Early Bird

Securing your devices

If you connect it, protect it!

By Corey Oxenbury

October 15, 2020

Computing devices are the entry points into Metropolitan State University of Denver systems. These could be the University-issued device on your desk, the mobile device you use to check your email or the personal computer you use to grade assignments in Canvas. If a device is being used to access University data, securing that device is crucial.

• Operating-system updates: Operating systems are a critical component of all devices. If a device’s OS were ever compromised, not only would that device’s data be at risk, but it could also be used to launch subsequent attacks against other devices or even the entire network. Make sure to periodically check for updates to your OS or consider configuring automatic updates on your Windows or Mac devices to ensure that your OS stays secure.
• At MSU Denver: Information Technology Services tests OS patches to ensure that they are compatible with the MSU Denver environment before making them available for the community. Make sure you’ve set your computer’s working hours so it can run updates promptly without interrupting your work. Check the ITS Knowledgebase for instructions.
• Endpoint-security updates: Endpoint-security software, such as antivirus programs, watches for signs of malicious software on end-user devices. Ensuring that you have up-to-date endpoint-security software is critical to maintaining a secure device. These can be purchased independently, and some internet service providers also include endpoint-security software in their service plans. Check with your ISP to see if they have offerings (Xfinity and CenturyLink have dedicated pages for their offerings).
• At MSU Denver: ITS installs endpoint security on all MSU Denver-issued computers, and virus definitions are updated automatically. ITS also implements multiple levels of endpoint security in different departments, based on the sensitivity of data used and any associated compliance standards (e.g., FERPA, HIPAA).
• Other software updates: Software apps and utilities should get security patches and updates, just like operating systems. However, these patches may not be applied to older versions of the software, leaving them more vulnerable to attack. Use the latest version of a particular program whenever possible.
• At MSU Denver: Software updates and major software releases for University-licensed programs such as Microsoft Office or the Adobe Creative Suite are made available by ITS through Software Center (Windows) or Self Service (macOS) as part of the Asset Management Program. If you want to be sure your software is up to date, check these services.
• Keep equipment physically secure: Portability is a useful feature of many modern devices, but it also makes them more vulnerable to loss or theft. Keep portable devices in secure locations when unattended, preferably out of sight to not tempt any potential break-ins.
• At MSU Denver: If any MSU Denver device is lost or stolen, report it to the police and to ITS immediately. ITS will need to update inventory records and, if needed, arrange for a temporary or replacement device.
• Proper equipment disposal: Old or unusable equipment that hasn’t been updated in a long time may be vulnerable to old attack methods that newer devices are protected against. Unneeded devices should be disposed of properly and securely, especially if they have any data stored on them.
• At MSU Denver: Any MSU Denver computing equipment no longer in use should be returned to ITS so it can be removed from inventory, cleaned of sensitive data and appropriately recycled.
• At MSU Denver: ITS encrypts all MSU Denver-issued computing devices before they are deployed.
• Encryption: Even without a password, bad actors may be able to view or modify the data on a stolen or unattended device if they know its underlying architecture. Encryption prevents this by translating data into an unreadable form that can be translated back only by authorized users of the device.

If you have any questions or would like assistance in securing your device, please contact the ITS Service Desk at 303-352-7548, submit a ticket through https://support.msudenver.edu or email support@msudenver.edu from your MSU Denver email account.

This is the fourth article in a series that is being published weekly in the Early Bird throughout October in support of National Cybersecurity Awareness Month. Next week: the importance of MFA.