We offer resources and guidance for safeguarding both individual and institutional data, with a focus on preventing unauthorized access, data breaches, and online scams.
If you have any questions or would like to talk with us, please email us at itsecurity@radford.edu or call the Information Security Officer at 540-831-7770.
Data Classification
Data at Radford University is classified into three tiers, with loss of data in higher tiers causing more damage to the individual and institution. Our classifications are:
Highly Sensitive
Protected
Public
Highly sensitive data is prohibited from being stored on any mobile device (i.e. laptop, phone, tablet, USB drive, etc.) unless the data is encrypted and an exception requested; the exception must include:
Email is not an acceptable medium to transmit Highly Sensitive data. This is because it is saved as a copy in the sender's mailbox (under Sent Items) and recipient's mailbox, so it is stored in an unauthorized location. Email is not encrypted in transit, which violates the confidentiality of the data transmitted.
To reiterate, Email is not an acceptable medium to transmit highly sensitive data.
You have options to transmit highly sensitive data depending upon its destination:
One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. This is why so many people reuse the same password. Unfortunately, reusing the same password for different accounts is dangerous, because once someone compromises your password, they can access all your accounts that use the same password. A simple solution is to use a password manager, sometimes called a password vault. These are programs that securely store all your passwords, making it easy to have a different password for each account. Password managers make this simple, because instead of having to remember all your passwords, you only have to remember the master password to your password manager.
Avoid any password manager that claims to be able to recover your master password for you. This means they know your master password, which exposes you to too much risk. Password managers are a great way to securely store all your passwords and other sensitive data. However, since they safeguard such important information, make sure you use a unique, strong master password that is not only hard for an attacker to guess, but easy for you to remember.
Here are some password managers:
These days, browsers will offer to remember your passwords for you. However, browsers are frequently targeted for attacks. It's better to use a password manager, whose sole purpose is to encrypt and protect your data.
Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.
Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked — you might not even know someone is accessing your account.
Two-factor authentication adds a second layer of security, keeping your account secure even if your password is compromised. With Duo Push, you'll be alerted right away (on your phone) if someone is trying to log in as you.
This second factor of authentication is separate and independent from your username and password — Duo never sees your password
Phishing is a fraudulent attempt by cybercriminals to obtain information such as your Radford University credentials and passwords, personally identifiable information, banking, or credit card details. The attempts are usually via email or other forms of electronic communication. Below are some tips you can use to protect yourself and your information:
Available??
Extortion
Shared Files
IT Helpdesk
Radford University uses the SendSecure solution by XMedius to securely share documents where email had traditionally been used. SendSecure uses SafeBoxes to securely share files with anyone and then have the SafeBox destroyed after contents are downloaded.
Please bookmark that link to prevent future phishing attempts that look like SendSecure notifications. SendSecure requires IT Security to provision you an account; you can request access by creating a ticket at IT OneStop. SendSecure supports two types of SafeBoxes: Personal and Enterprise.
Personal SafeBoxes are used by you to securely share documents and messages with external entities and only yourself. To create a personal SafeBox, navigate to your SendSecure portal and click +New. You will be able to add the recipient’s email address (required) and phone number (optional). The subject you choose is referenced in the email the recipient receives, giving them an indication of what this SafeBox pertains to. You can also attach files to the SafeBox that the recipient will have access to. Finally, you can select your Security Option to specify how long to keep the SafeBox before destroying it.
Departments can have an Enterprise SafeBox where you share a public link and invite anyone to create a SafeBox with you. In this scenario, you are not creating the SafeBoxes – the external entities are. This is useful when you need to receive documents containing highly sensitive data securely, but do not know who will be sending them, or are available to coordinate at the time.
The external entities would click your department’s secure link.
The external entity would create the SafeBox with your department via your department's unique public link.