IT Security

Cisco Umbrella is a cloud-delivered security service. Cisco Umbrella uses the internet's infrastructure to block malicious destinations before a connection is ever established. The software acts as a filter in order to stop users from visiting any malicious, vulnerable, or compromised websites.

• Malware, vulnerable sites, and phishing attacks.
• Internet access originated from infected UWW computers.
• BitTorrent sites.

All requests to remove an Umbrella block on a webpage need to be submitted via the Umbrella block page that appears when a webpage is blocked.

Cloudlock is a cloud-based service that helps protect users and data in the cloud. 

When Cloudlock identifies activities outside allowed countries or spots actions that seem to take place at impossible speeds across distances the account is flagged for suspicious activity. To protect UW-Whitewater data assets the password on the account is reset. The account owner is notified their password has been reset and asked to contact the ICIT Helpdesk. 

In compliance with UW System Administrative Procedure 1031.B Information Security: Data Protections Cloudlock monitors cloud environments to detect and secure sensitive information. When potentially sensitive information is identified the owner of the file(s) is notified and given 7 days to move the file to a secure network drive, remove the sensitive information, or determine it is a false positive. After 7 days the file is deleted from the cloud.  

In an ongoing effort to combat phishing and email scams, ICIT has enhanced its external email tag to help identify when an email originates from an off-campus address. The goal of this external tag is to help faculty, staff, and students better identify potential phishing attempts and keep the UW-W community safe from cyber-attacks. The external tag will appear at the top of the email body in all caps and in bold reading, EXTERNAL EMAIL.

When you see this tag, remember this two-step verification process:

1. Be cautious, and make sure you are expecting this email.
2. Confirm this email is coming from who they claim to be by hovering over their email address.

Ironport is a network-based anti-spam service that discards emails that have a high probability of being spam. Ironport places questionable emails into quarantine so users can determine if the emails are spam. Users receive a daily message notifying them of their potential spam list. The quarantined messages will remain in your inbox for approximately 7-14 days.

The UW-Whitewater Ironport Service allows three different levels of anti-spam filtering: Low, Medium, and High. The default setting is "High." Users can adjust their spam filtering by using the self-service option to the right. Ironport also allows users to identify senders as either "safe" (not to be flagged as possible spam), or "blocked" (always to be flagged as possible spam).

• IronPort Spam Filter Settings
• Spam Quarantine

Cyber Security

Cyber attacks are malicious attempts to access or damage a computer or network system. Cyber attacks can lead to loss of money, theft of personal, financial, and medical information that can damage your reputation and safety. As part of the UW-W community, we must work together to keep our campus safe and secure when it comes to the threat of cyberattacks.

Cyber attacks can occur in several ways, including:

• Accessing your office or personal computer, mobile phones, gaming systems, and other internet and Bluetooth-connected devices.
• Damaging your financial security, including identity theft.
• Blocking your access or deleting your personal information and accounts.
• Targeting children and adults.
• Complicating your employment, business services, transportation, and power grid.

You can avoid cyber risks by staying alert, and being prepared. The following are things you can do to protect yourself, your family, and your property before a cyberattack occurs:

• Limit the personal information you share online. Change privacy settings and do not use location features.
• Keep software applications and operating systems up-to-date.
• Using a password manager, use upper and lowercase letters, numbers, and special characters, as well as, two-factor authentication (two methods of verification).
• Use encrypted (secure) Internet communications, avoid open Wi-Fi networks in public spaces.
• Only share personal information on secure sites (e.g. “https://”). Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a more secure connection.

Safe Data Storage

• Storage of your important data on your local (or C:) drive does not protect you from data corruption or loss! In order to protect your important data, use your network drive. Your network drive is backed up regularly and can be recovered in the event of data loss, your local drive, in many cases, cannot. UW-Whitewater provides network storage for all students, faculty, and staff.
• If you are or have been using your local drive to store your data, then please copy your important documents and data to your network drive and start using your network drive to store and retrieve this data. More information about your network storage options is available on the File Storage Options page.

