Tag Archives: CybersecurityAwarenessMonth

Phishing and Social Engineering

Special News, TechNews, , , ,

Phishing and social engineering campaigns are the #1 source of ransomware and other malware[1].
Phishing is a type of cybersecurity attack where malicious actors send messages pretending to be a trusted person. Social Engineering is the psychological manipulation of people into performing actions like installing malicious software, clicking a malicious link, or divulging sensitive information.

Reduce your chances of your falling victim to phishing attacks!

Beware of messages that:

  • Do not clearly identify themselves or their company
  • Come from an email address that does not match the company’s domain
  • Do not give full contact information such as the title of sender, the company’s physical address, or phone number
  • Make too good to be true offers with no strings attached
  • Ask to pay an upfront fee or asks you to transfer money for them
  • Ask to give your credit card or bank account numbers
  • Ask to send copies of personal documents
  • Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.

If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Beware of Disaster Scams

Special News, TechNews, , , ,

Remain vigilant for scams particularly related to disasters and other current events. Recent phishing campaigns include emails with attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with Hurricane Ian-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Hurricane Ian relief efforts.

In general, avoid clicking links in unsolicited emails, never reveal personal or financial information in email and do not respond to solicitations for this type of information. Always verify the sender of email messages.

For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to Simmons Information Security Officer, Richard Phung, or the Technology Service Desk.

Upcoming Sharkpass Duo Updates

Special News, TechNews, , , , , , ,
Example of a new Duo Push

Simmons Technology will be updating Duo Security — the technology behind Simmons Sharkpass — to the Universal Prompt which will affect the look-and-feel of logging into Simmons resources. 

After this change, a redesigned prompt will be presented to users at the time they login providing a sleeker, more simplified interface. 


Stay tuned! More details to be announced soon.

October is CyberSecurity Awareness Month

TechNews, , ,

Do Your Part. #BeCyberSmart.

Cybersecurity & Infrastructure Security Agency LogoPhishing and social engineering campaigns are the #1 source of ransomware and other malware1. Reduce your chances of your falling victim to phishing attacks!

  • Update your passwords. Consider using the longest password possible. Be creative and customize your passwords for different websites. Use a password manager to keep track of them.
  • Enable two-factor authentication on your accounts where available.
  • Limit the information you post on social media. Cybercriminals use public information to know you better, so be sure to keep personal information safe from strangers.
  • Keep track of your apps. Make sure your apps are up-to-date and check your app permissions.
  • Update your computer and mobile devices.
  • Make sure your antivirus is up-to-date and running.
  • Stay protected while connected. Only connect to legitimate wireless hotspots. Avoid sensitive activities on public networks and only use sites that begin with “https://” when shopping or banking online.
  • If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Did you know….?

TechNews, , ,

According to data breach statistics from 2019…

  • 80% of cyber attacks involved stolen credentials (logins & passwords)
  • 58% of breaches involved personally identifiable information
  • 28% of breaches reported were from the Educational Services Industry
  • 94% of malware is delivered by email
  • 48% of malicious email attachments are office files
  • $3.9 million is the average cost of a data breach
  • $150 the average cost per record stolen
  • 17 million is the average number of files that an employee has access to

Account Icon made by monkik from www.flaticon.com

What Can I Do?

TechNews, , ,

Change Your Passwords.
Use complex passwords and don’t reuse passwords between your accounts! Turn-on multi-factor authentication whenever possible

Think Twice About Sharing Information.
Receive a suspicious phone call from “Tech Support”?
Your supervisor asking you to buy a gift-card because it’s an “emergency”? Never send sensitive information to people over email. No one should be asking for your password.

Beware of Links.
Check that website address before clicking the link, and don’t download attachments that you weren’t expecting. This includes links from text messages. If it looks odd, don’t click it.

Keep up-to-date; Install antivirus
Do not put-off updating those apps, especially on your phone. There could be important security updates that you are missing! Also remember to install antivirus on your own computer and keep it up to date.

Delete or unsubscribe from unused applications or subscriptions.
If you aren’t using that app, it’s probably outdated. Consider getting rid of it! Unsubscribe from mailing lists or cancel unused application subscriptions to reduce the clutter and minimize your risk profile.

See Something Say Something.
If something doesn’t look right, report it!

Secure Icon made by Alfredo Hernandez from www.flaticon.com

What Data Goes Where?

TechNews, , ,

Be mindful of the data that you collect and be careful where you save that sensitive information!  Simmons grades data on a 4-point scale based on it’s risk.

Restricted is our the MOST SENSITIVE type of data and consists of:

  • Name, Address, Telephone

AND

  • Social security number or taxpayer ID
  • Financial account, credit or debit card
  • Financial/salary data
  • Driver’s license number
  • Date of birth
  • Medical or health information (e.g. HIPAA)

Refer to the Simmons Data Classification Policy on the proper ways to store and transmit sensitive files.  Regularly review who has access to your data and clean-up your authorized apps list.   Avoid the temptation to download and work on sensitive documents on your personal devices.

Secure Icon made by Alfredo Hernandez from www.flaticon.com

Social Engineering

TechNews, , ,

What is Social Engineering?
Social engineering is a type of cyberattack that uses psychological manipulation to convince victims into performing actions or disclosing information.

Beware of Imposters!
An attacker may pretend to be someone else, either by phone, in-person, or via email, in order to solicit financial or personal details, or to ask that you take some action, such as completing a financial transaction or providing remote access to a computer.

It is common for attackers to impersonate tech support, charitable organizations, government agencies, banks/financial institutions, even your friends/family/coworkers!

Remember, the “From:” in an email is just like a return address on a postcard and can be forged. Be wary of interactions from people you think you know asking for gift-cards, passwords, or other personal information.  Also, be wary of any free offers, if it’s too good to be true, it probably is!

Unprecedented times…
Fraudulent activity is up 600% since COVID-19!

Phishing Icon made by Smashicons from www.flaticon.com

Who Can I Contact?

TechNews, , ,

To report a Cybersecurity Incident, please contact:

Simmons Technology ServiceDesk
[email protected]

For more information about Information Security at Simmons including consultation on alignment of business processes with our Information Security policies please contact:

Richard Phung
Information Security Analyst
[email protected]

References
https://www.cisa.gov/national-cyber-security-awareness-month
https://enterprise.verizon.com/resources/reports/dbir/
https://www.ibm.com/security/data-breach
https://www.varonis.com/2019-data-risk-report/