I.T. warns of potential breaches to prevent monitoring of emails
CSUN continues to closely monitor incoming emails in the midst of persistence by hackers who break into servers.
After a cheating scandal hit Harvard, a group of deans were outraged last fall by their emails having been monitored without their knowing.
Chris Olsen, senior director of infrastructure services at CSUN, said the campus takes personal privacy very seriously as stated in the Privacy of Personal Information section of Policies and Procedures.
“CSUN is responsible for taking all reasonable and appropriate steps for the protection of the confidentiality, availability, privacy and integrity of information in its custody,” Olsen said. “This policy encompasses university e-mail as well as other systems that contain personal information in CSUN’s custody.”
Olsen said campus policy follows state and federal privacy laws.
CSUN has an information security program to help create a safe network, Olsen said. The program creates a safe environment for users and protect their personal information by using awareness training.
“As with any institution, and as noted in the CSUN ‘Use of Computing Resources’ policy, there is no guarantee of privacy or protection against intrusion by others,” he said.
Olsen said there are two categories of breaches that can happen with an email account: technical attacks, which focus on a disruption or denial of service, and social engineering, which is what CSUN, other universities and organizations are currently seeing.
“This is most widely seen at CSUN in the form of fraudulent e-mail messages targeting faculty, staff, and students that ask to provide a CSUN username and password ‘or else,’” Olsen said.
Olsen said there have been no recent breaches that would violate the policy, but if needed, certain campus administrators can look at users’ emails.
“One example is related to litigation, and while I cannot speak to specific cases, there have been cases where university email has been involved in litigation,” he said. “In such cases, authorized administrators and legal authorities handle email in accordance with policy.”
Janet Valerio, sophomore liberal studies major, said she believes the campus network is much more secure than any other email platform like Yahoo or Hotmail.
“From what I understand, the school filters the email we get and also what we send each other,” she said. “I think professors have to go through some system before sending e-mails and it will go to spam if they send it from another address.”
Olsen said CSUN has anti-spam systems that block between 85 and 90 percent of all e-mail coming into the university.
“It is very challenging to identify and block social engineering messages as they look and read as legitimate messages,” he said. “They do not contain viruses and other obvious characteristics typically found in spam.”
Andrea Lee, undecided sophomore, was not as sure about the security of her email, but said it seemed pretty secure, especially since a great number of students use Moodle for classes.
“I mean, if you don’t know anyone in your class it’s a really good way to reach out and get the notes via email,” she said. “Besides, I only use my CSUN Gmail account for school, so I don’t see the point in anyone hacking into it but if they did I would be pretty angry.”
Valerio, who has older emails saved in her account, said she would be irritated if her account were hacked.
“I have e-mails from past classes that have grades or some sample research papers for future reference writing and I would be upset if something happened,” she said.
Olsen said it would be good practice for anyone to share only the minimum personal or private information, whether it be through email, phone or web.
“Always question suspicious e-mails, web pages, and phone calls that solicit personal/private information,” he said. “CSUN will never ask you to provide your password, social security number, or any other personal information by email. If in doubt, do not respond to suspicious e-mail, and do not click on suspicious URLs included in email.”
To report a potential breach of personal information, Olsen said to contact the office of Information Security at 818-677-6100 or by email at firstname.lastname@example.org.