Information Security Services
Formerly known as Identity Finder
Get more help from the user guides. They have instructions on how to use Spirion results.
What is Spirion?
Spirion is a program that assists with managing sensitive data. The program can locate Personally Identifiable Information (PII) stored on a computer, file shares, or external media. PII is defined as any data that could potentially identify a specific individual.
Information used to distinguish one person from another or could be used for de-anonymizing anonymous data is considered PII. This includes, but is not limited to: credit card numbers, bank account numbers, social security numbers, birthdates, passwords, driver's license numbers, addresses, passport information, employee identification numbers, maiden names, etc.
Spirion locates it on your computer and provides easy ways to manage the data. Properly managing this type of data reduces the footprint of sensitive data and minimizes the risk for identity theft.
Information Techonlogy has acquired a site license for Spirion.
Multi-FACTOR AUTHENTICATION (MFA)
In an effort to increase the security on campus the Information Security Office is working on implementing Multi-Factor Authentication (MFA) for employee logins.
What is Multi-Factor Authentication?
Instead of requiring just one piece of secret information, like a password, Mulit-Factor Authentication (MFA) requires a few pieces of secret information to authenticate.
Most implementations follow the rule:
something you know & something you have & something you are
This usually takes the form of a password, biometrics, plus a one-time code. These one-time codes can be sent via SMS to a trusted phone associated with the account that is being logged into, a token, or generated by an app.
When a user successfully authenticates they are proving that they know the password and they have access to the trusted device. Attackers may know the password but without the one-time code they are unable to login to the account.
What is a Phishing Attack?
Email that is sent to you impersonating a known organization or business asks you for your login credentials or sends you a URL that they control. Once they get you to log in they can then get access to your personal data and/or the network access to the Campus.
Users who pass along this information do so with the best intentions and often do not realizes they have provided the thieves with sensitive information until its to late.
PhishMe is a product that allows organizations to launch mock phishing attacks against their own employees. It demonstrates the danger of phishing attacks. Employees who are caught by the fake attack are able to access resources on how best to prevent falling for the attack in the future.
Lost Campus Equipment
Contact the University Police at (657) 278-4308 to inquire about lost property.
If the item you lost was issued by IT, please indicate on the form the complete details about the date, including type of data, that was lost.
The device's access to our network and the stored data is more valuable than the device itself. Having a strong password on your device, may lower the risk of a security breach.