Security

Owned by Joshua Cunningham
Jul 26, 2023
3 min read

While Campus Safety works hard to ensure the physical safety and security of campus is enforced, ITS is similarly focused on ensuring the computers, accounts, servers, and network are all secure and risk-free. This article goes over things ITS does to provide security for campus as well as tips or responsibilities ITS asks all associated persons to accept in ensuring we are secure.

Cybersecurity

ITS has 1 (one) full time employee whose primary focus is to investigate, monitor, and implement security measures for all technical aspects to campus. They work with an internal ITS committee for security discussing policies, known vulnerabilities, training planning, etc… Their focus includes the following:

  • Endpoint security - Sophos running on Laptops, Desktops, & Servers

  • Network security - Firewalls, Network traffic, & Breach management

  • Account security - MFA, compromised accounts,

End-User Responsibilities

Passwordphrase

The first line of defense for all security with MVNU’s technology is a personalized passphrase. We use the term passphrase because we’ve found that limiting to a single password is much less secure than utilizing a phrase. Combining several unrelated words, when coupled with the password requirements make for an unbreakable account.

To illustrate, please enjoy this Humorous Web Comic

Everyone is issued a temporary first-use password that can be used to initially get in to confirm your access, but is not meant to be used full-time for your time here. The password is very simple and extremely easy to hack for anyone with malicious intent. As such, we recommend you utilize the first-use password to login to portal.office.com in order to establish the MFA access (see below).

After getting your MFA set up, we recommend going and changing your password to something easier for you to remember. Visit password.mvnu.edu and you should be able to follow the directions to change your password using the new MFA solution you just finished.

MFA (multi-factor authentication)

Every employee, student, and/or associated vendor with access to an MVNU account needs to have a second layer of protection activated and enrolled. We utilize Microsoft’s multi-factor authentication (MFA) tool to require either a cell phone number for text verification or an authentication app. These tools provide a further level of security so that if someone’s password is hacked, the malicious party still would not have access unless they are also able to bypass or duplicate the user’s phone number or app access.

Before you do anything else, you should sit down at a computer and go through the MFA setup.

*Be cautious that if you get a text message or app notification that you didn’t authorize it is usually indicative that your account password has been breached and you should take steps to reset it. Visit password.mvnu.edu to change it.

Understanding PII

What is PII?

  • Any verification Data (Security Questions)

    • Mother’s Maiden name, Pets' & Kids' names

  • Medical Information

    • Prescriptions, Records, Exams, Images

  • Financial Information

    • Bank, Insurance, Investments, Credit Cards, FAFSA

  • Identity Information

    • Birth Place, Birthdate, Race, Gender, Religion, Location Services, GPS

  • School Information

    • Class schedule, FERPA, Financial Aid, Account Information, MVNU ID#

  • Contact Information

    • Email address, physical address, phone numbers

  • Government-issued identification

    • SSN, Driver’s License, Passport, Birth Certificate

  • Online Information

    • Social Media, Website Passwords

Email Security

Phishing

A common practice among hackers is an attempt to solicit an end-user’s account credentials or personal identifiable information (PII) through trickery or by mimicking reasonable emails. The rule of thumb is that any email you receive that is asking for any personal information should be met with hesitation and wariness. Things to watch for with emails:

Report Button

For any emails you receive that seem risky, ITS requests you report them to us so we can confirm/refute their legitimacy and so we can monitor for similar (or the same) emails across all the other accounts. There is a button added to every email account in the toolbar that looks like the example here to the right. Clicking this button will remove the email from your inbox and flag it for our cybersecurity team to evaluate.

Malware

Emails can include malware in the form of attachments, and/or even hidden HTML in the email.