Tag Archives: Cybersecurity

October is CyberSecurity Awareness Month

October 13, 2022Special News, TechNews#BeCyberSmart, 202210, Cybersecurity, CybersecurityAwarenessMonth, Information Securityito0

See Yourself in Cyber. #BeCyberSmart.

Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school.

4 Things You Can Do to #BeCyberSmart

Enable Multi-Factor Authentication (Learn more about SharkPass/Duo at Simmons)
Use Strong Passwords (Learn more in our Information Security Policy)
Recognize and Report Phishing (Visit the phishing information website)
Update Your Software (Read more about how to check for software updates on your MacOS, Windows, Android, or iOS device)

About Your Role

October 13, 2022Special News, TechNews202210, Cybersecurity, CybersecurityAwarenessMonth, Information Securityito0

When we say See Yourself in Cyber, we mean see yourself in cyber no matter what role you play. As an individual or consumer, take steps to protect your online information and privacy. Faculty, staff, and service providers can take ownership of their role by putting cybersecurity in place to prevent incidents while protecting the University’s brand and reputation. Administrators support critical operations and are a part of the network of functions and systems that others rely on.

Remember: your role plays an important part in ensuring cybersecurity for the larger ecosystem!

Phishing and Social Engineering

October 13, 2022Special News, TechNews202210, Cybersecurity, CybersecurityAwarenessMonth, Information Security, Phishingito0

Phishing and social engineering campaigns are the #1 source of ransomware and other malware[1].
Phishing is a type of cybersecurity attack where malicious actors send messages pretending to be a trusted person. Social Engineering is the psychological manipulation of people into performing actions like installing malicious software, clicking a malicious link, or divulging sensitive information.

Reduce your chances of your falling victim to phishing attacks!

Beware of messages that:

Do not clearly identify themselves or their company
Come from an email address that does not match the company’s domain
Do not give full contact information such as the title of sender, the company’s physical address, or phone number
Make too good to be true offers with no strings attached
Ask to pay an upfront fee or asks you to transfer money for them
Ask to give your credit card or bank account numbers
Ask to send copies of personal documents
Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.

If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Beware of Disaster Scams

October 13, 2022Special News, TechNews202210, Cybersecurity, CybersecurityAwarenessMonth, Information Security, Phishing and Scamito0

Remain vigilant for scams particularly related to disasters and other current events. Recent phishing campaigns include emails with attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with Hurricane Ian-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Hurricane Ian relief efforts.

In general, avoid clicking links in unsolicited emails, never reveal personal or financial information in email and do not respond to solicitations for this type of information. Always verify the sender of email messages.

For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to Simmons Information Security Officer, Richard Phung, or the Technology Service Desk.

Upcoming Sharkpass Duo Updates

October 13, 2022Special News, TechNews202210, Cybersecurity, CybersecurityAwarenessMonth, Duo, Duo Updates, Information Security, Sharkpass Duo, Sharkpass Duo Updatesito0

Simmons Technology will be updating Duo Security — the technology behind Simmons Sharkpass — to the Universal Prompt which will affect the look-and-feel of logging into Simmons resources.

After this change, a redesigned prompt will be presented to users at the time they login providing a sleeker, more simplified interface.

Stay tuned! More details to be announced soon.

Information Security and Phishing

September 6, 2022TechNews202209, Cybersecurity, Information Security, Phishing Attacksito0

ID Badge Icon Nearly 20 million students in the US are expected to attend universities this fall.

This is an exciting time for Simmons as our students, faculty, and staff return for the academic year. Unfortunately, the return to school provides ample opportunities for cybercriminals who wish to take advantage of people during these particularly busy times.

Phishing attacks are once again on the rise, accounting for more than 20% of data breaches in 2021[1]. It is estimated that one in every 99 messages (1.2%)[2] is malicious which equates to nearly 3.4 billion fake emails per day.

Luckily there are some healthy security practices that we all can take to reduce risk:

Beware of email messages claiming to be of an urgent nature.
Pay attention to the sender of the email message.
Look out for fake logos, signatures, or suspicious message contents.
Check those URLs; only visit official, reputable websites with encryption.
Think twice before clicking links or opening attachments.
Protect your passwords and use different passwords for your work, school, and personal accounts.
Keep your machine clean.
Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date.
Delete sensitive information if you no longer need it.
Back-up your files regularly.

Be mindful of common scams targeting college students, including:

Emails that contain “important information about your Simmons account” or a “problem with your registration”
Tech Support scams where you get a call about a “problem with your computer”
Scholarship scams, textbook rental or book-buying scams.
IRS scams demanding money for a fake “federal student tax”
Tuition reimbursement or student debt cancellation scams
Messages asking for your login information, passwords, or other personal information
Fake friend requests, fake login pages, and fake DropBox or Google Docs share notices.

Thank you for your continued cooperation supporting your information security and online safety! For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to Simmons Information Security Officer, Richard Phung, or the Technology Service Desk.

[1] Verizon 2021 Data Breach Investigations Report (https://www.verizon.com/business/resources/reports/dbir/)

[2] Valimail Email Fraud Landscape Spring 2019 Report (https://valimail.docsend.com/view/qndhuhn)

Icon made by Pixel perfect from www.flaticon.com

Ongoing Security Concerns

January 25, 2022Special News, TechNews202201, Cybersecurity, Information Securityito0

Many institutions of higher learning are falling prey to an increasing number of phishing attacks. Simmons is no exception. Phishing attacks have soared 220%¹ since the beginning of the pandemic. Despite our active monitoring efforts and alerts to the community, too many of us still fall victim. Breaches of Simmons login credentials this month have resulted in compromised computers used to send even more phishing messages and most recently unlawful access to Workday where banking information was exposed and in one case changed. Giving up your password to a phishing site has serious consequences.

¹https://www.f5.com/company/news/features/phishing-attacks-soar-220–during-covid-19-peak-as-cybercriminal

Phishing and Imposter Websites

January 25, 2022Special News, TechNews202201, Cybersecurity, idp.simmons.edu, Information Securityito0

Cybercriminals are adept at creating imposter websites that look like standard login pages for Google, Microsoft Live, and even Simmons’ own login page. Simmons login page url will always begin with “idp.simmons.edu” and any other url even if it contains “simmons.edu” later in the text is not our login page.

Make sure URL containing idp.simmons.edu before you proceed with username and password — **Any** other site is not Simmons login page.

Sharkpass/DUO Do’s and Don’t

January 25, 2022Special News, TechNews202201, Cybersecurity, Duo, Information Security, SharkPassito0

While Sharkpass/DUO gives us an edge against cybercriminals, it is not foolproof. Imposter login websites often include a false DUO page and ask for you to input a code from your DUO mobile app. Doing so gives up your account to thieves who then have access to your personal information and the ability to direct your paychecks or refunds away from your bank account. Simmons Sharkpass/DUO page will also only begin with “idp.simmons.edu.”

What else you should and shouldn’t do

January 25, 2022Special News, TechNews202201, Cybersecurity, idp.simmons.edu, Information Securityito0

Change your password regularly.
Report phishing messages you receive in the Gmail menu with “Report Phishing”
Don’t forward phishing messages to anyone. Friends and colleagues can fall victim too.
Consider using Gmail’s mobile apps on iPhone and Android instead of the provided mail apps. Gmail’s app presents warnings about suspicious messages and allows you to report phishing messages.
Don’t click on links or download attachments from messages you are not expecting.

Remember, real Simmons sites start with “idp.simmons.edu!”