Information Security

About Information Security: (Quick Link for this Page: it.cmich.edu/security )
OIT's Office of Information Security and Chief Information Security Officer (CISO) provide information security leadership, guidance, activities, and awareness to protect the confidentiality, integrity, and availability of the University's data, systems, and users. See more on the About Information Security page (internal access only). To report an issue, incident, or concern, contact the OIT Help Desk at (989) 774-3662.

Protecting Your CMich Account/Identity:
In additional to the controls implemented by OIT and Information Security to protect University data, systems, and users, individuals have a responsibility to protect themselves and their CMich accounts, access, and identities too. This page contains links and advice (security awareness) to help.

To Report a Security or CMich Account/Identity Issue, Incident, or Concern:

Contact the OIT Help Desk at (989) 774-3662.
In an Emergency, Contact the CMU Police at (989) 774-3081 or dial 911
To report a lost or stolen CMich device, call the Help Desk at (989) 774-3662
To report lost or stolen Personally Identifiable Information (PII), email security@cmich.edu

Information Security Quick Links:

Protecting Your Own Identity (General FAQs; Login required first)
Locked out? (My CMich account has been disabled - now what?)
OIT's Policies, Standards, and Guidance Page
All University Administrative Policies
Examples of PHISH emails at Phish & Chips (login required first)

Information Security Training:

University Information Security Awareness Video 2017-2018

Changing Your Global ID Password, Anti-Phishing Advice, and more.

OIT-Staff STH Information Security Training (Pre-enrollment required)
Information Security Training for Researchers & Staff (Take the two NIH Privacy and Security entire courses your first year, then the combined refresher annually)
A good, anti-phishing YouTube video from Canada's Safety in Canada group (turn off auto-play to prevent next video play)
Example Student Security Awareness Video (U of Rochester, Security Top Ten List)

Email Rules and Encryption:

Securing emails using [encrypt]: To secure emails using encryption, add [encrypt] anywhere in the subject line (include the square-brackets). We recommend adding it to the beginning of your subject lines so it doesn't get truncated, if forwarded. NOTE: This is an Office 365 "transport rule" that changes the way the email gets sent, so test it yourself first, to be sure you know what to expect and what others will see, before you start using it.
Pop-Up Advice? CMU has Office 365 rules to auto-detect and advise on securing SSN (Social Security Number) and other sensitive or Restricted information, when sending emails. You should always use encryption when transmitting any Restricted information. You may see this advice as a pop-up, or as a reply email too.

Phishing Simulations (Self-Phishing Exercises):

CMU has previously run limited-engagement phishing simulations (self-phishing exercises) as part of assessing social engineering risk and improving email security. Beginning in Fall 2017, CMU will explore ongoing phishing simulations that may include groups of email users or all email users at CMU (including Alumni). These simulations will be conducted both to assess phishing risks, and to educate email users in what to watch out for, as well as how to best handle or react to phishes.
If you suspect an email is a phish, send it to spambusters@cmich.edu. A phishing email is a fake email trying to get you to click an attachment or link and give away your login or other confidential information. See our Phish & Chips section for more information and real phishing examples we've received. And remember: verify it first, don't just click those links!
We recommend you not even open emails you weren't expecting and just delete them. Or if you think they're spam or phishing, forward them to spambusters@cmich.edu and/or flag them as junk. Don't open them, don't click the links, but especially, don't submit your login credentials! (Always check the link or form URL first, to make sure it's a cmich.edu link or form)

Blocked Websites and Links, and Blocked Email Addresses or Senders:

CMU has implemented a new, smart ("next generation") network firewall that includes continuously updating features that recognize and auto-block web sites (or clicked links to web sites) that are confirmed malicious or harmful.
CMU may also block sending to and receiving from email addresses known to be malicious, or trying to steal from or scam CMU email users (for instance, those sending ransomware or other viruses, those offering fake jobs in order to either steal your money or your private information, or those seeming to offer money or services designed to steal money from those who respond). See the Email Scams link at right for the notice about scammers.

Additional Information Security Awareness Topics (OUCH Newsletters from SANS):

Here are links to SANS.org "OUCH" Security Awareness Newsletters (PDF files, English langauge versions. You can also find these by searching the Internet for: SANS OUCH. Additional langauge versions available at the archive link, at the bottom of the list). Note: these lnks all go to sans.org resources!

March 2018: Top Tips to Securely Using Social Media
February 2018: Securing Your Mobile Devices
January 2018: Creating A Cybersecure Home
December 2017: Lock Down Your Login
November 2017: Shopping Online Securely
October 2017: Helping Others Secure Themselves
September 2017: Password Managers
August 2017: Backup & Recovery
July 2017: Gaming Online Safely & Securely
June 2017: Lessons From WannaCry (Ransomware)
May 2017: Securing Today's Online Kids
April 2017: Passphrases
March 2017: Securely Using Mobile Apps
February 2017: Staying Secure on the Road
January 2017: Social Engineering
December 2016: Securely Disposing of Your Mobile Device
November 2016: Using The Cloud Securely
October 2016: Four Steps to Staying Secure
September 2016: Email Do's and Don'ts
August 2016: Ransomware
July 2016: CEO Fraud
June 2016: Encryption
May 2016: Internet of Things (IoT)
April 2016: I'm Hacked, Now What?
March 2016: What Is Malware?
February 2016: Securing Your Home Network
January 2016: Securing Your New Tablet
December 2015: Phishing
November 2015: Shopping Online Securely
October 2015: Password Managers
September 2015: Two-Step Verification
August 2015: Backup & Recovery
July 2015: Social Media
June 2015: Educating Kids on Cyber Safety
May 2015: Securing the Cyber Generation Gap
April 2015: Passphrases

More OUCH newsletters (the complete archive) including in other languages