Tag Archives: Cybersecurity

21st annual Cybersecurity Awareness Month

Special News, TechNews, , , ,

Greetings Simmons Community,

As we enter October, we celebrate the 21st annual Cybersecurity Awareness Month. This year’s theme, “Secure Our World,” emphasizes the importance of daily actions to reduce online risks. As your Information Security Officer, I’m committed to fostering a secure digital environment for our entire university community.

Focus on the Human Element

This year, we’re highlighting the crucial role each individual plays in cybersecurity. By making smart decisions online, whether at work, home, or school, we can collectively enhance our digital safety.

Four Key Actions to Enhance Your Cybersecurity

  1. Enable Multi-Factor Authentication (MFA) Utilize SharkPass/Duo to add the extra layer of security provided to you for Simmons accounts to other third-party accounts.
  1. Use Strong Passwords Create unique, complex, strong passwords for all accounts. Consider using a password manager for added security.
  1. Recognize and Report Phishing Stay vigilant against unsolicited messages requesting personal information. Report suspicious emails to Technology.
  1. Update Your Software Regularly Ensure all your devices have the latest security patches and updates.

Cybersecurity in Education

Simmons University is proud to be designated as a Center for Academic Excellence in Cybersecurity Education by the NSA. This recognition underscores our commitment to preparing students for the evolving cybersecurity landscape. This prestigious recognition places Simmons among a select group of institutions nationwide dedicated to reducing vulnerabilities in national information infrastructure.

Stay Safe During Election Season

As we approach the 2024 election, it’s essential to be vigilant about cybersecurity. Here are key strategies to protect yourself:

Verify Voter Registration Sites

  • Check for Official Domains: Always look for .gov endings.
  • Go Directly to State Websites: Avoid clicking on links; use trusted sources like Vote.org.

Avoid Donation Scams

  • Use Trusted Platforms: Donate through ActBlue for Democrats and WinRed for Republicans.
  • Be Cautious with Informal Methods: Avoid sending donations via messaging apps.

Spot Misleading Political Ads

  • Check the Source: Look for credible references in ads.
  • Cross-Verify Claims: Use trusted news outlets to confirm information.

Navigate Social Media Safely

  • Fact-Check Surprising Claims: Use reliable sources like FactCheck.org.
  • Be Careful with Sharing: Avoid spreading unverified posts.

Protect Against Phishing

  • Be Wary of Unsolicited Messages: Don’t click links or download attachments from unknown senders.
  • Report Suspicious Emails: Notify Technology.

By practicing these strategies, you can help create a safer online environment during this critical election period.

Remember, cybersecurity is a shared responsibility. By working together, we can create a safer digital environment for our entire Simmons community.

Stay secure, 

Kristen Howard 

Simmons Information Security Officer

Information Security and Phishing

TechNews, , ,

For the fall of 2024, it is expected that approximately 20.7 million students will attend U.S. universities. This influx of students, faculty, and staff returning for the academic year presents increased opportunities for cybercriminals, who often exploit the busy start of the school year to launch their attacks​ (EdTech Magazine)​ (Proofpoint).

Phishing Attacks: Phishing attacks continue to be a significant threat, accounting for 36% of all data breaches in 2023. Currently, about 1.2% of all emails sent globally, which equates to nearly 3.4 billion emails per day, are malicious. This makes phishing one of the most prevalent cybersecurity threats, with educational institutions being particularly vulnerable due to their large and varied user bases​ (Proofpoint)​ (Pixel Privacy).

Protective Measures: To mitigate the risk of falling victim to these attacks, it is crucial to adopt robust cybersecurity practices:

  1. Be cautious of emails claiming urgency.
  2. Verify the sender’s email address.
  3. Watch for suspicious logos, signatures, or content.
  4. Check URLs before clicking; ensure they lead to official, encrypted sites.
  5. Think twice before opening attachments or clicking on links.
  6. Use different passwords for work, school, and personal accounts, and keep them secure.
  7. Regularly update devices, apps, browsers, and antivirus software.
  8. Delete sensitive information that is no longer needed.
  9. Backup your files regularly.

Common Scams Targeting Students: College students should be aware of common scams, including:

  • Fake emails offering “Part-Time” work.
  • Fake emails with “important information about your account” or issues with registration.
  • Tech support scams claiming issues with your computer.
  • Fake scholarship or textbook rental scams.
  • IRS scams demanding payment for a fake “federal student tax.”
  • Tuition reimbursement or student debt cancellation scams.
  • Requests for login information, passwords, or personal data.
  • Fake friend requests and misleading messages about shared documents.

These precautions and awareness can help protect against the growing wave of phishing and other cyberattacks targeting educational institutions and their communities​ (Pixel Privacy)​ (identitytheft).

