Information Security

The Information Technology department is committed to ensuring the privacy of your information during and after your tenure here at Regent. But we need your help. By staying up-to-date on the latest techniques for information security, you will protect yourself and others against fraud, theft, and worse.

 

Password Security

In simplest terms, Password Security is the process of choosing a difficult to guess password, then keeping it a secret. Since your password/s are the primary protection mechanism for your accounts, a poorly chosen (weak) password may result in compromise of personal user information and possibly confidential Regent University information. As such, all Regent University faculty, staff, and students (including visitors, contractors, and vendors with access to Regent University systems) are responsible for taking appropriate measures to select and secure their passwords.

Attackers can use programs to compromise easily guessed passwords. When an attacker has access to your accounts, then he/she may inherit access to your private information and/or confidential Regent University information. Because of this, the IT department has adopted more strenuous password complexity requirements. Your new password will make it more difficult for an attacker to compromise your accounts. Remember, your password can be super difficult to guess, but if you share it with anyone, you’ve already compromised your accounts. So choose a difficult to guess password, then keep it a secret.

At Regent, we now have a few new requirements to make sure that our users create what we call ‘Strong Passwords’. These are passwords that an imposter could not easily guess. Your new password must:

Be at least eight characters in length
Include one number, one uppercase letter, and one lowercase letter (within the first eight characters)
Must NOT include special characters (!@#$%%^&, etc.)
Must NOT be a password used within the past 270 days

To create such a password, try to utilize phrases instead of words. In this way, you can control what your password is without having some random string of characters that is difficult to remember. Take the following example for instance.

Phrase: “Regent University, Christian Leadership to Change the World.”

We could certainly break this phrase up into many different usable passwords or use the whole phrase if we so choose. For this example, let’s just take the first letter from each word and make a password from it (don’t forget the complexity requirements).

r    U    c    L    2    c    t    W

Great! It meets all of our requirements. Here are some other examples of strong passwords formed from phrases:

Phrase: “The New Testament”
Possible Passwords:
N    w    t    5    7    m    n    t
n    w    t    5    2    M    n    t
n    w    T    5    t    m    n    T

Phrase: Peas and Carrots
Possible Passwords:
P    3    4    s    c    r    t    s
P    e    A    5    c    r    7    s
p    e    4    s    c    R    t    5

In each of these examples, the chosen passwords meet the University guidelines for minimum password criteria. Also, each password is not based on a single dictionary word.

Now pick a phrase for yourself. Maybe a Bible verse, famous quote, or anything you like. Remember, don’t use words or phrases that others may think you will use. Don’t make it easy for someone to guess your password!

Passwords are personal information that should never be shared with any other person, including, but not limited to, instructors, assistants, technology service staff, or supervisors. Users should not transmit passwords via email, as this is an insecure medium. Moreover, users are recommended against writing down passwords and/or storing them in an insecure place. Users sometimes record passwords in personal data assistants (PDAs) or other electronic means. While this is not entirely secure, users are encouraged to strengthen security by utilizing encryption capability. Users are discouraged from storing passwords in plain-text (non-encrypted) on any electronic media. Finally, Regent University recommends that passwords not be shared with external accounts such as AOL, Yahoo!, MSN, or other free or paid services.

If you have many different accounts with separate passwords (a good idea by the way), then you probably struggle to remember which password goes with what account. Either that or you just make your password very simple so that you don’t forget. There are many programs available (some for free) that help manage passwords. Password Safe is one of these programs. It will allow you to store all of your passwords in one database. It encrypts the database using a key based on one single password you choose. From here on out, all you need to remember is the one password to let you in, then find whatever password you need to get into your other accounts. If you don’t like this one, look around. There are plenty of other password programs out there. The point is that you are being diligent in protecting information, but won’t have to remember so many passwords.

Users should contact the Help Desk at 757.352.4076 or helpdesk@regent.edu if a password has been forgotten. The Help Desk has the ability to reset passwords to temporary values. Once a password has been reset, the user should change the password as soon as they are able to gain access to the system.

Regent University recommends that users change their password approximately every 180 days. If at any time a user suspects that his/her password has been compromised, the user should immediately change all passwords to protect individual and university confidentiality.

