4/10: COVID-19 Cybersecurity Awareness for Staff

April 10, 2020

Dear Staff,

We would like to commend all of you for your continued commitment and agility during this challenging period. The evolving situation related to the COVID-19 crisis continues to create complexity and uncertainty, and every morning we awake to new developments.  

We recognize that remote working is a significant adjustment for many and that it brings its own unique challenges. This pandemic is raising many questions, including broader concerns around the security and privacy of information related to all of us and those we are charged with protecting, which means it is increasingly important for you to practice daily behavior to protect the privacy and security of information. 

We are writing with a request to familiarize yourself with the critical information below. The trojansecure.usc.edu website has additional security related tips and is continually being updated with new resources to support you. 

Our teams are here to help you to better weather the onslaught of opportunistic cybercriminals and focus on your health, the health of those you love, and your work. By following cybersecurity best practices, you can better protect yourselves and those you care about against these attacks.

SECURELY ACCESSING USC
Securely accessing USC sites and other online platforms – USC has enabled access to certain platforms to deliver courses and perform your work online. We ask that you securely access these platforms. If you have any questions about accessing USC’s Virtual Private Network (VPN), please contact ITS support or visit keepworking.usc.edu.

Beware of “Zoombombing” – This is a form of internet trolling in which someone takes advantage of certain Zoom features to interrupt meetings and lectures. As the worldwide pandemic continues, and more and more people communicate online, Zoombombing is becoming more common in online classes, business and other meetings. We recently updated USC’s global Zoom security settings to safeguard our learning environments and address potential privacy issues, which includes implementation of a Waiting Room. Please make note of the security practices below to help secure your meetings.
 
Set a password and closely monitor the Waiting Room for all meetings.

  • All meeting participants who sign in with their USC credentials will be automatically admitted to your meeting. 
  • It is extremely important to verify each person in the Waiting Room before they are admitted to your meeting.
  • Remember to follow data privacy policies and procedures.
  • Additional tips can be found on our keepworking.usc.edu site.

Zoom Public Meetings – There are two Zoom Public Meeting options: 1) Zoom Webinar and 2) Zoom Meeting. Zoom Webinar is the best option for security. This matrix provides a high-level overview of these options to help you to determine the Zoom session that best aligns with your public event. Whether you use a Zoom Meeting or Zoom Webinar, we recommend these security settings when conducting a public meeting with Zoom.
 
PROTECTING YOUR ONLINE INFORMATION
Beware of increased phishing attempts – Misinformation abounds on the internet, so be wary of any stimulus payment or COVID-19-related emails or text messages. Even if the email or text message is from an address you might recognize, be sure to look at the actual sender to verify. As a general rule, do not click links in emails that are not from a trusted source. If you want to access the website referenced, we recommend you type in the website’s URL in your browser.
 
Keep your passphrases safe – Strong, complex passphrases are the best defense mechanism against online data theft and keeping your devices secure in case they are lost or stolen. We ask that you never use the same passphrase more than once or on multiple sites. 

SECURING YOUR DEVICES
Secure your computing devices – The majority of your work and other activity is now taking place on your mobile devices, including your laptops, tablets and smartphones. Given this, we’d like to highlight that you have access to free Sophos Endpoint Security available for securing your USC and personal computing devices. Simply go to our trojansecure.usc.edu site and locate the “Installing Sophos Home on Personal Devices (Windows and Mac)” section in the menu on the left-hand side of your screen. Follow the instructions there for installing Sophos on your various computing devices.
 
Listed below are other best practices to ensure the security of your mobile devices and the privacy of your information:

  • Avoid connecting to unsecure Wi-Fi networks
  • Only download applications from trusted sources
  • Beware of unsolicited calls or messages
  • Set automatic locks on your device with a passphrase/password
  • Regularly update your device’s operating system (OS) and application
  • Enable device-wiping 
  • Learn how to track your phone in advance if it is lost
  • Go to trojansecure.usc.edu for more information

Secure your internet access – Please set up your Wi-Fi with a complex password/ passphrase. If your network is secured with a weak password or if your wireless SSID is exposed, you could be putting all the devices on your network and your confidential information at risk. Visit trojansecure.usc.edu for more information on how to secure your home network.

We know you are anxious about COVID-19 and the unknowns that it poses. Our community is doing an outstanding job rising to the challenge. Thank you for your commitment to the well-being of our USC community. 

We’re in this together! Fight on!

Best regards, 

Douglas Shook, Ph.D.
Chief Information Officer
Vice Provost
Professor of Data Sciences

Gus Anagnos
Chief Information Security Officer
USC Information Technology Services
University of Southern California

TO REPORT A SUSPECTED SECURITY INCIDENT: Contact security@usc.edu