SUU Blog | T-Bird Nation

Information Security News, August 2018

By Mark Walton on August 01, 2018 in

Campus Resources, Cedar City

I would like to formally welcome everyone to campus as we get ready to begin a new academic year. The IT Department produces this Information Security Newsletter on a monthly basis to help educate the campus community on security related issues. Feel free to pass the information on to any friends or family that you think might benefit.

 

Information Security Awareness Training Sessions

With a new school year beginning, we will again be offering Information Security Awareness Training. All new employees and employees who haven't previously completed the training are required to complete it. The training is also available to those employees who have previously completed it and want a refresh. 

The training can either be completed online via Canvas or by attending a live training session offered regularly throughout the year. The online training offers the flexibility of completing it at your own pace. To access the online training, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Training 2018-2019 in your list of courses. 

The live training offers the opportunity to complete the training in one sitting. For the month of August, the live training sessions will be offered during Welcome Week. Multiple sessions are offered for your convenience. Simply attend the session that works best with your schedule. 

All live sessions will be in room ED 215 (Education Building). 

Wednesday, Aug 22nd @ 1:00-2:30pm
Thursday, Aug 23rd @ 9:00-10:30am

More sessions will be scheduled once the semester gets underway to accommodate those who are unable to attend during Welcome Week, and still want to participate in a live session. If a particular department/unit would like to schedule an individualized training, please contact Mark Walton to schedule a time.

 

Extortion e-mails

One report I recently read claimed that about 2.6 billion records have been exposed in a little over 2,300 reported data breaches for the first half of this year. Combine that with all of the data breaches of the past, and we should all just assume that our personal information is readily available to the bad guys. With all that information available, the bad guys are now resorting to a new tactic to try and extort money out of us. They send an e-mail, often with some kind of personal information, like a password, and then state that they have compromised our computer and recorded us viewing adult material. They then threaten to send that recording to family and friends unless we pay them not to. Their thinking is that by including a piece of legitimate information, they can scare us into acting on their claims. This is a scam. They do not have any such recording or evidence of your browsing history. You can simply delete the message. 

With so much personal information out there, criminals will continue to try and use that data in more sophisticated social engineering schemes. As always, please be extremely suspicious of any e-mail, text, or phone call that asks for a payment, threatens some kind of action against you, asks to install software, or asks to run something on your device or computer.

 

How to fight identity theft like a pro

As previously stated, there is a lot of personal information about each one of us out there, thus increasing the likelihood of being a victim of identity fraud. Recently there was an article on KSL, How to Fight Identity Theft Like a Pro, that gave some really good information about how to protect oneself from becoming a victim. Or if you do become a victim, how to greatly reduce the impact. I would strongly encourage everyone to read the article and give serious consideration to his suggestions. 
Here is a quick list of some of his suggestions:

  • Enable two-step verification for all your bank accounts, email accounts and social media accounts.
  • Enable text or push alerts for all your bank accounts (deposits, withdrawals, balance limits, etc.)
  • Enable text alerts for credit card transactions greater than $1.
  • Set up a verbal passcode at each bank you use (including your work's 401(k) and/or pension fund).
  • Use credit cards instead of bank accounts to pay bills.
  • Use Venmo or other electronic payment systems or credit cards instead of personal checks.
  • Set up Venmo or PayPal-type apps with a secondary savings account with limited funds.
  • Create unique usernames and passwords for each bank account.
  • Request an identity protection PIN from the IRS to protect your tax submission/refund.
  • Set up fraud alerts every six months with credit bureaus.
  • Review your free credit report
  • Freeze your credit with each of the credit bureaus if you do not need to apply for credit.

 

Secure File Sharing App

Email is not a secure transmission method for transferring sensitive documents, and should not be used to send or receive any document containing social security numbers, credit card numbers, driver's license numbers, passport numbers, health information, or any other sensitive data.

If you have a need to receive such a document from someone, either internally or external to SUU, or if you need to share such a document with a campus employee, you can use the Secure File Sharing app within the SUU portal. Simply log into your portal, and look for the Secure File Sharing link in the left navigation pane under APPS. That will take you to your inbox of secure files. You can there obtain the link that you can give other people to send you files, or you can search for an internal employee and find their link to send them a file. This app is meant to facilitate the secure transfer of files and is not meant to be a long-term storage of such data. Files transferred via this app are only available for 7 days, after which they are automatically deleted. While the app is available to each individual, a shared inbox can be created if a department needs to give multiple people access to the same inbox. If a shared inbox is desired, please contact Mark Walton to make this request.

For any questions or more information please contact Mark Walton, director of IT Security.


     

Recent Posts