Technology Update - Data Privacy Issue
January 28, 2022
DATA PRIVACY DAY
On January 28th, we observe Data Privacy Day, an international day to raise awareness and promote privacy and data protection best practices. We commemorate the signing in 1981 of Convention 108, the first legally binding international treaty dealing with privacy and data protection. This newsletter provides tips, best practices, and resources to protect your privacy and data from identity thieves, payroll robbers, scammers, intellectual property spies, and other bad actors. For additional resources, visit drexel.edu/it/security and drexel.edu/compliance-privacy-audit/privacy/data-privacy-week/.
ON THE IMPORTANCE OF PRIVACY
"A career is born in public — talent in privacy." - Marilyn Monroe. Humans need privacy to flourish. We are all acutely aware of physical privacy. Yet, we often mind our online privacy too late: once we have lost it. We notice it when we follow the laborious steps of a data breach notification letter, fight to restore our stolen identity, or must explain to the authorities that we did not file fraudulent unemployment claims. Protect your privacy. To reduce the online footprints and crumbs that you leave behind, configure your desired privacy settings on apps, programs, and websites. Be judicious and think critically when sharing information with organizations and individuals. Exercise sound information security practices: strong passwords, multi-factor authentication, awareness training, and software updates.
RECENT MAJOR INCIDENTS
Log4Shell, SolarWinds, Colonial Pipeline, and Microsoft Exchange Server are some major incidents that have occurred in the last two years. These incidents serve as important reminders to regularly update and patch systems and stay up to date with announcements made by the systems' provider(s) on their websites. Drexel students and employees should frequently check for and update all systems and software they're using and alert Drexel Information Security of any incidents.
DEFEND YOUR PRIVACY AND SECURITY
Follow best practices for social media:
Think before you post. Ask yourself if your post contains any sensitive information that should not be made public.
- Do not accept connections from individuals you don't know.
- Be cautious of any odd emails or posts that come from known accounts, as those accounts could have been hacked.
- Never download software or linked files from social media on social networks.
Practice good password hygiene — Use longer easy to remember passwords, update them often, create different ones for every account, use a password manager, and implement multi-factor authentication (MFA).
Be alert for scams — Scams are designed to solicit sensitive information (e.g., passwords, credit card and social security numbers) or money from their targets. Scams can be sent via text messages, emails, or even phone calls. Some recent scams include: COVID-19 testing, free test kits, cures, and vaccinations, gift cards, unemployment, job opportunities, etc. Learn more about ways to protect yourself against scams and view more examples of COVID-19 scams by visiting drexel.edu/it/help/viruses/protect/ and drexel.edu/it/news/news/coronavirus/.
ANOTHER ONE BYTES THE DUST
The number of cyber security incidents has decreased once again thanks to those who have completed the Drexel University Security Training (DUST). However, some members of our community are still falling for phishing scams.
Don't be duped, take DUST! In this training, participants learn how to protect against cyberthreats and receive a SANS security training certificate upon completion.
To request access to this training, students should email email@example.com. Faculty and staff can access the training via Career Pathway in DrexelOne.
Information Security Resources
To stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at https://drexel.edu/it/security.
For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.
Report any cybersecurity incident to firstname.lastname@example.org.