Annual Password Changes are Coming

TechNews, , , ,

Changing passwords regularly is a good practice for maintaining digital security.  Simmons is moving towards an annual password change requirement.  If you haven’t changed your password in the last year, please consider doing so now.  Test your password strength and follow these instructions.

Security Against Unauthorized Access:  Regularly changing passwords reduces the risk of unauthorized access to your accounts.  If someone gains access to your password, changing it promptly can prevent continued unauthorized use.

Don’t re-use passwords:  Using unique passwords for each site localizes the risk in the event of a password breach.  Cybercriminals often use credential stuffing attacks, where they use leaked username and password combinations to gain unauthorized access to multiple accounts.

Password Complexity:  Changing passwords provides an opportunity to update and strengthen the complexity of passwords.  This includes using a combination of uppercase and lowercase letters, numbers, and special characters, making it harder for attackers to guess or crack passwords.  Avoid patterns (qwerty, 12345, abcdefg, etc.), and passwords that are easy to guess (Simmons2024!).

Preventing Identity Theft:  Regularly updating passwords is a proactive measure against identity theft.  If your login credentials are stolen, changing the password promptly can prevent criminals from using your identity for malicious purposes.

December’s Cybersecurity Focus: Charity and Disaster scams

TechNews, , , , ,

Are you following the Israel-Gaza crisis in the news and want to help by donating to a charity? Scammers follow the news, too, and are at the ready. Just like in the wake of a natural disaster, scammers set up fake charities and fake websites to take advantage of your generosity. Here’s how to avoid charity scams and make sure your donation counts.

First, slow down and take some time to research and plan before you donate to make sure your money helps real people in need and not the charity scammers.

Here’s where to start:

  • Donate to charities you know and trust with a proven track record with responding to a humanitarian crisis.
  • Research the organization especially if the donation request comes on social media. Search the name plus “complaint,” “review,” “rating,” or “scam.” And check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or Candid. If the message was from a friend, ask them if they know the organization themselves. Find out exactly how much of every dollar you donate goes directly to the charity’s beneficiaries.
  • Be cautious about giving to individuals on crowdfunding sites. Some scammers pretend to be concerned citizens collecting for a cause but their true intentions are to pocket your money rather than give it to the cause. Giving to someone you personally know and trust is safest. Review the platform’s policies and procedures. Some crowdfunding sites will check out postings asking for help after a humanitarian crisis to confirm they’re legit. Others don’t.
  • Donate money rather than goods unless you confirm what’s needed. If you want to send goods like clothing or supplies, it’s a good idea to confirm with the charity what items they are collecting.
  • Don’t donate to anyone who insists you pay by cash, gift card, wiring money, or cryptocurrency. That’s how scammers tell you to pay. If you decide to donate, pay by credit card, which gives you more protections.
  • Confirm the number before you text to donate. Go straight to the charity to confirm the number. If it’s not their number, use a number you know is real or go to the charity’s website to donate.

To learn more, go to ftc.gov/charity. Source: https://consumer.ftc.gov/consumer-alerts/2023/10/safely-donating-response-israel-gaza-crisis

Phishing, Rogue Sharkpass/DUO pushes, and Job scams

TechNews, , , , , , ,
A “wolf in sheep’s clothing”: someone or something that seems to be good but is actually not good at all

Some of you may have received a Phishing Email with the subject “A file has been shared with you”, or something similar.  This email “appears” to be coming from someone within Simmons or even from an external email address.  Clicking the link brings the victim to a web page that looks like an official-looking webpage and asks them to enter their username and password.  Once that information has been entered on the webpage it is captured by the cyber criminals.

Example of SharkPass

Almost immediately following, the cybercriminals attempt to login to Simmons’s email and systems with the stolen credentials and the victim will receive a Duo authentication request known as a “Rogue Push”, meaning one that was not requested.  If the victim approves the Duo request, then the cybercriminals are allowed in.  Think before you click!

The Job Scam is intended to steal money from the victim in one of two ways.  The first is that they ask for personal information plus a bank name.  They will then send an official looking email from that bank asking the victim to confirm details and maybe to reset a PIN code.  The scammers will try to use this information to login to the bank account and withdraw money.  The second way is to send the victim a paycheck in advance with instructions to use that check to purchase supplies or a computer from their vendor.  The victim purchases these items before the bank has time to clear the deposited check.  The fake check will bounce and the victim is left responsible for the purchases.  Other variations of this scam have involved sending cryptocurrency such as bitcoin to the scammers. 

