Protect Information

Protect

Protecting data is a shared responsibility between the Division of Information Technology and the entire GW community. The Division of IT provides a number of tips and guidelines for protecting data through encryption, backup and recovery and smart email practices. 

 

Backup and Recovery

Performing regular back-ups is crucial to protecting your information from data loss.

To back up data, simply save copies of your important files, emails and folders. All portable data files stored on drives, disks and mobile laptops that include health data or other sensitive information should also be encrypted and password-protected at all times.

Division of IT-Managed Computers

If you use a Division of IT-managed computer, you most likely have a network drive you can use for backups. Network drives managed by the IT server support group are regularly backed up by the Division of IT to ensure that recent copies of users' files and information are available when needed. Please ensure that any drive you use is regularly backed up.

Unmanaged Computers (Personal Laptops and Desktops)

The easiest way to back up your information is to enable the feature within your computer's operating system. 

When running a data backup, the operating system and programs on your computer are typically not included since you should have copies of the original installation files from when you received the computer, OS and/or software programs.

Backup Locations

There are several common locations to store your backed-up information. 

  • Network drives (such as shared drives on GW-owned computers)
  • Removable media (such as CDs, USB drives and floppy disks)
  • Hard drive partitions (if your hard drive has more than one partition)

Backup Types

There are several common backup options.

  • Full backup (copies all of your important information and can take up a lot of both time and space)
  • Differential backup (saves files that you have added or edited since your last full backup)
  • Incremental backup (saves files you have added or edited since your most recent backup)

Encryption

Encryption is the conversion of data into a format that is not understandable to users without information such as a username and password. Encryption protects computers and mobile devices in the event of loss or theft. In order to ensure your devices are well encrypted, be sure to set up a very strong password.

Procedure to Encrypt Computers and Removable Storage Media

The encryption procedure is designed to cover computers and removable storage media that store and process confidential and sensitive electronic data corresponding to the definitions of confidential and sensitive data in the GW Data Classification Policy, which is designed to comply with federal regulations.

  • Family Educational Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Payment Card Industry Data Security Standard (PCI DSS)

The following devices and removable media storing confidential or sensitive GW data require encryption:

  • Laptops
  • Desktop computers
  • USB flash drives
  • CD and DVD media
  • External hard disks
  • Portable hard drives
  • Files sent out as email attachments

How to Encrypt Your Devices

  • All workstations that store or access sensitive and confidential data as defined in the GW Data Classification Policy must be encrypted by installing encryption software. Files and backups from medical devices stored on removable media that store confidential or sensitive data must also be encrypted.
  • Whenever confidential or sensitive information is placed on removable media such as CDs, DVDs or portable hard drives, such data must be encrypted. Any time files containing confidential or sensitive data are emailed, such file attachments must be encrypted.
  • Strong passwords must be used to protect computers. Password-protected screensavers that lock the computers after five minutes of inactivity must be used to protect the computers. Files transferred to removable storage media using encryption software or files sent out as attachments after they are encrypted using encryption software must be protected with strong passwords.
  • Removable media containing confidential or sensitive data must be kept safe and in secure locations.

Information Security Policy

Phishing Scams - Don't Get Caught!

Phishing is a type of online scam that uses false emails, forms and websites to collect personal information for identity theft. Such information can include usernames, passwords, Social Security numbers, credit cards and other information. Many of these scams appear legitimate but should be avoided and reported to abuse@gwu.edu.

Detecting a Phishing Scam

Phishing messages are designed to look like official correspondence and can be very difficult to detect. However, one thing that may indicate a message is malicious is if it asks for personal or financial information. A phishing email may ask you to visit a link that appears to go to a legitimate site but actually sends you to a malicious site or webform designed to steal your account or personal information.

Don't Get Caught

Never reply to an email with your password, GWid or PIN. Always hover over links to verify them before clicking. If you have any questions about the validity of a link you see or a message you receive, please forward it to abuse@gwu.edu or contact the IT Support Center at 202-994-GWIT (4948) or ithelp@gwu.edu

Recent Phishing Attempts

The Division of Information Technology (IT) has recently received reports of phishing scams targeting hospitals, health systems and their employees. These scams take the form of fraudulent emails directed towards hospital employees. The fraudulent emails contain links that installed Ransomware software that significantly affected operations by locking files on computers and enabling malicious software to spread. Another means of spreading malicious software is through infected files found on USB drives.

To avoid phishing scams and to help prevent these attacks at GW, please follow these important guidelines:

  • Always be wary of emails and ads from unknown senders or messages requesting account verification, confirmation or upgrade, payment or personal information such as your passwords, GWid, Social Security number or credit card information. Be wary of any unexpected or unsolicited attachments.
  • Never plug in a USB stick into a GW-issued computer unless it is a GW-issued USB or from an otherwise trusted source
  • Please ensure that your computer is patched with the most recent operating system updates.
  • The Division of IT recommends not using the same password for multiple accounts.

If you believe you have received a phishing email, please do NOT reply to it or click on any links. If you have already done so, please contact the IT Support Center immediately at 202-994-GWIT (4948) or ithelp@gwu.edu.

If you have any questions about the validity of a link you see or a message you receive, please forward it to abuse@gwu.edu.

Protect Yourself From Ransomware

Please read the advisory below from the Division of Information Technology (IT) for information on how to avoid becoming a victim of ransomware and other phishing attacks.

Ransomware is a type of malicious software that encrypts a user's personal files on an infected computer, making these files inaccessible until a sum of money is paid. Ransomware attacks are increasingly prevalent due to their effectiveness. Victims are paying the ransoms, which incentivize the criminals behind these attacks to continue their campaigns.

You can become a victim of ransomware in a number of ways. Attackers will sometimes send files inside malicious email attachments, or in email links that will result in a ransomware infection, which will block access to your files until a ransom has been paid. You can be susceptible to a ransomware attack by browsing the Internet with unpatched or outdated software. In this instance, you may be redirected to the malicious software through compromised websites or infected ads.

Various types of ransomware are constantly evolving to avoid detection and become more effective. It is possible that anti-virus programs will not detect ransomware once it is installed on a victim’s computer. Most recently, it was discovered that some types of ransomware are capable of locating shared resources on a network, encrypting the files on all shared directories, including department and personal file shares. We expect ransomware to continue to mature and evolve to avoid detection and maintain a high degree of effectiveness.

You play an important role in keeping GW data safe. To reduce the threat of ransomware, we suggest the following:

  • Backup your important files frequently. Make sure that your backup is not persistently connected to your computer. Please consider the Information Security Policy when determining where to store files. Contact your local support partner or the IT Support Center at 202-994-GWIT (4948) for more information on how you can backup your files.

  • Disconnect mapped drives or external hard drives when they are not in use. In the event of a ransomware infection, this action will prevent ransomware from encrypting the contents of those drives.

  • If you manage your own computer, make sure to download and install software updates on a periodic basis. While keeping your operating system up-to-date is important, software that runs in your browser such as Adobe Flash, Microsoft Silverlight and Java should not be overlooked. If you need assistance with updates, please contact the IT Support Center at 202-994-GWIT (4948).

  • Be aware of any e-mails with unsolicited attachments, directing you to take immediate action or asking you to click on a link.

  • Report any suspicious e-mails to abuse@gwu.edu or call the IT Support Center at 202-994-GWIT (4948) before you click!

Additional resources can be found on our website at IT.GWU.EDU.