Skip to main content

Guide to Computer & Data Security – As our University and society become increasingly data dependent, it becomes imperative that we proactively safeguard our information. This guide will highlight the data we steward, the reasons we are compelled to protect it, and processes for protecting that data. We will look at methods used by bad actors attempting to purloin our data, discuss password strength, multi-factor authentication, malware protection, file & folder security, encryption, and other methods of safeguarding our information assets.


Top 10 Security Tips

  1. Install antivirus software
  2. Create strong passwords
  3. Enable Two-Factor Authentication
  4. Secure your mobile devices
  5. Keep your devices updated
  6. Lock or log off unattended devices
  7. Download files legally
  8. Beware of phishing scams
  9. Limit your public presence online
  10. Be careful what you store online

Students:

Symantec is no longer available for students because free products like Sophos Home are available.

Security Awareness Training

JCU Information Technology Services is rolling out mandatory interactive cybersecurity awareness training from Knowbe4.com to all faculty and staff. It is mandatory that all faculty and staff complete this annual campaign within six weeks, by March 11th, 2019. You can access your training by going to the KnowBe4 login page using the link below.

Get Started

  • Access KnowBe4 at https://training.knowbe4.com.
  • Enter your JCU email address and it prompts you to log in with your Single Sign-on credentials
  • Click Start Course for 2018 KnowBe4 Security Awareness Training

The security campaign is designed to build awareness and assist our community in getting better at identifying and avoiding malicious cyber attacks.

If you have any questions or concerns, please call the JCU Service Desk at 216.397.3005

Google 2-Step Verification

About

Google 2-Step adds Two-Factor Authentication for an extra layer of security for your JCU Google account. When you turn on Google 2-Step, you will be required to log in with both your password and then an additional security measure, such as a code delivered via text, voice call or mobile app; USB security key; printed backup code; or a push (or pop-up) notification on your smartphone.

Enroll in Google 2-Step

Individual User Accounts (If you are not already enrolled in Google 2-Step):

  1. Visit Google 2-Step Enrollment page and log in with your JCU email address and password.
  2. Click Start Setup and complete the 2-Step Verification settings.

Department Google Accounts

To setup 2FA on your department Google account, the first step in using a delegated mailbox is to set one person up as the administrator for the account. Click here to learn how to delegate mailbox in Gmail.

This person will be responsible for adding and removing people’s access to this account. Once that person is identified they should set up dual authentication for this mailbox following the instructions provided for the individual accounts.

Add & Manage Your Devices

After you have enrolled your first device, you can add more devices and manage your existing devices.

  • Visit Google 2-Step settings page and log in with your JCU email address and password
  • Click Get Started and type your password again
  • Enter your cell phone number and click next
  • Google will send a text message with a verification code
  • On the Verify your Phone page, enter the Verification codeyou received on your phone and click next
  • On the Turn on Two-Step Verification page, click Turn On

Supported Devices

After you set up 2-step verification – accessing your Gmail

  • On Windows or Mac Computers: Access your Gmail and Calendar using your Web browser. This is the supported method. Apple Mail and Apple Calendar are not supported and will not work properly.
  • On your iPhone, iPad, or Android: Access your Gmail and Calendar using Google’s Gmail App and Google’s Calendar App instead of Apple’s Mail App, Apple’s Calendar App, or any other email client which are not supported and will not work properly.
Email Account Forwarding Policy

Discontinuation of automatic Third-party Email Forwarding

John Carroll University is committed to protecting the information entrusted to us. When email accounts are forwarded, we cannot detect and protect the messages from being shared, stolen or infected. The IT Resources and Email Naming Convention and Assignment policies clearly prohibit this activity.

On March 11, 2019, JCU Gmail will no longer permit email forwarding. We are advising that you reconfigure any affected accounts before forwarding is turned off.


To discontinue forwarding your @jcu.edu e-mail account to another mailbox:

  1. On your computer, open Gmail. Log in using your full JCU email address and password
  2. In the top right, click the Gear Icon.
  3. Click Settings.
  4. Click the Forwarding and POP/IMAP tab.
  5. In the “Forwarding” section, click Disable forwarding.
  6. At the bottom, click Save Changes.
National Cybersecurity Awareness Month (NCSAM)

October is National Cyber Security Awareness Month

The internet is a huge part of our lives at work and at home, and no one is immune to cyber threats. Constantly being connected means increased risks to our privacy and security every single day. It is everyone’s responsibility to learn how to behave safely and responsibly online – and when we do, we make the internet safer and more secure for us all.

This month we’ll be talking about how to be aware of the many threats to your online security and the proactive ways you can avoid those threats.

For more info: https://jcu.edu/its/security/national-cybersecurity-awareness-month-ncsam

Antivirus Software

Personal Computers

Symantec is no longer available for students because free products like Sophos Home are available.

Sophos Home Antivirus is available for Windows and Mac OS X at no cost. Download it on your personal computer to keep your computer and the University network safe.