Our password change process will check each new password to make sure that it meets our new requirements. If it doesn’t, you’ll have to try again. To help reduce the chances of getting rejected, make sure that you’ve satisfied the following checklist.

  • Understand why passwords and secrecy are important
  • Understand which kinds of characters your password MUST include
  • Understand which kinds of characters your password must NOT include
  • Have chosen a good phrase to base your password on
  • Make sure your password meets the complexity requirements

If you are ready to change your password, click here to start our three-step process.

Unsolicited Emails

Spam & Phishing

Spam

Think of Spam as telemarketing through email. In the same way that you receive those annoying calls at dinner, you can receive those annoying emails at work. Spam runs the full gamut of advertising including home financing, hair loss remedys, or even more embarrassing topics. Try as you may, there is no sure fire solution to getting rid of Spam.

Phishing

Simply put, Phishing is an attempt to defraud the victim. Phishers look to trick users into divulging account information of some sort to gain access and steal what does not belong to them. This is a very creative form of social engineering. Be sure that you really are going to do what you think you’re going to do before you do it.

Anatomy of a Phish

How to Identify a Phish

At Regent University, we utilize several layers of filtering to block spam and phishing messages for university Email. Though these methods improve each day, they still lag behind the technologies that the bad guys employ. For this reason, there isn’t a fool-proof solution to blocking spam or phishing messages. Consider this; on an average day, we block more that 20,000 messages. That’s more than half of the incoming messages we receive each day from Internet addresses. Now imagine how much spam or phishing messages would be in your Inbox if we didn’t have the filters in place.

If you do happen to receive an unsolicited Email message, the best thing to do is just delete it without opening it. For that matter, you shouldn’t open any message you receive that is not of a familiar nature. Instead, you should just delete it from your Inbox.

If you get a message in which the originator is trying to trick you (Phishing), you can report it to helpdesk@regent.edu.

Our filters receive frequent automated updates from the vendor. For this reason, most unsolicited Email is blocked before it gets to your Inbox. However, some messages slip through. Though this means that you may receive the message, it also means that our system is building a profile of the messages and may block subsequent delivery requests. Think of it as ‘taking one for the team’. You may be one that receives the message, but you are passively helping prevent the message from reaching others.

For starters, do you even own such an account? Remember, Phishing is Spam (sent to large groups of people) that tries to get you to reveal personal or financial information. If you disclose such information to the perpetrator, it will most likely lead to fraud or identity theft.

Here are some common themes you may see in Phishing emails or pop-up windows:
– System upgrades or maintenance have caused you password to be changed
– Your account may expire if you don’t change your password
– Your account information has changed, please login and verify the changes
– Phishing messages often contain misspelled words and grammatical errors

Many of these target high-volume accounts such as Ebay, Paypal, bank accounts, and online investment accounts. The common theme is that you must login (give username and password) somewhere and do some action. This information may lead a Phisher to compromise your account and execute fraudulent transactions in their favor.

In an effort to protect your assets, ask yourself questions about the authenticity of such emails. These criminals are skillful in mimicking genuine sites so you are fooled into handing over your account information. If you do receive an email from an entity to which you actually do belong; consider the context of the message. Did you solicit such a message from the entity or is it unexpected? If you ever have any doubts about the authenticity of such messages, don’t hesitate to contact them directly to verify the action they are asking you to take.

Remember, your personal information, accounts, and future are at risk in these Phishing scams. Protect yourself from unnecessary disclosure.

Alerts

There has been a rise in messages that include e-card greetings from unknown users. While Regent’s email security servers are preventing more than 95% of spam and virus activity from reaching Inboxes, there are some messages that pass through. Please be advised that e-card greeting messages are heavily being used to transmit viruses and aim to infect your computer. Please use the following general guidelines when opening email messages.

1. Make sure you are running Antivirus software and that the virus definitions are the most current release.

2. Never open messages with subject lines that do not make sense. Examples include reply indicators without you having sent an email in the first place.

3. Be very wary of messages from people you do not know. While we all have to interact with new people, we generally know the business that transpires between parties. If a message comes through from an unknown person with an illogical subject line, give due consideration prior to opening the message.

4. Delete suspect messages without opening them. Sometimes viruses only need you to open a message in order to infect your computer. To avoid this, don’t open messages you think might cause infection.