Example email

As phishing and job scams targeting higher education persist, vigilance is key. Carefully inspect unsolicited emails and do not click links or provide information without verifying legitimacy first. Report suspect message as phishing in Gmail.  Research employers thoroughly when job hunting and avoid requests for upfront fees or personal details. Never provide banking information. Stay alert and contact the IT help desk with any online safety concerns. Using caution and common sense are our best defenses against those looking to take advantage.

See Yourself in Cyber. #BeCyberSmart.

Special News, TechNews, , , ,

Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school. 

4 Things You Can Do to #BeCyberSmart

Security Awareness Training and Phishing Tests

Special News, TechNews, , , , ,

One of the ways we can protect ourselves is through security training on a regular basis.  This reinforces our knowledge of cybersecurity over time and becomes part of our subconscious defense behavior.  Beginning in November, we will make short learning videos available on a monthly basis for people to review.  After that, it’s time to test our Phishing skills and apply what we have learned in the form of fake Phishing emails.  Can you spot the Phish?   

About Your Role

Special News, TechNews, , ,

When we say See Yourself in Cyber, we mean see yourself in cyber no matter what role you play. As an individual or consumer, take steps to protect your online information and privacy. Faculty, staff, and service providers can take ownership of their role by putting cybersecurity in place to prevent incidents while protecting the University’s brand and reputation. Administrators support critical operations and are a part of the network of functions and systems that others rely on.

Remember: your role plays an important part in ensuring cybersecurity for the larger ecosystem!

Information Security and Phishing

TechNews, , ,

Nearly 20 million students in the US are expected to attend universities this fall. 

This is an exciting time for Simmons as our students, faculty, and staff return for the academic year. Unfortunately, the return to school provides ample opportunities for cybercriminals who wish to take advantage of people during these particularly busy times.

Phishing attacks are once again on the rise, accounting for more than 20% of data breaches in 2021[1]. It is estimated that one in every 99 messages (1.2%)[2] is malicious which equates to nearly 3.4 billion fake emails per day.

Luckily there are some healthy security practices that we all can take to reduce risk:

  • Beware of email messages claiming to be of an urgent nature.
  • Pay attention to the sender of the email message.
  • Look out for fake logos, signatures, or suspicious message contents.
  • Check those URLs; only visit official, reputable websites with encryption.
  • Think twice before clicking links or opening attachments.
  • Protect your passwords and use different passwords for your work, school, and personal accounts.
  • Keep your machine clean. 
  • Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date.
  • Delete sensitive information if you no longer need it.
  • Back-up your files regularly. 

Be mindful of common scams targeting college students, including:

  • Emails that contain “important information about your Simmons account” or a “problem with your registration”
  • Tech Support scams where you get a call about a “problem with your computer”
  • Scholarship scams, textbook rental or book-buying scams.
  • IRS scams demanding money for a fake “federal student tax”
  • Tuition reimbursement or student debt cancellation scams
  • Messages asking for your login information, passwords, or other personal information
  • Fake friend requests, fake login pages, and fake DropBox or Google Docs share notices.

Thank you for your continued cooperation supporting your information security and online safety!  For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to the Technology Service Desk.  

[1] Verizon 2021 Data Breach Investigations Report (https://www.verizon.com/business/resources/reports/dbir/)
[2] Valimail Email Fraud Landscape Spring 2019 Report (https://valimail.docsend.com/view/qndhuhn)

Holiday Cybersecurity Tips

TechNews, , , ,

Picture of Fish Hook through a gift cardAs the holiday season is underway, Simmons Technology is reminding users to be cautious of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. These scams can come in the form of emails or ecards with malicious links, attachments infected with malware, or requests to support fraudulent charities or causes. It is important to remain vigilant and avoid clicking on unfamiliar links or providing personal information to untrustworthy sources.

It is important to take extra precautions to protect yourself against common online shopping scams. Here are some tips to stay safe:

  • Only shop on reliable websites from retailers you know and trust.
  • Avoid clicking on links in unsolicited emails and be wary of email attachments.
  • Never give out your financial or personal information via email or text.
  • Watch out for fake package tracking emails, fake ecards, and fake charity donation scams.
  • Look for “https://” in the address bar before entering your credit card information online.
  • Don’t auto-save your passwords or credit card numbers.
  • Regularly check your credit card and bank statements and report any discrepancies to your financial institution.
  • Use text alerts provided by your banking app or site to help detect unusual activity.
  • Pay with a credit card instead of a debit card, as credit cards offer protections that may reduce your liability if your information is used improperly.
  • Ignore pop-up offers and deals, and make sure your devices, apps, and anti-virus software are always up-to-date.
  • Protect your passwords by making them long and strong, never sharing them with anyone, and using two-factor or 2-step authentication whenever possible.

We encourage users to remain vigilant and stay safe during the holiday season.