Educational Procurement Journal - Spring 2018 - 10

machine, contact your IT Helpdesk.
They will instruct you what to do
next. If it is your personal machine,
turn it off and get assistance from
a reputable source. On a clean
machine, change your passwords as
soon as you can.

Valerie:
How does
GVSU communicate
with and educate faculty, staff, and
students on cyber security?
Sue: We send a monthly newsletter
to all staff as well as require annual
cyber-security training. There are
a couple of smaller cyber-safety
committees that I chair, and we
discuss ways to educate our
community. Through one of those
committees, working with our Student
Life Office, we developed some
videos to educate our students. We
send emails about current scams
to employees and students, if we
feel that they could be targeted. We
also post information on our cybersecurity website. We submit daily
awareness tips to our public shared
folders in Outlook to help individuals
stay current with what is going on,
providing educational information.
Valerie: What are your
recommendations for protecting
computers?
Sue: Keep a strong password
and never give it out. Do not click
on suspicious emails with links or
attachments. If in question, attach
the email and send to the IT Helpdesk
for review. If you have a personal
machine, make sure you have some
type of virus and malware protection
installed and keep it up to date. Many
businesses will push out security
updates for both company-owned
and personal machines. Make sure
you accept the Windows or Macintosh
updates whenever they pop up for
you to download; install them.
Valerie: What do you do if your
computer is infected?
Sue: Turn off the machine
immediately. If it is your work

10

Valerie: Is it important to turn off
Bluetooth capabilities from devices
when traveling? If so, why?
Sue: Yes. Bluetooth technology
allows your device to connect to
any open Wi-Fi. If your Bluetooth
technology is always on, hackers can
connect to your device and potentially
infect or steal your credentials. If you
must connect to a Bluetooth device,
turn it on and connect only for the
time period needed, then turn it off.
Valerie: How can you increase
security when web browsing?
Sue: Never use a link or attachment
to go to a site to enter credentials.
Go directly to the trusted site, like
your bank for instance, that would be
secured with a certificate (https://)
and login normally. Make sure than
any site that requires you to enter
personal or payment information
has a secure certificate. Hover over
the link in an email and check for its
validity; many times the link is not
even closely associated with the
intended organization (they are trying
to direct you to a site where they
can steal your credentials or infect
your machine).
Valerie: How is GVSU fighting
cybercrime, and how are cybersecurity issues being handled?
Sue: As I mentioned previously,
monthly newsletters, updates to the
cyber-safety website, mandatory
training modules for new staff,
mandatory annual training for all staff,
professional development for specific
IT personnel, and monthly meetings of
the various cyber-safety committees.
We are requiring stronger passwords
and implementing more tools that
notify IT of suspicious behaviors.
IT has annual security audits to help
identify areas needing improvement.
We work with auditors to develop

EDUCATIONAL PROCUREMENT JOURNAL | SPRING 2018

and recommend best practices
for our business areas. If a cybersecurity issue is identified, GVSU has
a protocol in place to contact and
manage it.
Valerie: What are some of the
most valuable tips that you can
share regarding email security, and
what are your thoughts on email
signatures?
Sue: Ensure that your email
password is strong and never give
it to anyone. If you read email on a
mobile device, make sure the device
requires a security PIN for entry, or
requires you to log in each time to
get your email. Do not read email on
any public device or public Wi-Fi if
it contains sensitive information. Do
not click on links or attachments in
emails if they look suspicious. When
in doubt, take the time to verify with
the sender that it is legitimate.
As for email signatures, make
sure the signature is not your actual
signature in digital format. Many
times, names and titles are on
websites that hackers use for phishing
expeditions. It is best to give as little
information as possible, while still
providing the level of service needed
by your customers.
Valerie: Sue, we are almost at the
end of our interview and I would
like talk a little about hoax, hackers,
usernames, and passwords. How
does the type of username and or
password affect the security of a
computer?
Sue: Your account credentials
should always be kept private. This
includes your username where
possible. There are accounts in which
the username is easily guessed or
is part of an automated system that
creates them. So, keeping them
private may not be an option or easy
to do. However, the password is the
key. Passwords should never be
shared and they should be complex
in such a way that they cannot be
easily guessed, and they should not
contain any personal information that
may be generally known. Passwords
should not reflect your favorite colors,



Table of Contents for the Digital Edition of Educational Procurement Journal - Spring 2018

Letter from the CEO
Cyber Security—Everyone’s Business
Scammed—How to Protect Your University
Have Festival, Will Travel: Virginia’s Advocacy Program for Small-, Women-, and Minority-owned Businesses
What Is It You Can’t Do?
Heard on the Street: New Hot Topics from the NAEP Exchange
Building a Fund of Sustainability Knowledge, One Book at a Time— Part Eight
Best and Final: Crowdsourcing Beyond the Buzzword
Index to Advertisers
Educational Procurement Journal - Spring 2018 - Intro
Educational Procurement Journal - Spring 2018 - cover1
Educational Procurement Journal - Spring 2018 - cover2
Educational Procurement Journal - Spring 2018 - 3
Educational Procurement Journal - Spring 2018 - 4
Educational Procurement Journal - Spring 2018 - 5
Educational Procurement Journal - Spring 2018 - Letter from the CEO
Educational Procurement Journal - Spring 2018 - 7
Educational Procurement Journal - Spring 2018 - Cyber Security—Everyone’s Business
Educational Procurement Journal - Spring 2018 - 9
Educational Procurement Journal - Spring 2018 - 10
Educational Procurement Journal - Spring 2018 - 11
Educational Procurement Journal - Spring 2018 - Scammed—How to Protect Your University
Educational Procurement Journal - Spring 2018 - 13
Educational Procurement Journal - Spring 2018 - 14
Educational Procurement Journal - Spring 2018 - 15
Educational Procurement Journal - Spring 2018 - Have Festival, Will Travel: Virginia’s Advocacy Program for Small-, Women-, and Minority-owned Businesses
Educational Procurement Journal - Spring 2018 - 17
Educational Procurement Journal - Spring 2018 - What Is It You Can’t Do?
Educational Procurement Journal - Spring 2018 - 19
Educational Procurement Journal - Spring 2018 - Heard on the Street: New Hot Topics from the NAEP Exchange
Educational Procurement Journal - Spring 2018 - 21
Educational Procurement Journal - Spring 2018 - Building a Fund of Sustainability Knowledge, One Book at a Time— Part Eight
Educational Procurement Journal - Spring 2018 - 23
Educational Procurement Journal - Spring 2018 - 24
Educational Procurement Journal - Spring 2018 - 25
Educational Procurement Journal - Spring 2018 - Best and Final: Crowdsourcing Beyond the Buzzword
Educational Procurement Journal - Spring 2018 - 27
Educational Procurement Journal - Spring 2018 - 28
Educational Procurement Journal - Spring 2018 - 29
Educational Procurement Journal - Spring 2018 - Index to Advertisers
Educational Procurement Journal - Spring 2018 - cover3
Educational Procurement Journal - Spring 2018 - cover4
http://www.nxtbook.com/naylor/NEPQ/NEPQ0318
http://www.nxtbook.com/naylor/NEPQ/NEPQ0218
http://www.nxtbook.com/naylor/NEPQ/NEPQ0118
http://www.nxtbook.com/naylor/NEPQ/NEPQ0417
http://www.nxtbook.com/naylor/NEPQ/NEPQ0317
http://www.nxtbookMEDIA.com