If you have and questions or concerns about this or any virus or security threat please contact the Help Desk at 757.352.4076 or helpdesk@regent.edu.

Recently there have been emails sent to our users from a bogus address and are not in any manner affiliated with the Regent University Help Desk or IT department. The following describes the message. However, there could easily be multiple variants of this message.

*********
Sender: regenthelpdesk@hotmail.com
Subject: passwords
Message Body:
Please revert back to original passwords due to some technical difficulties until further notice. Thank you.

Computer Services
*********

If you should receive any message from the IT department or University Help Desk and are unsure of its authenticity, please contact the Help Desk at 757.352.4076 or helpdesk@regent.edu.

The FBI today warned the public to avoid falling victim to an on-going mass email scheme wherein computer users received unsolicited emails purportedly sent by the FBI. These scam emails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal web sites. The emails then direct recipients to open an attachment and answer questions.

The email appears to be sent from the email addresses of mail@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a W32/SOBER.JEN@MM worm. The attachment does not open and its goal is to utilize the recipient’s computer to garner information. Secondly, the virus allows the email to be forwarded to all those listed in the recipient’s address book.

The text of the email is as follows:

********************
Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal Websites.

Important: Please answer our questions! The list of questions are attached.

Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-
935 Pennsylvania Avenue, NW , Room 3220
Washington, DC 20535
Phone: (202) 324-30000
**********************

For more information about this scam visit www.fbi.gov

A spam/phishing email message remains in circulation claiming that recipients are eligible for a tax refund from the IRS. The email appears legitimate, but the link included within does not send the user to the IRS website. This reflects typical phishing characteristics and users should remain aware of these types of messages.

The IRS website provides excellent guidance on how to determine fraudulent email. Please read the full details on the Internal Revenue Service’s real website.

Workplace Security

When we mention this term, we just don’t mean the physical security that our Public Safety Office provides. In this sense, we mean doing your duties with the mindset of protecting private and confidential information. This doesn’t necessarily mean that you are purposely doing things to disclose private data. You could be doing things that aren’t considered responsible use. Think about it. Do you do enough to ensure that the information you handle from day to day does not fall into the wrong hands or get into the view of wandering eyes? Workplace Security is a concept that we should all subscribe to. Be sure that you do your job protecting all of the information as if it were your own private data.

Well, it’s basically you using the computing systems in the manner for which we provide them to you. When you become a student, faculty, or staff at Regent University, you are permitted to use our computing systems to complete your work and for limited personal use. You are required to become familiar with the Acceptable Use Policy as it provides guidance for what kind of use is and is not permitted on the university’s information systems. If you are a faculty or staff, you’ve already acknowledged that you’ve read and understand the policy. If you’re a student, this policy is included in your student handbook. Either way, you should become familiar with all of the policies that govern information systems use within the university. This will help you understand how to properly utilize our computers and help you to inform others if they are misusing an information system.

Do’s

  • Do lock your workstation when you are away from your desk (ctrl + alt + del, then click ‘Lock Computer’)
  • Do lock your file cabinets and desk drawers
  • Do clean up the files on your desk and place them in a proper secure container
  • Do ask questions of those who are seeking information, make sure they really need to know
  • Do be alert for people who don’t belong in non-public areas
  • Do provide gentle reminders to coworkers when they may need it
  • Do double-check your workplace to make sure it is secure before you leave

Dont’s

  • Don’t store passwords on your monitor, under your keyboard, or where others may easily find them
  • Don’t walk away from your computer while you are still logged in
  • Don’t give out more information than is necessary
  • Don’t install unnecessary programs on your university owned computer
  • Don’t open Email messages if you don’t recognize the sendor or if the subject line is questionable
  • Don’t log into a computer so that someone else can use it
  • Don’t let anyone connect their personal laptops to the university network
  • Don’t leave your portable information assets (laptop, iPod, Palm Pilot, etc.) unattended

Intellectual Property

If you didn’t create or think of something first, you should be sure to seek licensure or properly credit the bearer of the Intellectual Property rights. We are all somewhat familiar with plagiarism, copyright infringement, trademark violations, patent infringement, and yes, even digital copyright infringement. Though this list is not comprehensive, you get the point. If you have questions about the origin or ownership of something you plan to use, make sure that it’s not already another’s protected work. Even ideas are protected so take care that you don’t use something without properly licensing use, crediting the true source, or violating another’s legal protections.

