4/10: COVID-19 Cybersecurity Awareness for Students

April 10, 2020

Dear Students,
 
First, we would like to commend all of you for how you’ve been able to support one another during this unprecedented period of uncertainty and anxiety. The evolving situation related to the COVID-19 crisis continues to create complexity and concerns, and every morning we awake to new developments that need to be considered.  

We are all facing our own fears, uncertainty and doubt in these unfamiliar times. We realize that information security and privacy may not be your main focus right now; however, cybercriminals are working overtime to capitalize on this pandemic and resulting distractions. Now, more than ever, it is important for you to take simple steps to implement secure behaviors into your day-to-day online activities.

We are writing to provide you with resources and tips to better protect yourselves against those who want to prey upon fears and uncertainty as we all move through the days to come. Our teams are here to help equip each of you to better weather the onslaught of opportunistic cybercriminals and focus on your health, the health of those you love, and your learning. 

SECURELY ACCESSING USC
Securely accessing USC sites and learning platforms – USC has enabled access to certain platforms to deliver courses online. We ask that you ensure you are securely accessing these platforms. If you have any questions about accessing USC’s Virtual Private Network (VPN), please contact ITS support or visit keepteaching.usc.edu.
 
Beware of “Zoombombing” – This is a form of internet trolling in which someone takes advantage of certain Zoom features to interrupt meetings and lectures. As the worldwide pandemic continues, and more and more people communicate online, Zoombombing is becoming more common in online classes, business and other meetings. We recently updated USC’s global Zoom security settings to safeguard our learning environments, which includes the implementation of a Waiting Room. With this new feature in place, you will want to ensure that you are always logged into Zoom with your USC Zoom account prior to class. Logging in with your USC credentials will prevent you from sitting in the Waiting Room until the meeting host admits you into class. It is also important that you do not share links to your classes.
 
Key procedures to support you in this process are as follows:

PROTECTING YOUR ONLINE INFORMATION 
Beware of increased phishing attempts – COVID-19 is on everyone’s mind, including those who are looking to take advantage of people during this pandemic. Please be aware that misinformation abounds on the internet, so be wary of any COVID-19-related emails. Even if the email is from an address you might recognize, be sure to look at the actual sender to verify. As a general rule, do not click links in emails unless they are from a trusted source. If you want to access the website referenced, we recommend that you type in the website’s URL in your browser.
 
Keep your passphrases safe – We tend to forget that our entire life’s data is often stored on smartphones and mobile devices. Strong, complex passphrases are the best defense mechanism against online data theft and keeping your devices secure in case they are lost or stolen. We ask that you never use the same passphrase more than once or on multiple sites. (You probably don’t want a compromised password to your Instagram account impacting your banking!)

SECURING YOUR DEVICES
Secure your computing devices – The majority of your learning and other activity is now taking place on your mobile devices, including your laptops, tablets and smartphones. Given this, we’d like to highlight that you have access to free Sophos Endpoint Security available to you for securing your USC and personal computing devices. Simply go to our trojansecure.usc.edu site and locate the “Installing Sophos Home on Personal Devices (Windows and Mac)” section in the menu on the left-hand side of your screen. Follow the instructions there for installing Sophos on your various computing devices.

We’ve also listed some other best practices below to ensure the security of your mobile devices:

  • Avoid connecting to unsecure Wi-Fi networks
  • Only download applications from trusted sources
  • Beware of unsolicited calls or messages
  • Set automatic locks on your device with a passphrase/password
  • Regularly update your device’s operating system (OS) and application
  • Enable device-wiping 
  • Learn how to track your phone in advance if it is lost

Secure your internet access – Please set up your Wi-Fi with a complex password/ passphrase. If your network is secured with a weak password or if your wireless SSID is exposed, you could be putting all of the devices on your network and all of your confidential information at risk. Visit trojansecure.usc.edu for more information on how to secure your home network.
 
Please check out the Trojan Secure website for more security related tips at trojansecure.usc.edu as we are adding new resources to support you in your remote learning experience at USC. 

Following these practices will minimize the risk of your information being compromised and your privacy violated. Thank you for your continued support, agility and dedication.

We’re in this together! Fight on!

Best regards, 

Douglas Shook, Ph.D.
Chief Information Officer
Vice Provost
Professor of Data Sciences

Gus Anagnos
Chief Information Security Officer
USC Information Technology Services
University of Southern California

TO REPORT A SUSPECTED SECURITY INCIDENT: Contact security@usc.edu