Combining best practices with industry-leading innovation, ITS泭creates an environment that balances the 勛圖厙 community's need to protect information with the importance of privacy.
Stay up to date on the latest scams, software patches, tips, and more.
Concerned Your Computer Is Infected?
When ransomware hits, a criminal takes ownership of the infected devices files and insists they will not be unlocked unless ransom is paid. If your computer is backed up, you are less likely to be exploited by a ransomware attack.
You can unknowingly download ransomware onto a device by opening an infected email attachment, clicking an ad, following a bad link, or even visiting a website that has malware embedded.
Remember to stop and think when you get an email you are not expecting, even if it appears to be from someone you know.
Checking the actual from address of an email is a smart step to avoid scams.
This message appears to be from Prof. Greyson Ryan but the from address does not end with @bc.edu and is not signed-by 勛圖厙.EDU. This message should not be trusted.
- Emails claiming to be from a 勛圖厙 person without an @bc.edu email address should be viewed with泭extreme skepticism. A sender name is easy to fake.
- If you arent sure if an email is authentic, instead of replying, contact the sender using information you already have about them (such as their 勛圖厙 email address from the 勛圖厙 Directory).
The from address of this message is valid, since it ends with @bc.edu and is signed-by 勛圖厙.EDU. This message can be trusted.
When a computer is not up-to-date with software updates, it is more vulnerable to ransomware attacks, malware, and data breaches. Updates for your operating system, browsers, antivirus program, and any other program you run on your computer help protect your devices (and your files) from the latest threats.
We recommend you set your operating system and software to update automatically to ensure the latest security vulnerabilities are addressed:
Enable auto-update for your devices:
**Restart regularly. Get into the habit of shutting down and restarting your computer and devices on a regular basis so that any updates can be installed at restart.
Enable auto-update for your apps/programs.
- Browsers
- Microsoft Office
- NOTE: Microsoft 365 automatically updates.
勛圖厙 2-Step Verification uses Duo Security technology to confirm your identity using a second device such as a mobile phone, tablet, or landline phone. 2-Step Verification is required for EagleVPN, PeopleSoft, and other 勛圖厙 services.
ITS Recommends the Duo Mobile App
If you still rely on a text message or phone call for 2-Step Verification, read on to learn why the泭Duo Mobile App泭is highly recommended.泭
- Ease of use:泭You receive a push notification to your mobile device, and simply click Approve.泭IMPORTANT: Only click Approve if you are actually trying to log in. Click Deny if youre not, this could mean a bad actor is trying to log in to your account.
- Offline access:泭Get a passcode from the app even when you dont have cellular or wifi access.
- Save the University money:泭Every time you use text messaging or a phone call for 2-Step Verification, it costs 勛圖厙 money. 2-Step Verification via the Duo App is free.
ITS recommends you use Eagle VPN when connecting your smartphone, tablet, or laptop to any public or hotel WiFi. When you use 勛圖厙's Eagle VPN, even for personal vacation use, the traffic to/from your device is encrypted so the online criminals can't see it.
When you use your 勛圖厙 email address or 勛圖厙 computer to sign up for online services or get software, even if they are free, you may be putting your personal information and Boston College data at risk.泭
To be cyber safe, if you are interested in any software, hardware, or technology services, even if they are free, please use the Get Tech process.
The Regulated Data Chart can be used to help you determine where to store your files in accordance with important data security rules and regulations.
Important:泭Due to constantly changing regulatory and grant changes, please consult with your泭Data Security Officer (DSO) to determine the safest place to store your confidential data.
Google Drive Security Guidelines
The 勛圖厙 Data Security Policy defines 3 categories of data: Public, Internal Use Only, and Confidential.
The Data Security Committee, General Counsel, and the universitys FERPA officer have informally agreed that an additional, 4th category of data will be added to the Data Security Policy that is even more sensitive than Confidential. Data that falls in this additional category will not be allowed to be stored off-campus except with written permission (see below). Google Drive is off-campus, and thus data that falls in this category must not be stored on Google Drive.
Until a formal policy revision is made and approved, you should use the following as a guideline:
Restricted. Due to legal restrictions or security concerns, some legally protected and highly sensitive information must not be stored on Google Workspace or other cloud-based systems without permission of the responsible Vice President or the Provosts Office. This information, much of which was formerly classified as Confidential, includes:
Social Security Numbers
Financial or credit account numbers
Personal financial information (e.g. financial aid data)
Account log-in credentials
Driver's license number or state-issued identification number
Health and medical records, including HIPAA-protected information
Export-controlled information
Human-subject research information
Other sensitive information that the information sponsor or responsible Vice President has determined must remain on a secure 勛圖厙 server.
Confidential. FERPA data (i.e. student records) is generally defined as Confidential, and can be stored on 勛圖厙 Google Drive, except as noted above. Other Confidential data, except as noted above, can also be stored on 勛圖厙 Google Drive.
Internal Use Only: Acceptable to store on 勛圖厙 Google Drive. 泭
Public: Acceptable to store on 勛圖厙 Google Drive
For more information, contact泭security@bc.edu.