As of Feb. 17, the current version of the Duo Mobile app will no longer be available for iOS devices with version 15 or earlier. iOS 16 will be the minimum supported version for the Duo Mobile app.

Duo recommends upgrading to the most recent version of iOS available for your device. The Duo Mobile app is compatible with the M1 iPad Pro.

For questions, contact the ITS Help Desk at 316-978-4357, option 1, or helpdesk@wichita.edu.

This is a large pile of gold papers stacked hapharzardly in a dark, dank basement with concrete walls and floors.

The privacy practices of data minimization and storage limitation need to be considered when storing sensitive personally identifiable information (PII). Storage should adhere to documented retention timelines developed after careful consideration by all data stakeholders. For highly sensitive information, such as Social Security numbers, financial details or driver’s license numbers, maintaining a single source of truth is considered best practice. Minimizing duplication and avoiding storage in multiple locations whenever possible reduces risk and strengthens data security.

WSU Policy 19.01 / Acceptable Use provides clear guidelines and outlines specific restrictions regarding the storage of sensitive information, including Social Security numbers and credit card data, to ensure compliance and safeguard this critical information.

Think about your OneDrive or email folders: What types of sensitive information do you have stored in there? Are there any files that contain sensitive PII that you no longer need and can be deleted? This is unfortunately a common place where we find sensitive PII stored unnecessarily “just in case.” Clearing out this information from OneDrive or emails is an easy step towards reducing the risk of having that sensitive information compromised.

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).

This is a tall stack of papers organized haphazardly.

As discussed yesterday, collection of and access to sensitive personally identifiable information (PII) needs to occur based upon a legitimate purpose. Minimizing the amount and type of PII collected and reducing the number of places it is stored is best practice. Once the PII has been collected and used for its intended purpose, it’s important to evaluate how long it needs to be retained. Both regulatory requirements and business reporting and system functions will drive the length required for retention.

Have you ever fallen into the trap of saving extra copies of information due to fear of losing the original? Do you tend to save copies of student grades or gradebooks outside of Banner or Blackboard “just in case”? No sensitive PII should ever be kept “just in case.” Retention guidelines should be implemented into policies and procedures, and individuals responsible for following through on them should be identified. Caution should always be exercised before deleting information from large data ecosystems that have multiple stakeholders or connect across multiple systems. Impact of deletion should be fully vetted, understood and agreed upon by data system owners and stewards.

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, please reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).

This is a picture of brown file folders with wite papers in it. The main folder is labeled informaiton. The rest of the folder labels are blurry.

Sensitive personally identifiable information (PII) is typically information that individuals would consider private or that could cause harm to them if unauthorized access and use occurred. The problem is that most of the technological world relies on personal information to provide a service to customers. This information is usually protected by certain regulatory or legal requirements which necessitates a certain level of data security practices to be implemented to maintain the confidentiality, integrity and availability of the data.

The volume and type of sensitive data you manage is directly linked to the costs associated with protecting it. Implementing legal and regulatory requirements for such data significantly contributes to these expenses. Additionally, holding large amounts of sensitive PII across multiple locations increases the risk of becoming a target for malicious actors who seek to monetize sensitive data for illegal purposes.

To address these challenges, it is crucial to collect or access sensitive data only when there is a legitimate purpose and to minimize its use and storage wherever possible. WSU Policy 19.01 / Acceptable Use outlines specific restrictions on storing sensitive information, such as Social Security numbers or credit card data, to help mitigate these risks. Take a look at your OneDrive or through email. What kinds of sensitive PII are being collected in there that no longer need to be?

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).

This is a picture containing three gold cog wheels with the letters P, I, I in them. The words personally identifiable information are written in yellow at the bottom of the picture.

Personally identifiable information (PII) can be defined as information about an individual that can be used to distinguish or trace an individual’s identity. Examples include names, social security numbers, date and place of birth or biometric records and any other information that is linkable to an individual, such as medical, educational, financial or employment records.

Privacy laws and regulations are typically more focused on protecting the types of PII that are considered sensitive. These can include standalone sensitive PII (e.g., financial, social security, driver’s license or passport numbers or biometric records) or sensitive information that becomes identifiable because an identifier is linked to it (e.g., medical educational, financial, income tax or employment records). A definition of what WSU considers PII can be found in the WSU Policy 19.20: Data Sensitivity Classification.

For more information visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).

