Skip to main content

Category: Security Awareness

  • Website Hosting Guidance

    There are a lot of options for creating and deploying websites. Here is some guidance to help highlight some of the options provided by UNC and to ensure University data is protected when deploying websites for university business.  We also have guidance on handling secure file uploads in a separate post. Consider ITS Managed Services UNC ITS supports two Software as a Service (SaaS) options… Read More about Website Hosting Guidance.

  • Guidance on File Uploads

    Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation). Carefully consider the type of data you intend to collect and the… Read More about Guidance on File Uploads.

  • Fake Voicemail to Email Phishing Lure

    The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by an HTM or HTML file attachment to the email.  If the attachment is opened, it may direct to a spoofed sign-in page under the control… Read More about Fake Voicemail to Email Phishing Lure.

  • LastPass security breach: what you need to know and do

    LastPass, the password manager tool offered to the University, recently reported a security breach.  Your must-read quick summary  If you access LastPass by logging in with your Onyen or Kenan-Flagler login, no action is required.  If you access LastPass with a personal email account or do not log in with your Onyen or Kenan-Flagler password, you must act to protect the security of your passwords…. Read More about LastPass security breach: what you need to know and do.

  • Free Event: 10/26/2022 National Cybersecurity Awareness Month Event

      To celebrate National CyberSecurity Awareness Month, the Information Security Office is hosting an event this October! When: Wednesday October 26, 2022 from 9am-4pm. Where: Polk Place Cost: Nothing – it’s free! Students, faculty, and staff interested in all things information security will have an opportunity to observe tech demos, participate in interactive cybersecurity themed games and challenges, pick the brains of information security professionals… Read More about Free Event: 10/26/2022 National Cybersecurity Awareness Month Event.

  • Fake Job Scam Emails

    We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, remote, administrative assistant, and work study. The attackers will often try to move the conversation outside the UNC email system and on to text or… Read More about Fake Job Scam Emails.

  • Major Vulnerability Alert – log4j

    ***Please understand that this is a fluid situation and this post may be updated periodically as new information becomes available*** A critical vulnerability has been discovered in log4j that is actively being exploited.  This is an issue both for systems and web administrators on campus, including those who support products with a web interface, as well as requiring the attention of those that manage relationships with Software… Read More about Major Vulnerability Alert – log4j.

  • There’s a new way to report phishing!

    Starting this fall, you may see a new functionality in Outlook that will allow you to report phishing and junk with a quick and simple click of a button. This functionality will exist in the web, desktop and mobile versions of Outlook. You can report the message using the steps below. The message will be removed from your inbox and analyzed to better protect the… Read More about There’s a new way to report phishing!.

  • Understanding Sensitive Information

    If you’ve ever been asked whether or not you work with sensitive information, you may wonder what the University defines as sensitive information. The University maintains an information classification standard that provides detailed guidance on what is considered classified information and what is not. This information is helpful when determining the best path forward in the event of a malware infection, determining requirements for research… Read More about Understanding Sensitive Information.

  • Computer with lock symbol

    Protect Your Device from Ransomware

    Protect Your Device from Ransomware  Recent attacks impacting gasoline delivery in Southeast highlight the negative impact that ransomware criminals can have and should prompt us to consider if we are taking the right precautions to protect our important documents and other data.  Backups – We should take steps to ensure our important files are backed up. The easiest way for students, faculty, and staff to… Read More about Protect Your Device from Ransomware.

Last updated: September 6, 2023
I-T-S