Tag Archives: Cybersecurity

What we’ll be doing

Special News, TechNews, , , ,

Simmons Technology continues to review recent incidents and take actions that make our infrastructure safer and less appealing to cybercriminals but there isn’t much we can do if you give away your credentials online.  In an effort to make our login process more secure, we will be doing the following in the near future:

  • Removing DUO mobile passcode, phone callback, and SMS passcode features from Sharkpass/DUO.  Logging in will require utilizing a “Push” to your mobile device.  
  • For those unable to use the DUO Push notification on their mobile app, hardware tokens and security keys will be made available.
  • Implementing a mandatory password reset for the community.  

We realize these measures will cause a small change in the way some of us work and utilize Simmons resources.  We are confident that after a brief adjustment, all will be able to adapt and aid in helping create a safer online environment.  Please stay tuned for more information about these upcoming information security changes.  And please reach out to me or the Technology Service Desk ([email protected] or 617-521-2222) with any questions or concerns.

Thank you,

David Bruce
Vice President, CIO
Simmons University

October is CyberSecurity Awareness Month

TechNews, , ,

Do Your Part. #BeCyberSmart.

Cybersecurity & Infrastructure Security Agency LogoPhishing and social engineering campaigns are the #1 source of ransomware and other malware1. Reduce your chances of your falling victim to phishing attacks!

  • Update your passwords. Consider using the longest password possible. Be creative and customize your passwords for different websites. Use a password manager to keep track of them.
  • Enable two-factor authentication on your accounts where available.
  • Limit the information you post on social media. Cybercriminals use public information to know you better, so be sure to keep personal information safe from strangers.
  • Keep track of your apps. Make sure your apps are up-to-date and check your app permissions.
  • Update your computer and mobile devices.
  • Make sure your antivirus is up-to-date and running.
  • Stay protected while connected. Only connect to legitimate wireless hotspots. Avoid sensitive activities on public networks and only use sites that begin with “https://” when shopping or banking online.
  • If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Did you know….?

TechNews, , ,

According to data breach statistics from 2019…

  • 80% of cyber attacks involved stolen credentials (logins & passwords)
  • 58% of breaches involved personally identifiable information
  • 28% of breaches reported were from the Educational Services Industry
  • 94% of malware is delivered by email
  • 48% of malicious email attachments are office files
  • $3.9 million is the average cost of a data breach
  • $150 the average cost per record stolen
  • 17 million is the average number of files that an employee has access to

Account Icon made by monkik from www.flaticon.com

What Can I Do?

TechNews, , ,

Change Your Passwords.
Use complex passwords and don’t reuse passwords between your accounts! Turn-on multi-factor authentication whenever possible

Think Twice About Sharing Information.
Receive a suspicious phone call from “Tech Support”?
Your supervisor asking you to buy a gift-card because it’s an “emergency”? Never send sensitive information to people over email. No one should be asking for your password.

Beware of Links.
Check that website address before clicking the link, and don’t download attachments that you weren’t expecting. This includes links from text messages. If it looks odd, don’t click it.

Keep up-to-date; Install antivirus
Do not put-off updating those apps, especially on your phone. There could be important security updates that you are missing! Also remember to install antivirus on your own computer and keep it up to date.

Delete or unsubscribe from unused applications or subscriptions.
If you aren’t using that app, it’s probably outdated. Consider getting rid of it! Unsubscribe from mailing lists or cancel unused application subscriptions to reduce the clutter and minimize your risk profile.

See Something Say Something.
If something doesn’t look right, report it!

Secure Icon made by Alfredo Hernandez from www.flaticon.com

What Data Goes Where?

TechNews, , ,

Be mindful of the data that you collect and be careful where you save that sensitive information!  Simmons grades data on a 4-point scale based on it’s risk.

Restricted is our the MOST SENSITIVE type of data and consists of:

  • Name, Address, Telephone

AND

  • Social security number or taxpayer ID
  • Financial account, credit or debit card
  • Financial/salary data
  • Driver’s license number
  • Date of birth
  • Medical or health information (e.g. HIPAA)

Refer to the Simmons Data Classification Policy on the proper ways to store and transmit sensitive files.  Regularly review who has access to your data and clean-up your authorized apps list.   Avoid the temptation to download and work on sensitive documents on your personal devices.

