Safe Computing Protect your electronic profile means protecting You and Case

1. Safe Computing Protect your electronic profile means protecting You and Case Information Security Office, ITS Case Western Reserve University 2015 Information Security Office Information Technology Services Security.aware.case.edu

2. Information Security Office Information Technology Services

3. Don’t Click on Links in Emails FBI Warning - Business E-Mail Compromise • An Emerging Global Threat08/28/15 • The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details. • “It was not unusual for me to receive e-mails requesting a transfer of funds,” the accountant later wrote, and when she was contacted by the lawyer via e-mail, she noted the appropriate letter of authorization—including her CEO’s signature over the company’s seal—and followed the instructions to wire more than $737,000 to a bank in China. Don’t Click on Links

4. Don’t Click on Links in Emails • Phishing: appear real, but are fraudulent emails intending to compromise credentials for financial or other gain • Real and significant threat to you and if you’re compromised, may present threat to university’s data • Most incidents or breaches are due to human error (inadvertent and/or intended) • When in doubt, forward to help@case.edu Don’t Click on Links

5. Don’t Click on Links in Emails Don’t Click on Links

6. Don’t Click on Links in Emails • Spear Phishing • Looks real ! • Targeted emails with convincing messaging or from a known friend or entity • Expresses urgency • Eg: your account is about to expire • Eg: important student aid document attached • Spelling/Grammar • Has typos • Awkward use of western English (eg: “kindly” or British spellings of words) Information Security Office Information Technology Services

7. Don’t Click on Links in Emails Email Looks real ? • Hover over the URL in the email; it won’t match the supposed message or email purpose • ITS sends many emails; ensure that they’re legitimate before you take action requested in email • EG: your account is about to expire, change your password • EG: your email has met its capacity, click here to increase storage or space capacity Information Security Office Information Technology Services

8. Other Critical Info: to protect yourself • Know PII, PHI, FERPA, AUP • Personal Identifiable Info • Personal Health Info • Acceptable Use • (not ok to attack fellow students electronically or misuse the university systems) • Family Ed. Rights & Privacy • Protects info in educational records • Except where law or law enforcement requires access • What’s public & what’s not- care for your data Information Security Office Information Technology Services

9. Popular Password (easily breakable) Information Security Office Information Technology Services

10. Final Notes/Take Away/Don’t Forget/Please • Do NOT click on links in emails • Danger to you and university • Know what data is restricted and what’s public (graduation date vs SSN) • DO NOT CLICK ON LINKS in emails • If you do, contact help@case.eduas soon as possible Information Security Office Information Technology Services

11. From Case’s Chief Info Security Officer (CISO)Tom Siu • Primary account compromise is via phishing and malware • Do NOT click on links in emails • Contact Help@case.edu if you receive a suspicious email Information Security Office Information Technology Services