The Regent University community of teachers and scholars affirms that the biblical principles of truth and honesty are absolutely essential. Indeed, the Bible contains numerous admonitions against false witness, dishonesty and cheating. Upholding the standard of academic integrity with its reliance on honesty is a responsibility of both faculty and students. Conduct that violates academic integrity includes, but is not limited to:

1. Dishonesty. This is lack of integrity exhibited through lying, cheating, defrauding or deceiving. Examples of dishonesty include: copying from the examination paper of another, allowing one’s own examination paper to be copied, reading without the instructor’s consent a copy of the examination prior to the date it is given, giving or receiving unpermitted aid on a take-home examination, class assignment, project and other papers; use of unauthorized aids; submitting the same work product in more than one course without the express permission of the instructor(s); or disclosing or accepting information if one takes a test at a different time than other students in the same course.

2. Plagiarism. This is stealing or using the ideas, writings or images of another as one’s own. It involves failure to acknowledge material copied from others or failure to acknowledge one’s indebtedness to another for the gist of important thoughts in a formal statement, written or oral. Charges of violating academic integrity shall be handled according to established student discipline procedures published in the Catalog and the Student Handbook. (Academic Council, Approved January 1994)

According to Merriam-Webster Online Dictionary, to ‘plagiarize’ means:

  • to steal and pass off (the ideas or words of another) as one’s own
  • to use (another’s production) without crediting the source
  • to commit literary theft
  • to present as new and original an idea or product derived from an existing source

At Regent, we have licensed a software application called SafeAssign. This application let’s our staff and faculty evaluate our students’ submissions.

There are many different file sharing applications available for use over the Internet. When you choose to use one of these, be sure that it shares your music, video and other files legally. In most cases, you should be required to pay a fee to ‘swap’ files. An obvious sign that you are violating copyright is if you are not paying to download new files or share files you have already acquired. Examples may include KaZaA, Gnotella, Limewire, and Morpheus.

You should also understand that having these kind of applications on your personal pc may allow other users to connect directly to your pc. This is an extreme security risk. Further, if you install these kind of applications on your University owned workstation or laptop you are violating Regent policy. By allowing others to connect to a Regent workstation or laptop, you expose the University network to unnecessary security risks. As such, violation of this or other University policies may lead.

Policies

View this Policy Click here to download

Not sure what you may and may not do with your university owned computing systems? Read through this policy to see how you can stay in bounds while using your computer. This policy also provides example of misuse so you can stay on the right path.

View this Policy Click here to download

Because Regent University provides all employees and students with an Electronic Mail (Email) address, we expect our users to abide by this policy. Within it, you will learn what is permissible and what sort of activity you should avoid. It’s true you do have significant leeway when it comes to using your Regent Email account. However, this policy will give you a better perspective regarding appropriate use. Reading and understanding this policy sets you on the right path for sending and receiving Email with your Regent account.

View this Policy Click here to download

So you bring your own laptop to the university? You’ve got temps, contractors, or visitors coming? Be sure you are familiar with the rules that govern who and what may attach to the university’s private networks. We provide a robust wired and wireless public access network for all to use. Make sure that you’re following the guidelines and procedures we recommend so you don’t expose our private network to unnecessary security risks.

View this Policy Click here to download

The Internet has become a revolutionary tool with regard to social networking and there is no shortage of online brokers that offer a place for all to share information about themselves and become more acquainted with others. Unfortunately, there are predatory individuals on the Internet as well and these persons present a real danger to others. For this reason, Regent University offers this notice in an effort to educate its users of the dangers of such information sharing.

View this Policy Click here to download

More information about password requirements and secrecy guidelines. We can’t stress the importance of your password. It’s the only thing that separates an intruder from your personal account information. If you’re a faculty or staff at Regent, there’s even more on the line. If an intruder were to compromise your account, it could lead to FERPA violations, HIPAA violations, or other legislative infractions. Learn how to prevent these pitfalls by reading this policy.

View this Policy Click here to download

Peer to Peer programs are bandwidth hogs and most people don’t even know they have these programs installed. Most peer to peer programs share out copyrighted music and movies which is against the law. This policy breaks down our rules and regulations to protect you and the University.