Learn how students, faculty and staff can use a secure password manager such as LastPass.  What is LastPass? Managing passwords can be difficult, but a secure password manager can help you be more efficient by generating, remembering, organizing, and filling in your passwords. Stevens has partnered with LastPass to provide students, faculty, and staff with the benefits of LastPass. LastPass makes it easy to access all your apps and websites at work. By combining single sign-on and password management, LastPass connects you to cloud apps and stores all your usernames and passwords in one safe place, called a Vault. After you save a password to your Vault, LastPass always remembers it for you. When you need to log in to a website, LastPass enters your username and password for you! A password manager and single sign-on solution do many other things, including: Creating new passwords for you Showing your security score and dark web monitoring alerts Storing information such as PIN codes and membership IDs Sharing passwords with others Filling out addresses and credit card forms Providing one-click login to apps that you use at work   Why should I use LastPass? LastPass will help you in your day-to-day work while improving the overall security of Stevens. Key benefits of using LastPass include: Convenience: No more forgotten or mistyped passwords Time saved: Instantly log in to websites Stronger security: Long passwords that you don't have to remember LastPass Versions Use Cases Enterprise Faculty and staff should use this version to store passwords used for University business. Premium (available for public purchase but free to faculty, staff, and students) Students should use this version to store both University passwords and personal passwords. Faculty and staff should use this product to store personal passwords. Please note that your personal Premium account and Enterprise accounts can be easily linked. This allows you to keep your vault entries all in one place, while both accounts remain separate. Your personal and University Enterprise accounts are private (your system administrator cannot view your account data), and if you ever leave the University, your personal account remains active and accessible to you.  Note: LastPass offers a free version of its product – please do not use this to store passwords used for University business. Get Started with LastPass   Enterprise: For Faculty and Staff Step 1: Follow the instructions in the welcome email (it may take up to an hour to receive) to activate your account. Step 2: Go to https://lastpass.com/misc_download2.php to download the LastPass browser extension(s) of your choice. Step 3: Now that you have downloaded LastPass for your browser of choice, you will now be able to access your LastPass Enterprise Vault where you’ll add the sites and usernames and passwords via your MyStevens username and password (referred to as Federated Login by LastPass/LogMeIn). It is strongly recommended that you log in to the extension at least once to access your LastPass Vault, which is the central hub within your account where all of your data will be stored. This is important for a few reasons: Creates a snapshot of your Vault data in the form of an encrypted, locally stored, cached file. Automatically generates a Sharing Key so that you can create and use shared folders. Step 4: Learn how LastPass works by visiting the LastPass Self-Service Training Portal. This is a very simple but robust training portal where you can learn about the key features of LastPass. You can move through the training courses at your own pace, though it typically takes about 20 minutes to complete them all. Personal: For Faculty, Staff, Students Why you should use LastPass for your personal accounts? Your personal data is very valuable and needs to be protected. Your usernames and passwords are the keys to your online accounts, and LastPass helps you prevent any hackers from accessing these accounts and stealing information like your name, address, credit card numbers, social security numbers, and much more. With LastPass, you can create unique and secure passwords for every account. LastPass stores and fills them for you, so you don’t have to remember them. This is the best way to protect yourself online. It’s also just more convenient! Stop getting locked out of accounts and wasting time with password resets. Step 1: Complete the form https://lastpass.com/partnerpremium/stevens to activate your LastPass Premium personal account. The Stevens LastPass Portal will request your Stevens email address as well as a personal email address.  The Division of Information Technology will not have access to any of the information stored in your personal account. Your @stevens.edu email address is required so that LastPass can confirm your status as a Stevens student or employee. Step 2: Navigate to your Stevens email inbox and find the confirmation email from LastPass. Click the link in the email to confirm your account. Step 3: You will then be directed to a webpage to set your LastPass master password. We recommend using the following best practices when creating your Master Password: Use a minimum of 12 characters, but the lengthier the better Use upper case, lower case, numeric, and special character values Make it pronounceable and memorable, but not easily guessed (e.g., a passphrase) Make sure that it is unique only to you Never use personal information Step 4: Once your password is set, you will confirm your account and you’ll be ready to use LastPass .If you already have a personal LastPass account, please visit https://lastpass.com/partnerpremium/stevens to enter your Stevens email address and the email address associated with your personal account. This way, we can guarantee you receive the Premium version. If you already have the Premium version, one additional year of free Premium will be added to your account. Step 5: Go to https://lastpass.com/misc_download2.php to download the LastPass browser extension(s) of your choice. You can also download the LastPass app for iOS or Android when you're on the go. Once you've logged in on your computer or mobile device, you can access your LastPass Vault, which is the central hub within your account where all of your data will be stored. Experiencing an issue or need additional support, contact our OneIT Team by Opening a support ticket or Calling us at 201-380-6599

