快活林性息

Zoom is committed to keeping your personal data secure. Zoom uses 鈥渋ndustry-standard security technologies, procedures, and organizational controls.鈥澨�

For more detailed information, visit their website,听.听

Zoom has discovered a vulnerability with their chat feature. In Zoom's chat feature, users can communicate through messages in a chat room. The vulnerability allowed users in meetings to send links that could possibly be malicious and/or lead to theft of passwords and in severe cases the theft of personal information. When links are sent thorough this chat they are converted to URLs. Users in these meetings can click on these URLs. This poses a threat when a malicious link is sent and users proceed to click on it. Due to the act of this conversion Zoom converted every URL and UNC to a clickable link, the problem with this is that Windows will share the users' username and password, which could then be easily intercepted.听

This system can also be used to launch other applications. Usually, when your Windows computer launches a new application it will ask the user for permission; however, in this instance, it does not and opens the application immediately.听

Zoom recently released an update that fixed this issue. Once this update is complete the links will not be clickable.听

Why Working Remotely is Different

Working at home presents a unique challenge for information security because remote work environments don't usually听have the same safeguards as working in the 快活林性息 environment.听When 快活林性息 faculty and staff are on the 快活林性息 campus,听they are working behind layers of preventive security controls. While not 100% foolproof, it is harder to make a security听mistake while in the 快活林性息 environment. However, when 快活林性息 issued devices leave the perimeter or faculty and staff work听remotely, new risks arise and additional protections are essential.

Threats to Working Remotely

• Unsecured Wi-Fi networks:听Not everyone has a secure home network with strong firewalls. Public Wi-Fi networks, such as those in coffee听shops, are also unsafe for conducting business. Unsecured public Wi-Fi听networks are prime spots for malicious听parties to spy on internet traffic and collect confidential information.
• Using personal devices and networks:听Many faculty and staff will be forced to use personal devices and home听networks for work tasks. These home听devices lack safeguards built in to business networks such as antivirus,听firewalls, and backup tools. This increases the risk of malware finding its way onto devices and both personal and听work-related information being breached.
• Scams target remote听workers:听Hackers target remote workers, because of the lowered security measures.

Security Musts When Working Remotely

These are some additional precautions that must be taken by employees when working remotely:

Never听use听public听Wi-Fi

Public Wi-Fi introduces significant security risk and must be avoided. Instead of public Wi-Fi use a 快活林性息 or personal hotspot from a dedicated device or your phone. If you are not able to access a hot spot you may also use a VPN to connect to 快活林性息鈥檚 network. Using a cellular network is safe.

Secure your home Wi-Fi

Change your router password. Make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3.听You can check this by reviewing your manufacture router manual or checking your WIFI network preferences on your device to see what your connected service encryption is set to.听Make sure your Wi-Fi has a strong听passphrase/password. Restrict inbound and outbound traffic, use the highest level of encryption available, and switch off WPS.听听

Use听a听快活林性息 maintained device

快活林性息 techs ensure your workstation, laptops and tablets have anti-malware, encrypted drives, licensed software and the latest patches. Your听personal devices听do not meet 快活林性息 requirements.听Your personal devices could introduce a risk to 快活林性息鈥檚 data and your account.听If you have a 快活林性息 laptop make sure to use it at home for work. Even for accessing your work emails. If you were not assigned a laptop, your department or college may allow you to take your workstation home. Check with your local tech.听

Use听快活林性息听VPN听with听Multi-Factor听Authentication听(MFA)听

快活林性息 VPN encrypts, tunnels and protects all of your internet traffic, so that it is unreadable to anyone who intercepts it. This keeps it away from the prying eyes of any hackers and your Internet Service Provider (ISP). 快活林性息 VPN protects your data. Use VPN even if you are checking your email, accessing SOLAR or storing a file in Box. If you are a Level 1 user or have opted-in for MFA, you will be prompted by听快活林性息鈥檚 MFA听when accessing VPN as an additional security measure.听The use of public networks with 快活林性息鈥檚 VPN is high discouraged due to the risk of compromising the information.听