Information Technology Services (ITS) is excited to announce the launch of the Duo three-digit feature to the existing Duo mobile app system to enhance the security of Wichita State resources.

Per Information Security requirements, beginning on Feb. 4, all employees utilizing the Duo mobile app will be required to use Duo three-digit process when authenticating to access WSU online resources. The Duo three-digit process strengthens the protection of your personal and university data from unauthorized access.

How it works:

  • After entering your myWSU ID and password, you will be prompted to authenticate your identity. By choosing the Duo mobile app, you will be required to enter the three digits listed on the screen into the Duo app on your mobile device.
  • SMS and phone call authentication processes will not change.

For questions, contact ITS Help Desk at 316-978-4357, option 1, or helpdesk@wichita.edu.

This is a person in a black shirt holding a sign covering their face with a question mark on it. The background is a gold color.

Privacy is the ability to exercise control over one’s information. This is supported through understanding how, when and why personal data is collected and used. It is a complex issue that is broader than confidentiality, and related to, but sometimes in direct conflict with, data security. Privacy includes additional principles like data minimization, data subject rights, purposeful and ethical use, consent and notification.

Privacy laws typically focus on preservation of privacy when it comes to personally identifiable information or personal identifiable information (PII). For more information about PII, check out tomorrow’s data privacy topic.

For more information about what privacy is, visit the WSU Privacy SharePoint Site. For any privacy related questions or concerns, reach out to the privacy officer at privacy@wichita.edu or via phone at 316-978-4447 (4HIP).

Burglar walking out of a phone with a social security card in his hands

A social security number (SSN) is a very sensitive piece of identifiable information, and when it falls in the wrong hands, it can put you at risk for identity theft and lead to:​

  • A credit card being opened and used under your name leaving you with large amounts of debt and a poor credit score​
  • Your tax refund benefit being stolen​
  • Your social security or medical insurance benefits being stolen

Email is not always a secure form of transfer and should never be used to transfer SSNs. As WSU Policy 19.01 states, SSNs should not be stored on university and personal devices, which includes email storage.​

For questions about how to safely transfer this type of sensitive information, email askinfosec@wichita.edu.

Did you get an email that promises you amazing financial aid, grants or an amazing job opportunity from UNICEF? If so, ask yourself – could this be a scam?

Key things to look for:

  • Sender: Does the sender make sense? UNICEF or anyone promising money would not legitimately email you from another college or a free email account (Like @outlook.com or @gmail.com).
  • Do they claim that you cannot email them back with your @shocker account because it is part of a “reading test” or “checking your attention to detail”?
  • Do they claim to be from a generic organization without a website, physical address, or logos/branding?
  • Are they going to hire you without an interview?
  • Did they claim that they know you, but then ask your name, phone number, name of your university and want your mobile number?
  • Do they only want to talk to you via text?
  • Do they claim you have free money?

If you see this in an email – it’s a scam.

They will send you fake checks. They work out a deal where you cash the check and send them the money via bank transfer app. The scam is the checks take a few days to clear, but the bank makes the money available to you right away. When the checks fail to clear and turn out to be fake, the bank will take the money out of your account. There is no insurance for this. You end up losing it all.

Be smart – do not take checks from unknown sources and think about emails before getting excited.

Unsure if an email is a scam? Report it. Hit the “Report Phish” button in outlook or send the message to spamreport@wichita.edu.

Starting Tuesday, Oct 31, WSU Information Technology Services (ITS) will roll out Microsoft’s Multifactor Authentication (MFA) for currently enrolled students who are taking classes.

Microsoft’s MFA enhances security by requiring the use of a secondary device at login to verify your identity. This new security will protect users by making it more difficult for others to access your account. It uses two different forms of identity: myWSU password, and an additional authentication method.

Currently enrolled students who are taking classes are required to register and use MFA. Student employees will use Duo to authenticate while an employee. When they are no longer a student employee and revert to student only status, they will use Microsoft MFA.

Software impacted by MFA will be email, Blackboard and all Office 365 products.

Authentication methods available:

  • Highly recommended: The Microsoft Authenticator App, a simple, fast and highly secure two-factor authentication application, available to download from Microsoft (app only available for iOS and Android devices)
  • Non-WSU email address
  • Phone number

Additional information on what to expect and how to set up your Multi-factor Authentication can also be found on the ITS webpage.

For questions, contact the ITS Help Desk at 316-978-4357, Option 1 or email helpdesk@wichita.edu.