Research Information Security

Cyber-threats

Email phishing scams (spear phishing, whaling, etc.)

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (for example, your university, your internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (for example, passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft or to gain access to data.

Learn how to Avoid phishing scams

Malware (spyware, keyloggers), placed on a computer through email, websites

A computer virus or malware is a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying or exfiltrating data).

Learn about viruses, worms and Trojan horses

Ransomware

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid. More modern ransomware families, collectively categorized as crypto ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.

Learn about ransomware

Unpatched systems and security vulnerabilities

Keeping hardware and software current helps protect information on devices and associated networks. One unpatched device on a network can allow a hacker to gain access to the entire system. Most information technology (IT) departments automate system updates, and users who manage their own information systems should coordinate updates with their IT departments.

Social extraction

Social engineering

In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking or manipulating other people to divulge confidential information or break normal security procedures.

Social networking extraction

Much of what the Internet knows about you, it knows from social media. Are you aware of how much you've shared? Make sure your content and settings protect your privacy and security which reflect the public and professional persona you wish to project.

Learn more about Social media, privacy and security

Loss / Theft

Hardware loss / theft of unencrypted computing equipment or research materials

Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. Computer hardware that stores sensitive information should utilize encryption at rest to protect it from unauthorized use in the case of loss or theft.

Learn more about data encryption

Data leaks, loss, or theft

Mistakenly providing sensitive personal information to a person external to IU, verbally, on paper, or electronically is a disclosure. Depending on the circumstances, data may also be considered disclosed or exposed if the device on which the data is stored is compromised or stolen; if a web page is made available with the data on it; if paper records with the data are disposed of without shredding or the use of another secure disposal method; or if computer disks are disposed of without following one of the methods described in UISO's document, Securely Removing Data.

Learn more about actions you can take to secure sensitive data