see below).

After getting your MFA set up, we recommend going and changing your password to something easier for you to remember. Visit password.mvnu.edu and you should be able to follow the directions to change your password using the new MFA solution you just finished.

MFA (multi-factor authentication)

Every employee, student, and/or associated vendor with access to an MVNU account needs to have a second layer of protection activated and enrolled. We utilize Microsoft’s multi-factor authentication (MFA) tool to require either a cell phone number for text verification or an authentication app. These tools provide a further level of security so that if someone’s password is hacked, the malicious party still would not have access unless they are also able to bypass or duplicate the user’s phone number or app access.

Before you do anything else, you should sit down at a computer and go through the MFA setup.

*Be cautious that if you get a text message or app notification that you didn’t authorize it is usually indicative that your account password has been breached and you should take steps to reset it. Visit password.mvnu.edu to change it.

Understanding PII

What is PII?

  • Any verification Data (Security Questions)

    • Mother’s Maiden name, Pets' & Kids' names

  • Medical Information

    • Prescriptions, Records, Exams, Images

  • Financial Information

    • Bank, Insurance, Investments, Credit Cards, FAFSA

  • Identity Information

    • Birth Place, Birthdate, Race, Gender, Religion, Location Services, GPS

  • School Information

    • Class schedule, FERPA, Financial Aid, Account Information, MVNU ID#

  • Contact Information

    • Email address, physical address, phone numbers

  • Government-issued identification

    • SSN, Driver’s License, Passport, Birth Certificate

  • Online Information

    • Social Media, Website Passwords

Email Security

Phishing

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

The good news is we can avoid the phish hook and keep our accounts secure with these tips.

1. Recognize

Look for these common signs:

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately

  • Requests to send personal and financial information

  • Untrusted shortened URLs

  • Incorrect email addresses or links, like mnvu.edu

A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.

2. Resist

If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish (scroll down for more instructions on reporting emails) to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. NOTE: If you cannot find the report button in your MVNU account, you can forward the email as an attachment to Cyber.Security@mvnu.edu.

3. Delete

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

A common practice among hackers is an attempt to solicit an end-user’s account credentials or personal identifiable information (PII) through trickery or by mimicking reasonable emails. The rule of thumb is that any email you receive that is asking for any personal information should be met with hesitation and wariness. Things to watch for with emails:

Report Button

For any emails you receive that seem risky, ITS requests you report them to us so we can confirm/refute their legitimacy and so we can monitor for similar (or the same) emails across all the other accounts. There is a button added to every email account in the toolbar that looks like the example here to the right. Clicking this button will remove the email from your inbox and flag it for our cybersecurity team to evaluate.

Malware

Emails can include malware in the form of attachments, and/or even hidden HTML in the email.