Level 1 Users
A Level 1 user is any 快活林性息 faculty, staff or student worker who has access to听Level 1 data听other than their own. Level 1 users must use a 快活林性息 maintained device when accessing Level 1 data or a Level 1 system. You may not access Level 1 systems from your personal devices. Use your 快活林性息 maintained device (desktop or laptop) at home to access Level 1 data or systems. As an alternate, some departments and colleges have set up virtual machines that conform to the听. If your department has set up such machines and the machines are only accessible via听快活林性息鈥檚 Global Protect VPN听with听MFA,听then you may access the virtual machines via your personal devices.听 If you need assistance, contact your听local tech.听

Keep work data on work computers or 快活林性息 approved storage

If you don鈥檛 have a 快活林性息 laptop or workstation at home, the next best thing is to access your 快活林性息 workstation remotely. While certain remote access tools have security vulnerabilities, using the 快活林性息 VPN with MFA will mitigate those issues. Make sure you are using听Microsoft Remote Desk Protocol听(RDP)听software on both Windows and Mac machines. Make sure your patches for听RDP听are up to date. 快活林性息 also has several virtual workstation options available. Contact your tech or IT to see if this option is available to you. Don鈥檛 store 快活林性息 files on your home computer. Use your work computer or Box to store your 快活林性息 files.听

Do not share your device

If you are working from home and are forced to use your personal device, make sure you are the only one using your device (computer, tablet,听etc.). 快活林性息 data cannot be shared with family members. Allowing others to use a device that is being used to access 快活林性息 data violates 快活林性息 policy by potentially sharing it with persons that have no right to see 快活林性息 data. This includes your spouse.听

Patch all your software

Updates to device software and other applications can听sometimes take a long time. But they really are important. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.听Patch your听personal devices.听

Set up the firewall on your computer听

Firewalls act as a line defense to prevent threats entering your system. The firewall听creates听a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device. Your device鈥檚 operating system will typically have a built-in firewall. Turn it on.听

Use antivirus software

Although a firewall can help, it鈥檚 inevitable that threats get through. A good antivirus software can act as the next line of defense by detecting and blocking known viruses or malware. Even if viruses or malware does manage to find its way onto your device, an antivirus may be able to detect and, in some cases, remove it. Turn on anti-virus and keep it up to date.听

Make sure you are using properly licensed software

Most software that 快活林性息 licenses can only be used on 快活林性息 devices. Exceptions are software on the Software Download page and software such as Microsoft Office that explicitly states it can be downloaded on multiple听home devices. Please make sure when working from home and using your own machine that you do not violate any license agreements. If you have any questions please contact听听.听

Never leave your devices in the car

Never leave their work computers or devices in a vehicle. It鈥檚 a best practice to keep work laptops and devices on your person at all times.听The trunk of your car is not any safer. There may be criminals watching the parking lot from afar, waiting for their next victim. Putting valuables in the trunk may make life a little bit easier in the short-term - but why take that chance?听

Taking home paper files?

Keep all confidential paper files locked up and inaccessible to other persons in the household except when using. Use a cross cut shredder if disposing of any paper files. Make sure you can account for any and all confidential files that are removed from the office by having a checkout system.听

Look out for phishing emails and sites

Phishing emails,听as well as voicemails (vishing) and text messages (smishing) are used by cybercriminals to 鈥減hish鈥� for information. This information is usually used in further schemes such as鈥痵pear phishing campaigns鈥�(targeted phishing attacks) and account takeover fraud.听听The recent outbreak of the听听has allowed cybercriminals to use it as a tactic in their mission to cash in or pursue personal information.听These cybercriminals have been known to send out emails, make phone calls and publish websites with false听information.听To spot a phishing email, check the sender鈥檚 email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don鈥檛 click links or attachments unless you trust the sender 100 percent. If in any doubt, send the email to听听听and we will check it out. If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an 鈥渁bout鈥� page, and missing contact information.

For More Information or If you Suspect a Breach

If you have any questions or suspect you may have been breached,听please contact Information Security at听iso@csun.edu听or x6100

Additional Resources听

For more information on tips for working at home please visit the听site for informational videos.

Zoom has seen a rise in users in the past few months that it did not anticipate. With this increase, they have also seen an increase in the number of challenges they have in front of them. They are working to solve all these issues and take all issues seriously. For more information on their story and how they are taking action, please visit听.