Secure Icon made by Alfredo Hernandez from www.flaticon.com

Social Engineering

TechNews, , ,

What is Social Engineering?
Social engineering is a type of cyberattack that uses psychological manipulation to convince victims into performing actions or disclosing information.

Beware of Imposters!
An attacker may pretend to be someone else, either by phone, in-person, or via email, in order to solicit financial or personal details, or to ask that you take some action, such as completing a financial transaction or providing remote access to a computer.

It is common for attackers to impersonate tech support, charitable organizations, government agencies, banks/financial institutions, even your friends/family/coworkers!

Remember, the “From:” in an email is just like a return address on a postcard and can be forged. Be wary of interactions from people you think you know asking for gift-cards, passwords, or other personal information.  Also, be wary of any free offers, if it’s too good to be true, it probably is!

Unprecedented times…
Fraudulent activity is up 600% since COVID-19!

Phishing Icon made by Smashicons from www.flaticon.com

Who Can I Contact?

TechNews, , ,

To report a Cybersecurity Incident, please contact:

Simmons Technology ServiceDesk
[email protected]

For more information about Information Security at Simmons including consultation on alignment of business processes with our Information Security policies please contact:

Richard Phung
Information Security Analyst
[email protected]

References
https://www.cisa.gov/national-cyber-security-awareness-month
https://enterprise.verizon.com/resources/reports/dbir/
https://www.ibm.com/security/data-breach
https://www.varonis.com/2019-data-risk-report/

Online Information Security Training Now Available

TechNews, , ,

securing-the-human-newsInformation security is a complex and constantly evolving topic. Threats to the security of the Simmons network and our data, as well as your personal data, change every day. Fortunately, there are steps you can take to stay secure and to prevent most common causes of unauthorized access to your information.

To help you better understand current threats to information security and the resources available to you, Simmons Technology is providing access to a short, video-based security awareness course called Securing the Human. Topics covered include: an overview of how criminals gain unauthorized access to data, staying safe when browsing and using email, securing your mobile device, tips for using social media safely, and keeping personal information secure on our network and in the cloud.

The course consists of 2-5 minute video sessions and takes about an hour to complete. It is available online at any time to faculty and staff.Completion of the training is necessary for compliance with Massachusetts Standards for the Protection of Personal Information, and we encourage you to do so at your earliest convenience.

You should have received an email recently notifying you that your account has been created and containing a link to the training. If you do not have this email, you can also access the training directly by visitingsso.securingthehuman.org/simmons and signing in with your Simmons username and password. If you have any problems accessing or completing the training, please contact the Service Desk at 617-521-2222.

Enhancing Data Security and Protecting Sensitive Information

TechNews, , , , ,

laptop_newsletterRecently, there have been several high-profile cases in which colleges’ sensitive information has been made publicly available via cyber attacks, phishing scams, or internal error. These data breaches have taken a reputational and financial toll on Boston University, the University of Maryland, and Indiana University, and exposed the data of more than 450,000 students and employees.

We’d like to take this opportunity to remind you to be aware of unlawful attempts to access your data, and to communicate a change we’ve instituted to make some Simmons websites more readily identifiable.

Phishing scams are attempts to obtain confidential information using emails, websites, and even phone calls that appear to be from a trusted source. Often, phishing emails mask the “from” address to create the appearance that they’ve been sent by a colleague or friend, or as an alert from your bank. Links included in these emails will direct you to websites that look very much like the sites for services you use and will ask you to enter your username and password or other personal information.

Recent widespread examples of phishing scams have affected Gmail and Bank of America. While some scams are very sophisticated, there are a few things you can do to stay safe.

First, do not click links in emails that appear to be suspicious and never respond to an email requesting sensitive information. If an email contains suspicious links or requests for information from a trusted source, navigate to their website manually (instead of clicking a link) or call them to verify the request.

When visiting secure websites, check the address bar in your web browser to make sure it matches what you’re seeing on-screen. For example, all secure website addresses at Simmons begin with https:// and end with the .simmons.edu domain.

To help make our secure websites more easily identifiable, we’ve introduced visual identifiers for login.simmons.edu and connection.simmons.edu. If you see green on the left side of the address bar along with the text “Simmons College (US),” you’re in the right place.

ev_cert_examples

Finally, remember that a trusted source, such as Simmons College, will never ask for your password or other personal information via email or phone. If you’re unsure about the validity of an email or website, you can always contact the Service Desk at 617-521-2222 for help.