4/10: COVID-19 Cybersecurity Awareness for Faculty

April 10, 2020

Dear Faculty,
We would like to commend all of you for your continued commitment and agility during this challenging period. The evolving situation related to the COVID-19 crisis continues to create complexity and uncertainty, and every morning we awake to new developments.  

We recognize that remote teaching is a significant adjustment for many, and it brings its own unique challenges. This pandemic is raising many questions, including broader concerns around the security and privacy of information related to all of us and those we are charged with protecting, which means it is increasingly important for you to practice daily behaviors to protect the privacy and security of your and your students’ information.

We are writing with a request to familiarize yourself with the important cybersecurity best practices included in this note. The trojansecure.usc.edu website has additional security related tips and is continually being updated with new cybersecurity resources to support you and your students.  

Our teams are here to help you to better weather the onslaught of opportunistic cybercriminals and focus on your health, the health of those you love, and your teaching. By following cybersecurity best practices, you can better protect yourselves and those you care about against these attacks.

Securely accessing USC sites and learning platforms – USC has enabled access to certain platforms to deliver courses online. We ask that you securely access these platforms. If you have any questions about accessing USC’s Virtual Private Network (VPN), please contact ITS support or visit keepteaching.usc.edu.
Beware of “Zoombombing” – This is a form of internet trolling in which someone takes advantage of certain Zoom features to interrupt meetings and lectures. As the worldwide pandemic continues, and more and more people communicate online, Zoombombing is becoming more common in online classes, business and other meetings. We recently updated USC’s global Zoom security settings to safeguard our learning environments and address potential privacy issues, which includes implementation of a Waiting Room. Please make note of the security practices below to help secure your classes.
Set a password and closely monitor the Waiting Room for all classes.

  • All students who sign in to Zoom with their USC credentials will be automatically admitted to your class. 
  • It is extremely important to verify each person in the Waiting Room before they are admitted to class.
  • Please reinforce with your students to log in to Zoom using their USC credentials so they may avoid the Waiting Room.
  • Remember to follow student privacy policies and protect student information. 
  • Additional tips may be found on our keepteaching.usc.edu site.

Zoom Public Meetings – There are two Zoom Public Meeting options: 1) Zoom Webinar and 2) Zoom Meeting. Zoom Webinar is the best option for security. This matrix provides a high-level overview of these options to help you to determine the Zoom session that best aligns with your public event. Whether you use a Zoom Meeting or Zoom Webinar, we recommend these security settings when conducting a public meeting with Zoom.
Beware of increased phishing attempts – Misinformation abounds on the internet, so be wary of any stimulus payment or COVID-19-related emails or text messages. Even if the email or text message is from an address you might recognize, be sure to look at the actual sender to verify. As a general rule, do not click links in emails that are not from a trusted source. If you want to access the website referenced, we recommend you type in the website’s URL in your browser.
Keep your passphrases safe – Strong, complex passphrases are the best defense mechanism against online data theft and keeping your devices secure in case they are lost or stolen. We ask that you never use the same passphrase more than once or on multiple sites. 

Secure your computing devices – With the majority of your teaching and other activity taking place on your computer, we’d like to highlight that you have access to free Sophos Endpoint Security available for securing your USC and personal computing devices. Simply go to our trojansecure.usc.edu site and locate the “Installing Sophos Home on Personal Devices (Windows and Mac)” section in the menu on the left-hand side of your screen. Follow the instructions there for installing Sophos on your various computing devices.
Listed below are other best practices to ensure the security of your mobile devices and the privacy of your information:

  • Avoid connecting to unsecure Wi-Fi networks
  • Only download applications from trusted sources
  • Beware of unsolicited calls or messages
  • Set automatic locks on your device with a passphrase/password
  • Regularly update your device’s operating system (OS) and application
  • Enable device-wiping 
  • Learn how to track your phone in advance if it is lost
  • Go to trojansecure.usc.edu for more information

Secure your internet access – Please set up your Wi-Fi with a complex password/ passphrase. If your network is secured with a weak password or if your wireless SSID is exposed, you could be putting all the devices on your network and your confidential information at risk. Visit trojansecure.usc.edu for more information on how to secure your home network.

Globally, many people are anxious about COVID-19 and the unknowns that it poses. Our community is doing an outstanding job rising to the challenge. Thank you for your commitment to the well-being of our USC community. 

We’re in this together! Fight on!

Best regards, 

Douglas Shook, Ph.D.
Chief Information Officer
Vice Provost
Professor of Data Sciences

Gus Anagnos
Chief Information Security Officer
USC Information Technology Services
University of Southern California