Tag: Enterprise Security

Winter is coming! IT Security professionals at every organization know that at some point they could be under some kind of cybersecurity attack.

It’s the need for such preparedness that drives the information security industry and the demand for professionals to work in that field. At Ohio State, we have an Enterprise Security internship program to help us develop up-and-coming security professionals for our community and our institution, to aid in thwarting such attacks.

Beginning Monday, September 12, Enterprise Security will be implementing BuckeyePass to protect your personal information in the Employee Self Service (ESS) system within Human Resources. BuckeyePass is a multi-factor authentication service that provides a second layer of protection for university. You may already be using multi-factor authentication to log in to your bank account, email or social media accounts.

While Pokémon Go has taken the world by storm, the app’s success has been accompanied by a stark reminder that users need to be aware of the risks that mobile apps can pose to their personal safety. Play safe: be aware of the risks posed by access to you Google account information and location services and by the potential for criminals to use their knowledge of PokeStop and Gym locations to target victims.

It’s time for the OSU community to talk about what ransomware is, and how to protect against it. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Ohio State has seen some instances of ransomware – and the variants of ransomware are rapidly changing.

The Enterprise Security and the Wexner Medical Center Security teams are working together to offer a 90 minute discussion of Ransomware, for interested OSU faculty and staff.

Rockhurst University in Kansas City was targeted with a phishing scam that resulted in the theft of W-2 information from nearly 1,200 university employees. Ohio State was targeted by a similar scheme, but the administrator involved recognized that the email was a phishing message and promptly reported it to report-phish@osu.edu

Enterprise Security staff at Ohio State are seeing an increase in the volume of phishing emails offering users attachments, links or instructions for downloading their W-2 forms. These are fraudulent emails designed to steal your identity and Social Security number. See the full article for tips on how to spot a scam.

An ongoing challenge to managing information security at Ohio State is making sure university organizations comply with federal and state regulations regarding privacy and security. That’s why Enterprise Security has released updated versions of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR):

One of the benefits of higher education is the collaborative nature of our institutions. We collectively appreciate being able to learn from each other and leverage common experiences. Ohio State frequently receives inquiries from others in higher ed with regard to how we are managing our information and IT security.

Everyone who uses university data is responsible for ensuring it remains secure. We have recently changed the classifications on some data elements to better balance operational needs with security requirements.

If your role requires using restricted, private or internal data, please review these updated classifications to ensure you are taking appropriate measures to protect this information.

In the course of your work for Ohio State, you are given access to institutional data. As an institutional data user you must be aware of the responsibilities entrusted to you in preserving the security and confidentiality of this information.