Tag Archives: Information Security

Password Reset

TechNews, , ,

Icon for Password ResetSimmons Technology is requiring a mandatory password change for all members of the community.  Regularly changing your password is a necessary step toward keeping Simmons and your personal information secure. 

When you update your password, you will also be required to review and acknowledge our Information Security Policy and Acceptable Use Policy.

You can find instructions for changing your password on the Service Desk website.

Please reset your password by July 11, 2022  to avoid any disruption accessing your Simmons account.  Please contact the Technology Service Desk for more information or assistance.

Icons made by Freepik from www.flaticon.com

Ongoing Security Concerns

Special News, TechNews, ,

Many institutions of higher learning are falling prey to an increasing number of phishing attacks.  Simmons is no exception.  Phishing attacks have soared 220%1 since the beginning of the pandemic.  Despite our active monitoring efforts and alerts to the community, too many of us still fall victim.  Breaches of Simmons login credentials this month have resulted in compromised computers used to send even more phishing messages and most recently unlawful access to Workday where banking information was exposed and in one case changed.  Giving up your password to a phishing site has serious consequences.

1https://www.f5.com/company/news/features/phishing-attacks-soar-220–during-covid-19-peak-as-cybercriminal

Sharkpass/DUO Do’s and Don’t

Special News, TechNews, , , ,

While Sharkpass/DUO gives us an edge against cybercriminals, it is not foolproof.  Imposter login websites often include a false DUO page and ask for you to input a code from your DUO mobile app.  Doing so gives up your account to thieves who then have access to your personal information and the ability to direct your paychecks or refunds away from your bank account.  Simmons Sharkpass/DUO page will also only begin with “idp.simmons.edu.”

What else you should and shouldn’t do

Special News, TechNews, , ,
  • Change your password regularly.
  • Report phishing messages you receive in the Gmail menu with “Report Phishing”
  • Don’t forward phishing messages to anyone. Friends and colleagues can fall victim too.
  • Consider using Gmail’s mobile apps on iPhone and Android instead of the provided mail apps.  Gmail’s app presents warnings about suspicious messages and allows you to report phishing messages.
  • Don’t click on links or download attachments from messages you are not expecting.

Remember, real Simmons sites start with idp.simmons.edu!”

What we’ll be doing

Special News, TechNews, , , ,

Simmons Technology continues to review recent incidents and take actions that make our infrastructure safer and less appealing to cybercriminals but there isn’t much we can do if you give away your credentials online.  In an effort to make our login process more secure, we will be doing the following in the near future:

  • Removing DUO mobile passcode, phone callback, and SMS passcode features from Sharkpass/DUO.  Logging in will require utilizing a “Push” to your mobile device.  
  • For those unable to use the DUO Push notification on their mobile app, hardware tokens and security keys will be made available.
  • Implementing a mandatory password reset for the community.  

We realize these measures will cause a small change in the way some of us work and utilize Simmons resources.  We are confident that after a brief adjustment, all will be able to adapt and aid in helping create a safer online environment.  Please stay tuned for more information about these upcoming information security changes.  And please reach out to me or the Technology Service Desk ([email protected] or 617-521-2222) with any questions or concerns.

Thank you,

David Bruce
Vice President, CIO
Simmons University

Phone and Email Scams on the Rise

TechNews, , , ,

Image of fishing hook with noteScams targeting students are being reported from local universities.  Phishers and imposters, disguised as employers and government officials, are tricking students into handing over money. Some of the scams may offer a job opportunity or threaten the recipient with prosecution from a foreign government.

Beware of messages that:

  • Do not clearly identify themselves or their company
  • Come from an email address that does not match the company’s domain
  • Do not give full contact information such as the title of sender, the company’s physical address, or phone number.
  • Make too good to be true offers with no strings attached
  • Ask to pay an upfront fee or asks you to transfer money for them
  • Ask to give your credit card or bank account numbers
  • Ask to send copies of personal documents

Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.

If you have any questions or concerns about keeping safe from phishing attacks and scammers, contact Technology’s Information Security Analyst, [email protected].

Phishing Icon made by Smashicons from www.flaticon.com

Information Security

TechNews, ,

With the beginning of the new academic year, cybercriminals are hard at work. Phishing attacks are up by 11% over last year and ransomware makes up 10% of data breaches in 2021, more than twice that of 20201. Luckily there are some healthy security practices that we all can take to reduce risk:

  • Beware of email messages urgently requesting personal information. Look out for fake logos, signatures, or suspicious sender email addresses.
  • Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date.
  • Think twice before clicking links or opening attachments.
  • Protect your passwords and use different passwords for your work, school, and personal accounts.
  • When visiting campus, do not leave your personal belongings unattended. 
  • Enable your lock-screen and find-my-phone where available.
  • Delete sensitive information if you no longer require it.
  • See something, say something. Report suspicious activity or suspected scams.

Please contact Richard Phung, Information Security Analyst, [email protected] or the Service Desk for more information or assistance.

Fraudulent Student Employment Advisory

TechNews, ,

Colleges and universities in the area have received reports of fraudulent employment scams targeting students at their respective schools.  Scammers are falsely representing themselves as educators looking for research assistants.  It is reported that once students agree to the employment, they are instructed to perform a variety of tasks such as purchasing gift cards and forwarding redemption codes or sending money directly through digital payment apps.

Pay close attention to employment offers where an email or job posting:

  • Does not clearly indicate the company name
  • Comes from an email address that does not match the company’s email address format
  • Does not give the employer’s contact information such as the title of person sending the email, the company address, phone number, etc.
  • Offers a job with little interaction
  • Asks to pay an application fee or asks you to transfer money from one account to another
  • Asks to give your credit card or bank account numbers
  • Asks to send copies of personal documents

Remember: DO NOT provide any personal information, especially Social Security numbers or financial information without verifying the identity of the recipient.

If you think that you have been contacted in relation to a scam of this nature, or have fulfilled requests of a suspicious nature, please contact Technology’s Information Security Analyst, [email protected], or call Public Safety at 617-521-1112.
Icon made by Smashicons from www.flaticon.com

Information Security Awareness Training

TechNews, , , ,
Picture of Shield

Cybersecurity incidents can have a significant impact on an organization. In 2019, the average cost of a data breach was $3.9 million! We all must do our part to reduce information security risks and protect our information. Ongoing employee information security awareness training is a requirement of Massachusetts protection of personal information regulations (201 CMR 17.00). 

Beginning in the new year, Simmons Technology will be offering security awareness training on “Remote Work Safety.”  Don’t miss-out!  Morning and afternoon sessions will be provided:

  • Monday, Feb 22, 2021 10:00 AM + 2:00 PM
  • Tuesday, Feb 23, 2021 10:00 AM + 2:00 PM
  • Wednesday, Feb 24, 2021 10:00 AM + 2:00 PM

Register TODAY! All are welcome to attend.
https://simmons.zoom.us/meeting/register/tJMpd-qvqz4jG9GUJ-gqqu-OzGLCz13vWW2M

If none of these dates or times work for you or your office, no problem.  Simmons Security Analyst [email protected] can schedule a time that works for you or your group.

Simmons Technology appreciates your cooperation in our effort to improve the overall security of University data. To read more about information security and the handling of sensitive information visit our Information Security page: infosec.simmons.edu

Please contact [email protected] if you have any questions or feedback.