Find out how to report and respond to many types of security concerns. Report a Lost or Stolen Item If your electronic device (including laptop, cellphone, or tablet) has been lost or stolen, please contact the Stevens Police Department at (201) 216-5105 and file a police report.  Additionally, please contact the Office of Information Security at security@stevens.edu to evaluate if protected data was present on the device, including but not limited to: Health records Employee/personnel records Student data Research data Financial records Report a Security Vulnerability If you have discovered or suspect a security vulnerability on any systems owned or operated by Stevens Institute of Technology, please report it immediately: Report the vulnerability to the Information Security Office by emailing security@stevens.edu Please provide as much information as possible.  Never include sensitive information over email, instead, call us at 201-380-6599. Include in your report: Your name and contact information Which systems are affected (IP addresses, hostnames, URLs, etc.) Description of the security vulnerability and steps to reproduce the issue Date and time the vulnerability was discovered Any other known resources affected. What is a Security Incident? A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. This includes interference with information technology operations and violation of campus policy, laws, or regulations. Examples of security incidents include: Computer system breach Unauthorized access to, or use of, systems, software, or data Unauthorized changes to systems, software, or data Loss or theft of equipment used to store institutional data Denial of service attack Interference with the intended use of IT resources Compromised user accounts Actual or suspected security incidents must be reported as early as possible so that campus can limit the damage and cost of recovery. Include specific details regarding the system breach, vulnerability, or compromise of your computer and we will respond with a plan for further containment and mitigation. How to report a security incident email: security@stevens.edu Important: If the incident poses an immediate danger, contact Campus Police immediately at (201) 216-5105 or call 911. Information to include in the report: Your name Department Email address Telephone number Description of the information security problem Date and time the problem was first noticed (if possible) Any other known resources affected What should I do if I suspect a serious security incident? A security incident is considered serious if the campus is impacted by one or more of the following: potential unauthorized disclosure of sensitive information serious legal consequences severe disruption to critical services active threats are likely to raise public interest Sensitive information is defined in the Data Classification Standard and includes personally identifiable information that is protected by laws and regulations, as well as confidential research protected by data use agreements, such as: Social security number Credit card number Driver's license number Student records Protected health information (PHI) If you know or suspect that the compromised system contains sensitive data, please take these steps: Do not attempt to investigate or remediate the compromise on your own Instruct any users to stop working on the system immediately Do not power down the machine Remove the system from the network by unplugging the network cable or disconnecting from the wireless network Report the incident using the instructions above In the case of a serious incident, please be aware that continued interaction with a compromised machine can severely affect the forensic analysis. Report Computer or Network Misuse A security incident may also refer to the inappropriate use of computers and the campus network. Common violations and examples of misuse include: Communications for commercial or political marketing purposes Email spam Copyright infringement allegations If the misuse in question originated from a campus email address, network connection, or resides on a Stevens website, email: security@stevens.edu. Otherwise, complaints must be directed to the off-campus service provider. You may use the Abuse.net tools to look up the appropriate service provider: Abuse.net: Lookup abuse contact for a domain  Abuse.net: Send a complaint to the off-campus service provider  For information about how to respond to online copyright infringement allegations, see the following list of resources:  The Digital Millennium Copyright ACT (DMCA) and Related Resources Report a Phishing Email Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our security team. We will examine the email and advise you of any further steps you may need to take. New Method to Report Phishing Emails The "Report Phishing" button is a new feature in Outlook that will help users immediately report phishing emails to the Office of Information Security. This button provides a simple method for users to report suspicious emails such as spam, phishing, and other malicious content. To do so, highlight the message in question and click on the Report Message button in the Outlook ribbon.  