AITS Tech Tips 2017.Q4
In this version--
- Cloud Based Storage Solutions
- Targeted Email Attacks (Spear Phishing)
Cloud Based Storage Solutions
Many people are now using public cloud storage in their private lives. This allows convenient access to their files and data from a number of different devices. If employed in a work context however, such unsupported cloud services also introduce risks to the security, privacy, copyright and retention of University data. System Office employees should consider if the usage is appropriate and take reasonable steps to limit the risks to University information assets.
The main risks when files are stored in unsupported cloud storage services are:
- The University can no longer guarantee the quality of access controls protecting the data.
- The location where the data is stored may not be guaranteed as remaining in the United States and may not meet Data Protection Act requirements for personal data.
- In many cases, public cloud storage requires that files be associated with an individual's personal account. Should that individual suddenly become unavailable or leave, the University will lose access to the data.
- Cloud services generally limit their liability for negligence, resulting in little or no recourse should the provider misuse, lose or damage information stored in the cloud.
- Few cloud providers guarantee they will not access the information stored within their service, leading to concerns over privacy and intellectual property rights.
- Some if not all providers do not guarantee that the user's ownership of the data stored in the cloud will be retained. This is primarily to enable the providers to move data around to their different server locations without your prior approval but opens further questions about intellectual property rights.
- Using cloud storage client software to synchronize files between work and personal devices could result in sensitive information being held inappropriately on personal equipment.
- If cloud storage providers have financial difficulties they may end the service with little or no notice, leaving users with no access to files.
All employees have a responsibility to protect the University's data, particularly data about individuals. The following knowledge base article summarizes University-supported and approved storage locations available at no additional cost.
When storing work documents in cloud storage, it is recommended that you utilize the University’s officially supported services listed in the knowledge base article above.
Targeted Email Attacks (Spear Phishing)
In addition to general phishing attacks, cyber criminals utilize a more targeted attack called spear phishing. Spear phishing is a highly customized attack where targeted emails are sent to specific individuals within the University. These attacks often target high-ranking employees of a specific unit, senior management or administrative support personnel. The email attacks may appear to come from a colleague working at the University or high-ranking officials such as the President. These attacks occur routinely within the System Offices.
In most cases simply opening an email or reading a message is safe. For most attacks to work, action is required after reading the message, such as opening the attachment, clicking on the link, or responding to the request. If you are not sure of the legitimacy of an email message, please contact AITS Enterprise Systems Assurance (ESA) at firstname.lastname@example.org.
As a customer of AITS Client Services Support, we are sending you this quarterly update to pass along important IT information. We hope that you find the information timely and valuable. Please pass along topics that you would like to see addressed to Mark Pollard (email@example.com) or Christina Worthington (firstname.lastname@example.org).
For IT questions, contact the AITS Service Desk or type into your browser: answers.uillinois.edu/ua/aits-service-desk