Combining best practices with industry-leading innovation, ITS听creates an environment that balances the AV研究所 community's need to protect information with the importance of privacy.
Stay up to date on the latest scams, software patches, tips, and more.
Concerned Your Computer Is Infected?
When ransomware hits, a criminal takes ownership of the infected device鈥檚 files and insists they will not be unlocked unless 鈥渞ansom鈥 is paid. If your computer is backed up, you are less likely to be exploited by a ransomware attack.
You can unknowingly download ransomware onto a device by opening an infected email attachment, clicking an ad, following a bad link, or even visiting a website that has malware embedded.
Remember to stop and think when you get an email you are not expecting, even if it appears to be from someone you know.
Checking the actual 鈥渇rom鈥 address of an email is a smart step to avoid scams.
- Emails claiming to be from a 鈥淎V研究所鈥 person without an @bc.edu email address should be viewed with听extreme skepticism. A sender name is easy to fake.
- If you aren鈥檛 sure if an email is authentic, instead of replying, contact the sender using information you already have about them (such as their AV研究所 email address from the AV研究所 Directory).
When a computer is not up-to-date with software updates, it is more vulnerable to ransomware attacks, malware, and data breaches. Updates for your operating system, browsers, antivirus program, and any other program you run on your computer help protect your devices (and your files) from the latest threats.
We recommend you set your operating system and software to update automatically to ensure the latest security vulnerabilities are addressed:
Enable auto-update for your devices:
**Restart regularly. Get into the habit of shutting down and restarting your computer and devices on a regular basis so that any updates can be installed at restart.
Enable auto-update for your apps/programs.
- Browsers
- Microsoft Office
- NOTE: Microsoft 365 automatically updates.
AV研究所 2-Step Verification uses Duo Security technology to confirm your identity using a second device such as a mobile phone, tablet, or landline phone. 2-Step Verification is required for EagleVPN, PeopleSoft, and other AV研究所 services.
ITS Recommends the Duo Mobile App
If you still rely on a text message or phone call for 2-Step Verification, read on to learn why the听Duo Mobile App听is highly recommended.听
- Ease of use:听You receive a 鈥減ush鈥 notification to your mobile device, and simply click 鈥淎pprove.鈥澨齀MPORTANT: Only click 鈥淎pprove鈥 if you are actually trying to log in. Click 鈥淒eny鈥 if you鈥檙e not, this could mean a bad actor is trying to log in to your account.
- Offline access:听Get a passcode from the app even when you don鈥檛 have cellular or wifi access.
- Save the University money:听Every time you use text messaging or a phone call for 2-Step Verification, it costs AV研究所 money. 2-Step Verification via the Duo App is free.
ITS recommends you use Eagle VPN when connecting your smartphone, tablet, or laptop to any public or hotel WiFi. When you use AV研究所's Eagle VPN, even for personal vacation use, the traffic to/from your device is encrypted so the online criminals can't see it.
When you use your AV研究所 email address or AV研究所 computer to sign up for online services or get software, even if they are free, you may be putting your personal information and Boston College data at risk.听
To be cyber safe, if you are interested in any software, hardware, or technology services, even if they are free, please use the 鈥淕et Tech鈥 process.
The Regulated Data Chart can be used to help you determine where to store your files in accordance with important data security rules and regulations.
Important:听Due to constantly changing regulatory and grant changes, please consult with your听Data Security Officer (DSO) to determine the safest place to store your confidential data.
Google Drive Security Guidelines
The AV研究所 Data Security Policy defines 3 categories of data: Public, Internal Use Only, and Confidential.
The Data Security Committee, General Counsel, and the university鈥檚 FERPA officer have informally agreed that an additional, 4th category of data will be added to the Data Security Policy that is even more sensitive than 鈥淐onfidential.鈥 Data that falls in this additional category will not be allowed to be stored off-campus except with written permission (see below). Google Drive is off-campus, and thus data that falls in this category must not be stored on Google Drive.
Until a formal policy revision is made and approved, you should use the following as a guideline:
Restricted. Due to legal restrictions or security concerns, some legally protected and highly sensitive information must not be stored on Google Workspace or other 鈥渃loud-based鈥 systems without permission of the responsible Vice President or the Provost鈥檚 Office. This information, much of which was formerly classified as 鈥淐onfidential,鈥 includes:
Social Security Numbers
Financial or credit account numbers
Personal financial information (e.g. financial aid data)
Account log-in credentials
Driver's license number or state-issued identification number
Health and medical records, including HIPAA-protected information
Export-controlled information
Human-subject research information
Other sensitive information that the information sponsor or responsible Vice President has determined must remain on a secure AV研究所 server.
Confidential. FERPA data (i.e. student records) is generally defined as Confidential, and can be stored on AV研究所 Google Drive, except as noted above. Other Confidential data, except as noted above, can also be stored on AV研究所 Google Drive.
Internal Use Only: Acceptable to store on AV研究所 Google Drive. 听
Public: Acceptable to store on AV研究所 Google Drive
For more information, contact听security@bc.edu.