January continues our optional Human Firewall training for all faculty and staff.
- ALERT: there is a current flood of direct deposit change phishing, often trying to time the change the deposit account just before payroll date and with knowledge of personnel who may be able to receive such requests. ALL AREAS THAT HANDLE DIRECT DEPOSIT CHANGE SHOULD CONTINUE TO CAREFULLY ADHERE TO THEIR VERIFICATION PROCEDURES. Report these emails with the Phish Alert Button and do not forward phishing emails. ISO is available x4040 for questions.
- Student "enroll in SecureConnect during January" raffle for DJI Phone Gimbals.
- "Faculty & Staff " Advanced anti-phishing online training (personalized email invites on 19 Jan).
- MacOS Catalina (10.14) can no longer received security patches; support teams and colleagues assigned to use such machines were individually notified in 2022 and computers will be blocked this month (see also Operating System End of Security Patches Dates).
"The mission of the Information Security Office is to help our colleagues protect student data and maintain trust in the University."
Please send your security questions, consulting, and operational requests by email to firstname.lastname@example.org. Report information breaches and other urgent issues by phone at 310.506.4040.
Quick Links - Look Here First
- RESTRICTED Data - if you have health records or credit card/driver's license/social security numbers find out what you need to do.
- Resources - tools you can use to secure data and systems for which you are responsible.
- Tips - our quick reference guides and short videos to help you secure data.
- Policy - policy, standards, guidelines, and procedures to keep good intentions from turning into a bad result.
- ISO Catalogs - Services we provide and operate and Standards you must apply to your mobile, computer, server or application.
Work Securely Wherever
Work Securely Wherever, covers a subject of opportunity and great risk -- remote work. For security and efficiency in administrative and academic work, especially when working remote from campus, please follow the guidelines below and call the Information Security Office x4040 with any security questions.
Use the University's Secure Collaboration Tools
View this Google Doc for detail on the University secure collaboration tools:
- Google Workspace: Mail, Drive/Docs, Calendar, Chat (read the ISO white paper on Google Workspace privacy and security)
- Google Meet and Zoom video conferencing clients.
- Attachments, eSign, Imaging, WaveNet
- Pepperdine Softphone Client (Jabber)
Follow these practices to comply with the Computer and Network Responsible Use Policy:
- keep your computing device updated timely with security patches (see also operating system end of support dates)
- keep its firewall on and physically secure your device;
- do not circumvent security controls for expediency, but please call our office for advice;
- and don't share your password.
Use the DUO Mobile app for SecureConnect
- The DUO Mobile app "push" notification is faster and more secure than SMS
- DUO Mobile works even when your phone doesn't have service.
Follow the University Remote Work Policy
This policy, updated by UMC June 2021, mandates the following actions for staff or faculty with remote work agreements:
- You MUST use a University owned and managed computer for University work.
- You MUST NOT use a personally owned computer for University work.
- If you are storing, printing, or processing "RESTRICTED" data (e.g. social security, customer credit card, CA driver's license, or healthcare treatment info) you MUST use a University-owned & managed PGP/SafeGuard encrypted computer. Please call our office for questions on your Restricted data workflows.
- If you're using a mobile device to check email or collaborate:
- Apply security updates as they become available.
- Use the native Google Workspace apps for efficiency and security.
- Be sure to set a strong PIN and lockout for failed attempts on your device.
Five Ways ISO Helps You Protect Data and Preserve Trust
Pepperdine University has created the Information Security Office to assist the community in keeping our data secure. The ISO security program consists of training, consulting, policy, systems, and monitoring/response activities.
Annual training events include:
Training for the entire community
- October National Cyber Security Awareness campaign for students, faculty, and staff.
Training for students
- We give talks and participate during New Student Orientation events in August.
- We offer an online class that is available to all students on Courses.
Training for departments and academic divisions
- We routinely hold "Information Security for Managers" briefing meetings on several campuses and online.
- We offer an online security class that is available for all staff and faculty.
- Our team can also provide tailored 15-60 minute training sessions for your department meeting or specific groups. Please call us to discuss!
Need to find a secure way to efficiently do your business? Start with a call to us to discuss at x4040.
3. Usable policy, guidelines, and standards
While the Information Security Office doesn't make policy, we advise those that do. During this process, our goal is to promote workable security policies, guidelines, and standards. Pepperdine has security policies comparable with the best of our peer institutions.
4. Security systems and services
Our office offers a robust service catalog. Here is a quick overview of some of our systems:
- Our firewalls, network access controls, and intrusion detection systems stop tens of thousands of attacks daily, from the internet and devices walked onto campus nets.
- The spam filter stops 99+% of spam, phishing, and email viruses and blocks sending "RESTRICTED" information.
- Attachments.pepperdine.edu is easy to use to send "RESTRICTED" information or very large files securely.
- Every computer on the network is registered and University-owned servers or computers receive configuration and patch management.
5. Monitoring & incident handling
- We analyze network intrusion attempts and prepare new defenses every week.
- When there is a security incident ISO works to identify, contain, and eradicate the threat and helps with restoring service and improving defenses.