Protecting data is a shared responsibility between GW Information Technology and the entire GW community. GW IT provides a number of tips and guidelines for protecting data through encryption, backup and recovery and smart email practices.
Performing regular back-ups is crucial to protecting your information from data loss.
To back up data, simply save copies of your important files, emails and folders. All portable data files stored on drives, disks and mobile laptops that include health data or other sensitive information should also be encrypted and password-protected at all times.
If you use a GW IT-managed computer, you most likely have a network drive you can use for backups. Network drives managed by the IT server support group are regularly backed up by the Division of IT to ensure that recent copies of users' files and information are available when needed. Please ensure that any drive you use is regularly backed up.
The easiest way to back up your information is to enable the feature within your computer's operating system.
When running a data backup, the operating system and programs on your computer are typically not included since you should have copies of the original installation files from when you received the computer, OS and/or software programs.
There are several common locations to store your backed-up information.
There are several common backup options.
Encryption is the conversion of data into a format that is not understandable to users without information such as a username and password. Encryption protects computers and mobile devices in the event of loss or theft. In order to ensure your devices are well encrypted, be sure to set up a very strong password.
The encryption procedure is designed to cover computers and removable storage media that store and process confidential and sensitive electronic data corresponding to the definitions of confidential and sensitive data in the GW Data Classification Policy, which is designed to comply with federal regulations.
The following devices and removable media storing confidential or sensitive GW data require encryption:
Phishing is a type of online scam that uses false emails, forms and websites to collect personal information for identity theft. Such information can include usernames, passwords, Social Security numbers, credit cards and other information. Many of these scams appear legitimate but should be avoided and reported to [email protected].
Phishing messages are designed to look like official correspondence and can be very difficult to detect. However, one thing that may indicate a message is malicious is if it asks for personal or financial information. A phishing email may ask you to visit a link that appears to go to a legitimate site but actually sends you to a malicious site or webform designed to steal your account or personal information.
To avoid phishing scams and to help prevent these attacks at GW, please follow these important guidelines:
Never reply to an email with your password, GWid or PIN. Always hover over links to verify them before clicking. If you have any questions about the validity of a link you see or a message you receive, please forward it to [email protected] or contact the IT Support Center at 202-994-GWIT (4948) or [email protected].
Please read the advisory below from GW Information Technology (IT) for information on how to avoid becoming a victim of ransomware and other phishing attacks.
Ransomware is a type of malicious software that encrypts a user's personal files on an infected computer, making these files inaccessible until a sum of money is paid. Ransomware attacks are increasingly prevalent due to their effectiveness. Victims are paying the ransoms, which incentivize the criminals behind these attacks to continue their campaigns.
You can become a victim of ransomware in a number of ways. Attackers will sometimes send files inside malicious email attachments, or in email links that will result in a ransomware infection, which will block access to your files until a ransom has been paid. You can be susceptible to a ransomware attack by browsing the Internet with unpatched or outdated software. In this instance, you may be redirected to the malicious software through compromised websites or infected ads.
Various types of ransomware are constantly evolving to avoid detection and become more effective. It is possible that anti-virus programs will not detect ransomware once it is installed on a victim’s computer. Most recently, it was discovered that some types of ransomware are capable of locating shared resources on a network, encrypting the files on all shared directories, including department and personal file shares. We expect ransomware to continue to mature and evolve to avoid detection and maintain a high degree of effectiveness.
You play an important role in keeping GW data safe. To reduce the threat of ransomware, we suggest the following:
Backup your important files frequently. Make sure that your backup is not persistently connected to your computer. Please consider the Information Security Policy when determining where to store files. Contact your local support partner or the IT Support Center at 202-994-GWIT (4948) for more information on how you can backup your files.
Disconnect mapped drives or external hard drives when they are not in use. In the event of a ransomware infection, this action will prevent ransomware from encrypting the contents of those drives.
If you manage your own computer, make sure to download and install software updates on a periodic basis. While keeping your operating system up-to-date is important, software that runs in your browser such as Adobe Flash, Microsoft Silverlight and Java should not be overlooked. If you need assistance with updates, please contact the IT Support Center at 202-994-GWIT (4948).
Be aware of any e-mails with unsolicited attachments, directing you to take immediate action or asking you to click on a link.
Report any suspicious e-mails to [email protected] or call the IT Support Center at 202-994-GWIT (4948) before you click!
Additional resources can be found on our website at IT.GWU.EDU.
801 22nd Street, NW B101
Washington, DC 20052