Combining best practices with industry-leading innovation, ITS creates an environment that balances the BC community's need to protect information with the importance of privacy.
Stay up to date on the latest scams, software patches, tips, and more.
Concerned Your Computer Is Infected?
When ransomware hits, a criminal takes ownership of the infected device’s files and insists they will not be unlocked unless “ransom” is paid. If your computer is backed up, you are less likely to be exploited by a ransomware attack.
You can unknowingly download ransomware onto a device by opening an infected email attachment, clicking an ad, following a bad link, or even visiting a website that has malware embedded.
Remember to stop and think when you get an email you are not expecting, even if it appears to be from someone you know.
Checking the actual “from” address of an email is a smart step to avoid scams.
- Emails claiming to be from a “BC” person without an @dos5.net email address should be viewed with extreme skepticism. A sender name is easy to fake.
- If you aren’t sure if an email is authentic, instead of replying, contact the sender using information you already have about them (such as their BC email address from the BC Directory).
When a computer is not up-to-date with software updates, it is more vulnerable to ransomware attacks, malware, and data breaches. Updates for your operating system, browsers, antivirus program, and any other program you run on your computer help protect your devices (and your files) from the latest threats.
We recommend you set your operating system and software to update automatically to ensure the latest security vulnerabilities are addressed:
Enable auto-update for your devices:
**Restart regularly. Get into the habit of shutting down and restarting your computer and devices on a regular basis so that any updates can be installed at restart.
Enable auto-update for your apps/programs.
- Browsers
- Microsoft Office
- iPhone Apps
- Android Apps
BC 2-Step Verification uses Duo Security technology to confirm your identity using a second device such as a mobile phone, tablet, or landline phone. 2-Step Verification is required for EagleVPN, PeopleSoft, and other BC services.
ITS Recommends the Duo Mobile App
If you still rely on a text message or phone call for 2-Step Verification, read on to learn why the Duo Mobile App is highly recommended.
- Ease of use: You receive a “push” notification to your mobile device, and simply click “Approve.” IMPORTANT: Only click “Approve” if you are actually trying to log in. Click “Deny” if you’re not, this could mean a bad actor is trying to log in to your account.
- Offline access: Get a passcode from the app even when you don’t have cellular or wifi access.
- Save the University money: Every time you use text messaging or a phone call for 2-Step Verification, it costs BC money. 2-Step Verification via the Duo App is free.
ITS recommends you use Eagle VPN when connecting your smartphone, tablet, or laptop to any public or hotel WiFi. When you use BC's Eagle VPN, even for personal vacation use, the traffic to/from your device is encrypted so the online criminals can't see it.
When you use your BC email address or BC computer to sign up for online services or get software, even if they are free, you may be putting your personal information and Boston College data at risk.
To be cyber safe, if you are interested in any software, hardware, or technology services, even if they are free, please use the “Get Tech” process.
The Regulated Data Chart can be used to help you determine where to store your files in accordance with important data security rules and regulations.
Important: Due to constantly changing regulatory and grant changes, please consult with your Data Security Officer (DSO) to determine the safest place to store your confidential data.
Google Drive Security Guidelines
The BC Data Security Policy defines 3 categories of data: Public, Internal Use Only, and Confidential.
The Data Security Committee, General Counsel, and the university’s FERPA officer have informally agreed that an additional, 4th category of data will be added to the Data Security Policy that is even more sensitive than “Confidential.” Data that falls in this additional category will not be allowed to be stored off-campus except with written permission (see below). Google Drive is off-campus, and thus data that falls in this category must not be stored on Google Drive.
Until a formal policy revision is made and approved, you should use the following as a guideline:
Restricted. Due to legal restrictions or security concerns, some legally protected and highly sensitive information must not be stored on Google Workspace or other “cloud-based” systems without permission of the responsible Vice President or the Provost’s Office. This information, much of which was formerly classified as “Confidential,” includes:
Social Security Numbers
Financial or credit account numbers
Personal financial information (e.g. financial aid data)
Account log-in credentials
Driver's license number or state-issued identification number
Health and medical records, including HIPAA-protected information
Export-controlled information
Human-subject research information
Other sensitive information that the information sponsor or responsible Vice President has determined must remain on a secure BC server.
Confidential. FERPA data (i.e. student records) is generally defined as Confidential, and can be stored on BC Google Drive, except as noted above. Other Confidential data, except as noted above, can also be stored on BC Google Drive.
Internal Use Only: Acceptable to store on BC Google Drive.
Public: Acceptable to store on BC Google Drive
For more information, contact security@dos5.net.