Passwords

Information Technology Services is pleased to announce a new self-service password change process, allowing you to change your JCU Campus Network ID (also known as your Canvas or Desktop login) password without the need to contact the Service Desk. In the event you have forgotten your password, this service will allow you to reset your password on your own as well.

For your convenience, the new self-service password process will also set your Google Apps/Mail password so you will have one less password to remember.

If you wish to change or reset your Campus Network ID password, go to https://password.jcu.edu/ and follow to prompts. If this is your first time using the new process, you will be prompted for a non-JCU email address and three security questions to be used to help reset your password should you forget it in the future.

Along with this new self-service password process, The University is also updating the requirements for your password. This change will increase the security of the environment while making your password easier to remember. Passwords must now:

be at least 12 characters in length

and that’s it. No special characters, capital letters or numbers are required. The password change page will let you know if you choose a weak password or a password that is known to be already compromised. Try to avoid very common phrases or song lyrics. Finally, your password will also no longer expire.

For more information on choosing better passphrases, please visit https://password.jcu.edu/public/passphrase.php

If you have any questions or need further assistance with your campus network id and password, please contact the Service Desk at 216-397-3005 or through self-service at helpdesk.jcu.edu.

Data Protection

Update Your Computer

Patches and Service Packs correct weaknesses in your software. Keeping these fixes up to date will better protect your system and the University network. Check websites frequently for the software you run on your computer; you may need new patches. Ensure your antivirus software is up to date as there are new viruses every day.


Secure Your Physical Documents and Computer

Leaving your computer or print documents unattended or unsecured gives potential thieves an opportunity to steal your confidential information or to install malware on your computer. Follow these physical security guidelines to better protect your data:

In the Lab or Library

  • Public computer labs are a popular hangout for “shoulder surfers” — people who look over your shoulder while you type in your user name, password, or other sensitive information. It’s very easy to decipher which keys you’re typing for your password, no matter how fast you type. Be on the lookout for these surfers when you log in.
  • Avoid online shopping while using a public computer or using a public network.
  • Log out when you’re done.

In the Office

If your office is in an open suite, or if you use a laptop in more than one location, your computer and sensitive files could be at risk.

  • If you use a laptop, physically secure it with a lock.
  • To secure your files and sensitive data, use a system password.
  • To secure your personal computer when you leave it unattended, either log off when you leave, requiring a password to log back on, or use a password-protected screen saver.

You can easily lock your computer by using keyboard shortcuts:

  • Windows: Windows button + L key -OR- Control + Alt + Delete
  • Mac: Control + Shift + Eject

Fires, Drops, and Spills

Laptops require some extra precautions due to their physical vulnerabilities. Following these precautions can help prevent expensive repairs.

  • Do not use a soft surface (such as a bed, pillow, carpet, or couch) as a desktop when using or charging your laptop. These surfaces do not allow the heat that laptops generate to escape, which can cause damage to your computer, or worse, start a fire.
  • Do not let your battery or charger become too hot — for example, by leaving it in your car or in the sun. Extreme temperatures can degrade your battery and reduce its ability to hold a charge.
  • Be cautious if you have liquids near your laptop. If they spill, they can damage your computer and its data.
  • If you bring your laptop with you, always carry it in a padded case of some sort. This will protect it in case you drop it or knock it against something.

Print Documents

  • Don’t leave confidential printouts on your desk, even if you are only away for a few moments — keep them locked in a secure place. If you no longer need these printouts, do not just simply throw them away; shred them.
  • “Dumpster diving” is a popular activity where hackers obtain others’ confidential information from sensitive documents that were not disposed of properly. Shredders are inexpensive and readily available.
  • Remove sensitive data before you sell or donate old computers, smartphones, and other technology. University IT also provides free, secure recycling for personal and University-owned equipment.

Secure Your Web Browser

Your web browser is your primary connection to the Internet, and many applications may rely on your browser to function. Many web applications try to improve the ease of use of your browser by enabling different types of functionality, but some functionality might be unnecessary and also leave your computer susceptible to attack. Some hackers target vulnerabilities in users’ web browsers in order to gain access to users’ computers.

To secure your web browser:

  • The safest approach is to disable the majority of your web browser’s functionality features. If you decide later that you need some of these features, you can always go back and enable them.
  • You should also never allow the browser to “remember” your password for a particular website—this makes it easier for a hacker to steal information.
  • Use the latest supported version of your web browser. Microsoft and other vendors are quick to fix reported security problems in the current releases of their browsers, but they usually don’t go back and fix earlier versions. If you are using an earlier, unpatched web browser, it may be possible for remote sites to view files or email on your computer, monitor your web browsing activities, or make network connections from your machine.
  • Use HTTPS
  • When configuring your browser to use plug-ins and helper applications, make sure any plug-ins and applications you download are from trustworthy sources. Periodically review your browser’s plugins and extensions and remove any that you no longer use.
  • Before clicking on a link in a browser window, check at the lower left of the window to make sure the link address shown is the same as the one indicated on the page, or that the destination is what you are expecting.