Frequently Asked Questions

What is VPN?

VPN stands for Virtual Private Network. The Virtual Private Network at UTRGV is now needed to remotely gain access to office computers and other UTRGV resources using the Remote Desktop Connection program.

Why would I need to use VPN?

The most common reasons are:

Remote access to your office computer.
Approve employee time cards.
Change your direct deposit information.

How do I connect to University resources when I am not on campus?

You can access your office computer and other UTRGV resources out campus through VPN connection. To request this type of service refer to:

How to create a Virtual Private Network (VPN) Connection

I received a duo push notification, a call or an SMS on my phone asking to confirm VPN connection to the University. What does this mean?

If you did not attempt to authenticate to the VPN, this could mean that someone stole your user credentials. If this occurs, decline the two-factor request. Report the incident to the Information Security Office at 956-665-7124 and change your password immediately.

What is Spam?

Spam is the use of electronic messaging systems to send unsolicited -usually undesired- bulk messages indiscriminately. Some spam is merely annoying, while other spam can result in a number of very bad outcomes for unsuspecting recipients.

What is Phishing and how can I protect myself from it?

Phishing is a specific type of spam. Phishing or spoofing refer to deceitful or fraudulent emails designed to trick people to provide personal information that leaves them vulnerable to identity theft, computer viruses, and compromised email accounts. Avoiding the following things might help you stay safe:

Do not click on links within emails.
Locate your mouse over the link and it reveal the true URL to verify it is the original one.
Do not provide any personal or private information via email or through links sent to you in email.

Keep your anti-virus software consistently up-to-date and perform regular system scans.

How do I report suspicious email?

If you receive an email that you believe is extremely malicious, such as phishing email asking for your username and password, please forward the email to itdns@utrgv.edu

You will need to forward the entire message with full original headers.

See instructions at How to Forward Email with Full Headers

When you are authenticated, the server knows that you are you. Once the servers confirms your identity, it grants you access to the files and directories that you are authorized to see or change.

Note: Your authentication expires after a certain amount of time. In order to continue accessing your data, you will need to re-authenticate your user ID and password.

What can I use Identity Finder for?

Spirion (formerly Identity Finder) helps you scan and identify sensitive data on University's owned and managed computers, secure sensitive information, such as Social Security Numbers (SSN), Credit Cards Numbers, Passwords, and more.

Information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a social security number;age;race;salary;home phone numbers, etc.

Avoid copying or downloading PII from the University's administrative systems to your desktop computer, web server, PDA, laptop, phone, USB Drive, or other storage media unless absolutely required. Ensure PII data is encrypted and properly secured.
Avoid creating databases or applications that use SSN as identifiers.
Do not send un-encrypted sensitive data via email. How to encrypt sensitive data via email
Periodically check hard disks and document backups to ensure that SSN or other sensitive personal data isn't included in old personnel files, employee lists, student grade rosters, etc.
Password protect data.
Physically protect devices that can be easily moved such as PDA or Laptop by locking in a secure area.

Passwords must be created to comply with the University's information security policy. This means a minimum of 8 characters with at least one non-alphabetic character. Passwords should not be individual dictionary words, common names, or sequences of numbers. "F4&yh10!" is an example of an acceptable password.

A longer password is a stronger password. Consider creating a password comprised of several unrelated words with numbers and special characters interspersed. This is often referred to as a pass-phrase. It is generally thought to be stronger and easier to remember than a traditional password. "L3ftFl0orCha1rBridg3#58" is an example of an acceptable pass-phrase.

You can also take a look at the video on How to create Strong Passwords:

If your university credentials have been compromised—meaning that another person has gained access to your university-related login and password, the ISO recommends the following:

If your credentials were compromised due to the theft of university-owned equipment, such as a laptop, report an incident immediately.
Change your UTRGV password.
Log in to any other important online service accounts (banking, e-mail, etc.) and change your passwords.

What is two-factor authentication?

It is another layer of security when authenticating. You authenticate using two different types of authentication, one is something you know (your password) and the other something you have (your Duo registered device).

Where and how do I enroll for two-factor authentication?

To enroll please visit: wwww.utrgv.edu/is/en-us/resources/how-to/duo/index

Unless your computer is in a secure space that is accessible only by you, you must run a screen saver that will automatically lock your screen after 15 minutes of inactivity and require a password to unlock it. This is necessary to prevent an unauthorized person from being able to see sensitive information or exploit access to your computer in your absence.

Contact the project manager for the asset.

Contact Campus Police Department

Phones:

Edinburg Campus: (956) 665-7151

Brownsville Campus: (956) 882-8232

Website: www.utrgv.edu/police

Contact the Information Security Office

Phone: 956-665-7124

Website: www.utrgv.edu/is

Email: is@utrgv.edu

A Security Incident is an event where the confidentiality, integrity or availability of UTRGV has been affected or could potentially be affected. If you know or are notified of any please contact the Information Security Office as soon as possible.

In Person: ESRAX Building
Phone:(956) 665-7124
Online: Report Incident

What is Encryption?

Encryption is a way to send a message in code. The only person who can decode the message is the person with the correct key; to anyone else, the message looks like a random series of letters, numbers, and characters. Encryption is especially important if you are trying to send sensitive information that other people should not be able to access.

What is a full disk encryption and why is it important?

Full disk encryption is when the entire storage space on a computing device is encrypted. The purpose of whole disk encryption is to protect sensitive data that could be stored in a hard drive from unauthorized access in case the device is lost or stolen.

What is managed encryption?

Managed encryption provides centralized compliance reporting and key escrow. The encryption software communicates with a centralized server to provide information about encrypted state of the computer, provides a copy of the key for it, and sends/receives configuration information. Centralized compliance reporting helps provide Executive Management and UT System some assurance that computer devices are encrypted and remain encrypted.

Key escrow is whereby the key used to unlock or decrypt data stored on a university-owned computer is stored in a secure location and it is available to the institution. This is essential for recovering data in the event that the owner of the system cannot provide it, hard drive failure in response to a litigation hold, subpoena or open records request.

Below are links to tutorials on encrypting your devices.

Encryption isn't only for "data at rest" - which is data sitting on a hard disk, optical, or flash memory - you also want to be sure your data is being encrypted in transit.