Social Media

• Know how the site works before you join. Social networking sites are each set-up differently and offer a range of options. Some allow you to post to a small group of users, while others allow anyone to view your personal postings. Look at the different features and think about what level of openness you really want. Consider whether setting viewing restrictions can help control who sees your information.
• Keep personal information to yourself. Your full name, Social Security number, address, phone number, bank or credit card account numbers (and that of others) do not belong on these sites. By posting them, you open yourself up to identity theft or stalkers.
• Information lasts forever. Only post information you are comfortable with others seeing, including your professors, parents, current or future employers, coworkers, or the police. Even if you change your mind and delete what you posted, the information is still out there. Older versions may exist on someone else's computer and social networking sites can never fully remove these files.
• Think before you share. Photos, videos, stories, blogs can all be used to form opinions of you or can be shared with others. Before posting, consider who will see these and whether you can share them with a smaller audience. Be considerate when passing on photos of friends - ask whether they would want that information shared.

ICIT maintains an anti-spam service that blocks thousands of spam messages each week, however, the tactics being used to disseminate phishing scams and malicious email attachments are becoming increasingly complex, allowing some messages to evade the anti-spam filters. For some quick tips on Phishing, check out our "Click Wisely" PDF.

Check out some additional resources to help you catch those Phish!

• How to Avoid Falling for a Phishing Email - (PDF)
• OpenDNS - https://www.opendns.com/phishing-quiz/
• PBS - http://www.pbs.org/wgbh/nova/labs/lab/cyber/
• SonicWall - https://www.sonicwall.com/en-us/phishing-iq-test
• Carnegie Mellon University - http://www.ucl.ac.uk/cert/antiphishing/

Reminder: ICIT will NEVER  ask for your password, either by phone or by email.

• The email is claiming to come from someone at UW-W but the email address does not end in uww.edu.
• An urgent call to action - e.g. you must act now
• The email requests sensitive information such as login credentials, birthdate, SSN, financial information, etc. 
• Misspelling and poor grammar
• Threats or rewards - e.g. your access will be terminated or you've won a prize
• Spoofing popular websites and companies
• Suspicious links within the email
• The email is from an unfamiliar sender or entity

Common approaches to tricking recipients

• Posing as a supervisor or campus leader.
• Posing as a government agency (The IRS and tax service businesses are especially common around tax season)
• Posing as a "system administrator"
• Utilizing a business's logo to appear legitimate (Online retailers and shipping companies are especially common)

Phishing scams are designed to trick recipients into sharing  login credentials in order to gain access to the recipients account. Another common method of gaining access to sensitive information is to send the recipient an attachment containing a virus that infects the computer. The viruses can be designed to:

• Quietly relay sensitive information (i.e. financial information) back to the sender, without the user realizing their computer has a virus
• Gain access to an account in order to spread the virus to other unsuspecting recipients
• Lock access to computer files. "Ransomeware" is a type of malware that will deny you access to critical data. The sender often demands payment in return for removing the virus.  

The senders of these malicious emails typically go to great lengths to make the malicious email look like a legitimate email. Often this is accomplished by using a logo or branding from a legitimate company or entity, or by "spoofing" a trusted email address to make it the email appear legitimate. Once an email account is compromised, it is often used to bombard other email users with the same malicious email.

If you receive an unsolicited job offer via email, there is a good chance it may be phony. Especially if it is too good to be true.

Here is how employment scams work:

1. Emails regarding the fake job are sent out (or posted on an online job board). Often, the fake job is advertised as a "work from home" administrative positon. 
2. Respondents receive counterfeit checks in the mail or via e-mail and are instructed to deposit the checks into their personal checking account. 
3. The scammer then directs the respondent to withdraw the funds from their checking account and send a portion, via wire transfer, to another individual. Often, the transfer of funds is to a "vendor", purportedly for equipment, materials, or software necessary for the job.
4. The checks are confirmed to be fraudulent by the bank after they are cashed.

Tips for Avoiding Ransomware  

The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on. 

Other tips:

• Keep operating systems, software, and applications current and up to date. 
• Make sure anti-virus solutions are set to automatically update and run regular scans.
• Back up data regularly and double-check that those backups were completed.
• Secure your backups. Make sure they are not connected to the computers and networks they are backing up.