This will move the email from your Inbox to your Junk Email folder and send a copy of the email to the Office of Information Security team for evaluation. If the Report Phishing button is not available, you can forward the email as an attachment to security@stevens.edu. Outlook Web Access (webmail.stevens.edu)  Step 1: Click on the email that you would like to Mark as Phishing. Step 2: Click the Ellipses. Step 3: Click Report Phishing. Report Abuse If you suspect that your network, systems, or services may have been negatively impacted by resources at Stevens, please report them to the Office of Information Security via email to: security@stevens.edu. When reporting abuse, provide the following: Your name, and an email address or phone number for contacting you If you are affiliated with Stevens, your affiliation (Faculty, Staff, Student, etc.) The type of abuse (SPAM, bandwidth abuse, etc.) The IP address of the attacking system, if appropriate The date and time of the abuse Any additional information that you feel may help us to locate and diagnose the problem, such as full message headers, system logs, etc. Experiencing an issue or need additional support, contact our OneIT Team by Opening a support ticket or Calling us at 201-380-6599

Learn about Stevens Data Loss Prevention policies and their exceptions. How to Send Emails with Sensitive Data Under the Protect Stevens Program, Stevens end users will begin to notice several security controls in place to protect email, specifically those containing sensitive Personal Identifiable Information (PII) data (defined in the Data Classification Standard) as it leaves the Stevens email network. PII-sensitive data types include but are not limited to the following: Credit Card Numbers U.S. Bank Account Numbers U.S. Individual Taxpayer Identification Numbers (ITIN) U.S. Social Security Numbers (SSN) U.S. / U.K. Passport Numbers U.S. Driver's License Numbers Controls are in place in accordance with Email Data Loss Prevention (DLP) policies, which automatically scan outgoing emails containing sensitive information by Stevens users (staff, faculty, and students).  End users will receive various notifications when attempting to send sensitive PII information via email. Here are some notifications end users may encounter when attempting to share sensitive data: Policy Tip This label is automatically generated on the email client app when it detects sensitive data and is designed to raise awareness about the handling of sensitive information: User Override Depending on the volume of sensitive data, the Email DLP policies will either allow or block outgoing emails. For example, in the case of a low volume detection (1-9 instances) of sensitive data, outgoing email functionality is allowed. However, in the case of a high-volume detection of sensitive data (10+ instances), the email will be automatically blocked. Users can apply a User Override functionality, which allows the user to remove the block by providing a business justification or by reporting a false positive. Here is how the message will appear: Follow-up Email Users can expect to receive a Protect Stevens Data email, outlining why their email triggered a DLP policy as well as additional resources to review Stevens Sensitive Data policies. Mac & Non-Windows Users Microsoft Email DLP policies run natively on the Windows Outlook client app and are unsupported on non-Windows devices such as Mac devices. Mac users will receive none of these user notifications, and they will be automatically blocked when sending emails containing a high volume of sensitive data (10 or more). In order to bypass this, Mac users can use the Outlook Web App (OWA) or they can apply Sensitive or Restricted Sensitivity Labels to their emails (as shown below). The latter would encrypt and allow the mail to flow out. Sending Non-PII Sensitive Data There are some types of sensitive information that will not be flagged by our DLP policies. For example, source code, financial records, research, student data, passwords, etc. In these cases, we strongly encourage you to utilize Sensitivity Labels (specifically Sensitive or Restricted labels) in Outlook, which will automatically encrypt the email and its sensitive content. Experiencing an issue or need additional support? Contact our OneIT Team: Open a support ticket or Call 201-380-6599

Learn how to classify email content and encrypt it when appropriate. How to Use Email Sensitivity Labels Stevens has four levels of Data Classification Standards based upon the Stevens Information Security Policy (Appendix A), that all correlate with a sensitivity label that may be used in Microsoft Outlook, Word, Excel, PowerPoint, and other Microsoft 365 applications.  Public Non-Public Sensitive Restricted   We encourage Stevens users to utilize the four sensitivity labels to apply protections such as encryption to your email message and any files it contains.    We recommend using OneDrive for safe and secure sharing rather than a 3rd party platform, so that sensitivity labels can continue to be used. If the use of OneDrive is not possible for some specific reason and email must be used, then we recommend the use of the Sensitive – Anyone (unrestricted) only in this situation. This label should not be used regularly due to weaker security controls. Please be aware that when sharing data with someone who is not using the Microsoft 365 platform (i.e., Google) an error may occur. The error will only occur if Office files with sensitivity labels (either applied on the document itself or on an email message containing the documents) go outside of the Microsoft 365. Email messages alone or messages containing non-Office files (i.e. CSV or zipped files) with sensitivity labels going outside of Microsoft 365 do not have this issue.   