Tag Archives: Cybersecurity

Annual Password Changes are Coming

January 24, 2024TechNews2024, 202401, Annual Password Change, Cybersecurity, Password Changeito0

Changing passwords regularly is a good practice for maintaining digital security. Simmons is moving towards an annual password change requirement. If you haven’t changed your password in the last year, please consider doing so now. Test your password strength and follow these instructions.

Security Against Unauthorized Access: Regularly changing passwords reduces the risk of unauthorized access to your accounts. If someone gains access to your password, changing it promptly can prevent continued unauthorized use.

Don’t re-use passwords: Using unique passwords for each site localizes the risk in the event of a password breach. Cybercriminals often use credential stuffing attacks, where they use leaked username and password combinations to gain unauthorized access to multiple accounts.

Password Complexity: Changing passwords provides an opportunity to update and strengthen the complexity of passwords. This includes using a combination of uppercase and lowercase letters, numbers, and special characters, making it harder for attackers to guess or crack passwords. Avoid patterns (qwerty, 12345, abcdefg, etc.), and passwords that are easy to guess (Simmons2024!).

Preventing Identity Theft: Regularly updating passwords is a proactive measure against identity theft. If your login credentials are stolen, changing the password promptly can prevent criminals from using your identity for malicious purposes.

December’s Cybersecurity Focus: Charity and Disaster scams

December 8, 2023TechNews202312, Charity and Disaster Scams, Charity Scam, Charity Scammers, Cybersecurity, Cybersecurity Tipsito0

Are you following the Israel-Gaza crisis in the news and want to help by donating to a charity? Scammers follow the news, too, and are at the ready. Just like in the wake of a natural disaster, scammers set up fake charities and fake websites to take advantage of your generosity. Here’s how to avoid charity scams and make sure your donation counts.

First, slow down and take some time to research and plan before you donate to make sure your money helps real people in need and not the charity scammers.

Here’s where to start:

Donate to charities you know and trust with a proven track record with responding to a humanitarian crisis.
Research the organization — especially if the donation request comes on social media. Search the name plus “complaint,” “review,” “rating,” or “scam.” And check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or Candid. If the message was from a friend, ask them if they know the organization themselves. Find out exactly how much of every dollar you donate goes directly to the charity’s beneficiaries.
Be cautious about giving to individuals on crowdfunding sites. Some scammers pretend to be concerned citizens collecting for a cause but their true intentions are to pocket your money rather than give it to the cause. Giving to someone you personally know and trust is safest. Review the platform’s policies and procedures. Some crowdfunding sites will check out postings asking for help after a humanitarian crisis to confirm they’re legit. Others don’t.
Donate money rather than goods unless you confirm what’s needed. If you want to send goods like clothing or supplies, it’s a good idea to confirm with the charity what items they are collecting.
Don’t donate to anyone who insists you pay by cash, gift card, wiring money, or cryptocurrency. That’s how scammers tell you to pay. If you decide to donate, pay by credit card, which gives you more protections.
Confirm the number before you text to donate. Go straight to the charity to confirm the number. If it’s not their number, use a number you know is real or go to the charity’s website to donate.

To learn more, go to ftc.gov/charity. Source: https://consumer.ftc.gov/consumer-alerts/2023/10/safely-donating-response-israel-gaza-crisis

Phishing, Rogue Sharkpass/DUO pushes, and Job scams

November 10, 2023TechNews20231110, Cybersecurity, Cybersecurity Tips, Cybersecurity Training, Duo, Phishing Email, Phising, SharkPassito0

A “wolf in sheep’s clothing”: someone or something that seems to be good but is actually not good at all

Some of you may have received a Phishing Email with the subject “A file has been shared with you”, or something similar. This email “appears” to be coming from someone within Simmons or even from an external email address. Clicking the link brings the victim to a web page that looks like an official-looking webpage and asks them to enter their username and password. Once that information has been entered on the webpage it is captured by the cyber criminals.

Almost immediately following, the cybercriminals attempt to login to Simmons’s email and systems with the stolen credentials and the victim will receive a Duo authentication request known as a “Rogue Push”, meaning one that was not requested. If the victim approves the Duo request, then the cybercriminals are allowed in. Think before you click!

The Job Scam is intended to steal money from the victim in one of two ways. The first is that they ask for personal information plus a bank name. They will then send an official looking email from that bank asking the victim to confirm details and maybe to reset a PIN code. The scammers will try to use this information to login to the bank account and withdraw money. The second way is to send the victim a paycheck in advance with instructions to use that check to purchase supplies or a computer from their vendor. The victim purchases these items before the bank has time to clear the deposited check. The fake check will bounce and the victim is left responsible for the purchases. Other variations of this scam have involved sending cryptocurrency such as bitcoin to the scammers.

As phishing and job scams targeting higher education persist, vigilance is key. Carefully inspect unsolicited emails and do not click links or provide information without verifying legitimacy first. Report suspect message as phishing in Gmail. Research employers thoroughly when job hunting and avoid requests for upfront fees or personal details. Never provide banking information. Stay alert and contact the IT help desk with any online safety concerns. Using caution and common sense are our best defenses against those looking to take advantage.

See Yourself in Cyber. #BeCyberSmart.

October 12, 2023Special News, TechNews#BeCyberSmart, 20231012, BeCyberSmart, Cybersecurity, CybersecurityAwarenessMonthito0

Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school.

4 Things You Can Do to #BeCyberSmart

Enable Multi-Factor Authentication (Learn more about SharkPass/Duo at Simmons)
Use Strong Passwords (Learn more in our Information Security Policy)
Recognize and Report Phishing (Visit the phishing information website)
Update Your Software (Read more about how to check for software updates on your MacOS, Windows, Android, or iOS device)

Security Awareness Training and Phishing Tests

October 12, 2023Special News, TechNews20231012, Cybersecurity, Cybersecurity Training, CybersecurityAwarenessMonth, Employee Training, Phishing Testsito0

One of the ways we can protect ourselves is through security training on a regular basis. This reinforces our knowledge of cybersecurity over time and becomes part of our subconscious defense behavior. Beginning in November, we will make short learning videos available on a monthly basis for people to review. After that, it’s time to test our Phishing skills and apply what we have learned in the form of fake Phishing emails. Can you spot the Phish?