Fwd: Cybersecurity Updates

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Cybersecurity Updates

George Duncan-2
Carnegie Mellon on Zoom security.

George Duncan
Emeritus Professor of Statistics, Carnegie Mellon University
georgeduncanart.com
See posts on Facebook, Twitter, and Instagram
Land: (505) 983-6895  
Mobile: (505) 469-4671
 
My art theme: Dynamic exposition of the tension between matrix order and luminous chaos.

"Attempt what is not certain. Certainty may or may not come later. It may then be a valuable delusion."

From "Notes to myself on beginning a painting" by Richard Diebenkorn. 

"It's that knife-edge of uncertainty where we come alive to our truest power." Joanna Macy.




---------- Forwarded message ---------
From: The Information Security Office <[hidden email]>
Date: Wed, Apr 8, 2020 at 7:57 AM
Subject: Cybersecurity Updates
To: <[hidden email]>


** Visit the Information Security Office News page to verify the authenticity of this message. **

Dear Members of the Campus Community,

I am writing to address recent Zoom security and privacy questions, alert you to new and ongoing coronavirus-related scams, and remind you about securing remote workspaces.

Zoom Security and Privacy

In the wake of explosive growth and worldwide dependency on Zoom’s video conferencing platform, public scrutiny has surfaced numerous privacy and security concerns. In response, Zoom’s leadership publicly accepted responsibility and committed to greater transparency, improved security practice and timely resolution of system vulnerabilities.   

As first steps, Zoom patched several security vulnerabilities that were identified last week, discontinued certain sharing practices and updated its privacy policies to provide greater clarity. 

As it relates to encryption, Zoom does not provide end-to-end encryption as commonly defined. Zoom provides encryption in transit. While Zoom is working to improve upon its encryption implementation, it remains acceptable for public, private and some restricted content like FERPA. 

Computing Services and the Information Security Office will continue to monitor Zoom developments.  We expect new findings and fixes will continue to be announced.   

What can you do? Update your Zoom client whenever prompted, so new fixes get applied as soon as possible. You also can periodically “Check for Updates.” Also, refer to the Secure a Meeting or Class guidance on the Computing Services site to help you use Zoom as securely as possible.

New and Ongoing Scams

As the 2020 stimulus check process begins to unfold, be on guard for a wave of related scams. Security researchers and the IRS predict fraudulent “verification” schemes and expedited delivery schemes.  Expect similar fraud attempts related to prevention and therapeutics as these appear in the media. 

Whether delivered by phone, email, text or any other method, scams will persist and adapt as long as coronavirus fears continue and events evolve. Stay alert to these scams via the ISO’s coronavirus scam page, report suspicious emails to the ISO at [hidden email], fact-check before responding to or clicking on unsolicited communications, and continue to maintain good computer hygiene like keeping software up to date with security patches and making regular back-ups of your data.

Secure Remote Workspace

As we continue to work remotely, remember to observe reasonable physical security practices like conducting sensitive discussions where others can’t overhear, including while using devices like Alexa, Cortana, Google and Siri. Review the ISO’s news page for additional tips for protecting your surroundings.

As always, thanks for sharing your concerns, inquiring about additional security measures, and doing your part to keep yourself and our community safe.

Sincerely, 

Mary Ann Blair
Chief Information Security Officer
Information Security Office
Computing Services
Carnegie Mellon University
https://www.cmu.edu/iso
Phone: 412-268-8556
ISO Hotline: 412-268-2044


..-. . . -.. / - .... . / -- --- .-. .-.. --- -.-. -.- ... / . .-.. --- ..
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/