- Criminals are phishing for your SecureConnect MFA code. Pepperdine will NEVER ask you for your code nor force you to use a code option to log into any web site. Swith to DUO App push if you are using codes routinely for log in.
- National Cyber Security Awareness Month is coming in October, featuring training for faculty and staff and a phish catching contest for students.
"The mission of the Information Security Office is to help our colleagues protect student data and maintain trust in the University."
Please send your security questions, consulting, and operational requests by email to firstname.lastname@example.org. Report information breaches and other urgent issues by phone at 310.506.4040.
Quick Links - Look Here First
- RESTRICTED Data - if you have health records or credit card/driver's license/social security numbers find out what you need to do.
- Resources - tools you can use to secure data and systems for which you are responsible.
- Tips - our quick reference guides and short videos to help you secure data.
- Policy - policy, standards, guidelines, and procedures to keep good intentions from turning into a bad result.
- ISO Catalogs - Services we provide and operate and Standards you must apply to your mobile, computer, server or application.
Work Securely Wherever
Work Securely Wherever, covers a subject of opportunity and great risk -- remote work. For security and efficiency in administrative and academic work, especially when working remote from campus, please follow the guidelines below and call the Information Security Office x4040 with any security questions.
Use the University's Secure Collaboration Tools
View this Google Doc for detail on the University secure collaboration tools:
- Google Workspace: Mail, Drive/Docs, Calendar, Chat (read the ISO white paper on Google Workspace privacy and security)
- Google Meet and Zoom video conferencing clients.
- Attachments, eSign, Imaging, WaveNet
- Pepperdine Softphone Client (Jabber)
Follow these practices to comply with the Computer and Network Responsible Use Policy:
- keep your computing device updated timely with security patches (see also operating system end of support dates)
- keep its firewall on and physically secure your device;
- do not circumvent security controls for expediency, but please call our office for advice;
- and don't share your password.
Use the DUO Mobile app for SecureConnect
- The DUO Mobile app "push" notification is faster and more secure than SMS
- DUO Mobile works even when your phone doesn't have service.
Follow the University Remote Work Policy
This policy, updated by UMC June 2021, mandates the following actions for staff or faculty with remote work agreements:
- You MUST use a University owned and managed computer for University work.
- You MUST NOT use a personally owned computer for University work.
- If you are storing, printing, or processing "RESTRICTED" data (e.g. social security, customer credit card, CA driver's license, or healthcare treatment info) you MUST use a University-owned & managed PGP/SafeGuard encrypted computer. Please call our office for questions on your Restricted data workflows.
- If you're using a mobile device to check email or collaborate:
- Apply security updates as they become available.
- Use the native Google Workspace apps for efficiency and security.
- Be sure to set a strong PIN and lockout for failed attempts on your device.
Five Ways ISO Helps You Protect Data and Preserve Trust
Pepperdine University has created the Information Security Office to assist the community in keeping our data secure. The ISO security program consists of training, consulting, policy, systems, and monitoring/response activities.
Annual training events include:
Training for the entire community
- October National Cyber Security Awareness campaign for students, faculty, and staff.
Training for students
- We give talks and participate during New Student Orientation events in August.
- We offer an online class that is available to all students on Courses.
Training for departments and academic divisions
- ISO presents online annual mandatory basic online training in March, and entertaining monthly optional training & raffle for all faculty and staff.
- We routinely hold "Information Security for Managers" briefing meetings on several campuses and online.
- Our team can also provide tailored 15-60 minute training sessions for your department meeting or specific groups. Please call us to discuss!
Need to find a secure way to efficiently do your business? Start with a call to us to discuss at x4040.
3. Usable policy, guidelines, and standards
While the Information Security Office doesn't make policy, we advise those that do. During this process, our goal is to promote workable security policies, guidelines, and standards. Pepperdine has security policies comparable with the best of our peer institutions.
4. Security systems and services
Our office offers a robust service catalog. Here is a quick overview of some of our systems:
- Our firewalls, network access controls, and intrusion detection systems stop tens of thousands of attacks daily, from the internet and devices walked onto campus nets.
- The spam filter stops 99+% of spam, phishing, and email viruses and blocks sending "RESTRICTED" information.
- Attachments.pepperdine.edu is easy to use to send or request "RESTRICTED" information securely or to email very large files of any kind.
- Every computer on the network is registered and University-owned servers or computers receive configuration and patch management.
5. Monitoring & incident handling
- We analyze network intrusion attempts and prepare new defenses every week.
- When there is a security incident ISO works to identify, contain, and eradicate the threat and helps with restoring service and leads lessons learned meetings aimed improving defenses.