The following table shows examples of sensitive data types, the appropriate email sensitivity label to apply, and what protections are applied to that data. Data Classification and Sensitivity Label Examples Protections Used Public Directory information that has been designated for public view Public-facing Stevens web pages Publications approved for general release Course catalogs N/A Non-Public Use “Anyone (unrestricted)” if going to third-party; otherwise, use “All Employees (unrestricted)” Data or information concerning Stevens infrastructure Unpublished research data and other academic work that may be shared with third-party collaborators or other entities Administrative data and reports that may be shared with third-party individuals or entities N/A Sensitive “All Employees” if any Stevens user recipient can have access; “Trusted People” to select individual users* Budget data, records, and plans University Policies that are not publicly available Meeting minutes and notes Sensitive research data and materials “Confidential” data header Content is encrypted Restricted “All Employees” if any Stevens user recipient can have access; otherwise, use  “Specific People” to select individual users** Information protected by state or federal privacy regulations Any personally identifiable student, parent, or employee records Financial and health records Passwords Source code Highly Confidential data header Recipients cannot forward or print the content**  Content is encrypted *Note: “Trusted People” you select can reshare the email and its content. **Note: “Specific People” you select cannot reshare the email and its content. How to Use Encryption Encryption is automatically applied to the Sensitive – “All Employees”, Sensitive – “Trusted People”, Restricted – “All Employees”, and Restricted – “Specific People” labels in Microsoft Outlook/Exchange.  You can also apply encryption on email messages without sensitivity labels using Options >> Encrypt as shown below. When a message is encrypted, Stevens users and any external users who are using Microsoft Exchange for emails will not see a difference when opening an encrypted email.  When an encrypted email is sent to an external user who is not using Microsoft Exchange, they will receive the following message. Upon selecting “Read this message,” the user will see the encrypted message and attachments (example below). Please note that if the external user receives the below message instead of the message you sent, you have probably selected an email sensitivity label for internal Stevens users (Sensitive/All Employees or Restricted/All Employees) not viewable for external users.  You must change the email sensitivity label to one for external users. In this case, external users would be able to fully view the email messages using the following sensitivity labels: Sensitive/Trusted People or Restricted/Specific People. Once you have updated the sensitivity label to accommodate external users, you will need to resend the email.  Experiencing an issue or need additional support? Contact our OneIT Team: Open a support ticket or Call 201-380-6599

Learn about how data can be shared safely across different Stevens IT platforms while minimizing the risk of data exposure and breaches while maintaining ease of access for end-users. How to Share Sensitive Data Safely At Stevens, maximizing collaboration and productivity are integral to the work we do. Therefore, the university's most valuable and sensitive data and information travels between different users, systems, and IT infrastructures.  For Sensitive Data in: Use the Following: Use these Controls for Sensitive Information: Email Exchange (Office 365) Apply Sensitivity Labels to encrypt sensitive email messages. Document OneDrive & SharePoint OneDrive and SharePoint offer data owners multiple built-in controls for sharing and collaboration on Microsoft Office documents. Email Stevens’ Exchange email system is part of Microsoft’s Office 365 cloud suite, which offers sensitivity labels that can be applied to encrypt any email message quickly and effectively. Users can apply Sensitive or Restricted labels on their email messages to encrypt and send any email securely outside of the Stevens email tenant, for more information review the Email Sensitivity knowledge base article.  Documents OneDrive and SharePoint offer various functionality for secure sharing. Documents can be shared externally on OneDrive, both via email and a link. To share documents externally from SharePoint, ask the owner of the SharePoint Document Library if this feature has been enabled, if it has not, please have the owner contact IT at support@stevens.edu. OneDrive and SharePoint have features such as tracking changes, revoking access, setting passwords, and time limits for sharing that make it a great platform for sharing sensitive and valuable data. Storing Data OneDrive and SharePoint are the recommended storage solutions for the Stevens community. OneDrive offers generous storage with over 5 TBs per user, while SharePoint storage is geared towards department and functional units. Both OneDrive and SharePoint are supported by backend security controls which make these platforms ideal for storing sensitive data and information.    While Google is still available to Stevens users with 10 GB per user, it is not intended for storing any sensitive or personal information due to its lack of robust security features. Experiencing an issue or need additional support? Contact our OneIT Team Open a support ticket or Call 201-380-6599

Learn how to uninstall mobile applications from your Apple or Android mobile device. Apple iPhone For detailed instructions and additional ways to delete apps visit Apple's iPhone User Guide to learn how to Remove or delete apps from iPhone. Step 1: Find the app on your iPhone that you would like to delete Step 2: Press and hold the app icon until a menu appears and select Remove App from the menu then select Delete to confirm you'd like to delete the app Google Android For detailed instructions visit Google's guide to learn how to Delete apps on your Android device. Step 1: Find the app on your Android that you would like to delete Step 2: Press and hold the app icon until a menu appears and select Uninstall from the menu then select OK to confirm you'd like to delete the app Experiencing an issue or need additional support? Contact our OneIT Team by Opening a support ticket or Calling us at 201-216-5500