Tag Archives: Information Security

21st annual Cybersecurity Awareness Month

Special News, TechNews, , , ,

Greetings Simmons Community,

As we enter October, we celebrate the 21st annual Cybersecurity Awareness Month. This year’s theme, “Secure Our World,” emphasizes the importance of daily actions to reduce online risks. As your Information Security Officer, I’m committed to fostering a secure digital environment for our entire university community.

Focus on the Human Element

This year, we’re highlighting the crucial role each individual plays in cybersecurity. By making smart decisions online, whether at work, home, or school, we can collectively enhance our digital safety.

Four Key Actions to Enhance Your Cybersecurity

  1. Enable Multi-Factor Authentication (MFA) Utilize SharkPass/Duo to add the extra layer of security provided to you for Simmons accounts to other third-party accounts.
  1. Use Strong Passwords Create unique, complex, strong passwords for all accounts. Consider using a password manager for added security.
  1. Recognize and Report Phishing Stay vigilant against unsolicited messages requesting personal information. Report suspicious emails to Technology.
  1. Update Your Software Regularly Ensure all your devices have the latest security patches and updates.

Cybersecurity in Education

Simmons University is proud to be designated as a Center for Academic Excellence in Cybersecurity Education by the NSA. This recognition underscores our commitment to preparing students for the evolving cybersecurity landscape. This prestigious recognition places Simmons among a select group of institutions nationwide dedicated to reducing vulnerabilities in national information infrastructure.

Stay Safe During Election Season

As we approach the 2024 election, it’s essential to be vigilant about cybersecurity. Here are key strategies to protect yourself:

Verify Voter Registration Sites

  • Check for Official Domains: Always look for .gov endings.
  • Go Directly to State Websites: Avoid clicking on links; use trusted sources like Vote.org.

Avoid Donation Scams

  • Use Trusted Platforms: Donate through ActBlue for Democrats and WinRed for Republicans.
  • Be Cautious with Informal Methods: Avoid sending donations via messaging apps.

Spot Misleading Political Ads

  • Check the Source: Look for credible references in ads.
  • Cross-Verify Claims: Use trusted news outlets to confirm information.

Navigate Social Media Safely

  • Fact-Check Surprising Claims: Use reliable sources like FactCheck.org.
  • Be Careful with Sharing: Avoid spreading unverified posts.

Protect Against Phishing

  • Be Wary of Unsolicited Messages: Don’t click links or download attachments from unknown senders.
  • Report Suspicious Emails: Notify Technology.

By practicing these strategies, you can help create a safer online environment during this critical election period.

Remember, cybersecurity is a shared responsibility. By working together, we can create a safer digital environment for our entire Simmons community.

Stay secure, 

Kristen Howard 

Simmons Information Security Officer

Information Security and Phishing

TechNews, , ,

For the fall of 2024, it is expected that approximately 20.7 million students will attend U.S. universities. This influx of students, faculty, and staff returning for the academic year presents increased opportunities for cybercriminals, who often exploit the busy start of the school year to launch their attacks​ (EdTech Magazine)​ (Proofpoint).

Phishing Attacks: Phishing attacks continue to be a significant threat, accounting for 36% of all data breaches in 2023. Currently, about 1.2% of all emails sent globally, which equates to nearly 3.4 billion emails per day, are malicious. This makes phishing one of the most prevalent cybersecurity threats, with educational institutions being particularly vulnerable due to their large and varied user bases​ (Proofpoint)​ (Pixel Privacy).

Protective Measures: To mitigate the risk of falling victim to these attacks, it is crucial to adopt robust cybersecurity practices:

  1. Be cautious of emails claiming urgency.
  2. Verify the sender’s email address.
  3. Watch for suspicious logos, signatures, or content.
  4. Check URLs before clicking; ensure they lead to official, encrypted sites.
  5. Think twice before opening attachments or clicking on links.
  6. Use different passwords for work, school, and personal accounts, and keep them secure.
  7. Regularly update devices, apps, browsers, and antivirus software.
  8. Delete sensitive information that is no longer needed.
  9. Backup your files regularly.

Common Scams Targeting Students: College students should be aware of common scams, including:

  • Fake emails offering “Part-Time” work.
  • Fake emails with “important information about your account” or issues with registration.
  • Tech support scams claiming issues with your computer.
  • Fake scholarship or textbook rental scams.
  • IRS scams demanding payment for a fake “federal student tax.”
  • Tuition reimbursement or student debt cancellation scams.
  • Requests for login information, passwords, or personal data.
  • Fake friend requests and misleading messages about shared documents.

These precautions and awareness can help protect against the growing wave of phishing and other cyberattacks targeting educational institutions and their communities​ (Pixel Privacy)​ (identitytheft).

Information Security and Phishing

TechNews, , ,

Nearly 20 million students in the US are expected to attend universities this fall. 

This is an exciting time for Simmons as our students, faculty, and staff return for the academic year. Unfortunately, the return to school provides ample opportunities for cybercriminals who wish to take advantage of people during these particularly busy times.

Phishing attacks are once again on the rise, accounting for more than 20% of data breaches in 2021[1]. It is estimated that one in every 99 messages (1.2%)[2] is malicious which equates to nearly 3.4 billion fake emails per day.

Luckily there are some healthy security practices that we all can take to reduce risk:

  • Beware of email messages claiming to be of an urgent nature.
  • Pay attention to the sender of the email message.
  • Look out for fake logos, signatures, or suspicious message contents.
  • Check those URLs; only visit official, reputable websites with encryption.
  • Think twice before clicking links or opening attachments.
  • Protect your passwords and use different passwords for your work, school, and personal accounts.
  • Keep your machine clean. 
  • Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date.
  • Delete sensitive information if you no longer need it.
  • Back-up your files regularly. 

Be mindful of common scams targeting college students, including:

  • Emails that contain “important information about your Simmons account” or a “problem with your registration”
  • Tech Support scams where you get a call about a “problem with your computer”
  • Scholarship scams, textbook rental or book-buying scams.
  • IRS scams demanding money for a fake “federal student tax”
  • Tuition reimbursement or student debt cancellation scams
  • Messages asking for your login information, passwords, or other personal information
  • Fake friend requests, fake login pages, and fake DropBox or Google Docs share notices.

Thank you for your continued cooperation supporting your information security and online safety!  For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to the Technology Service Desk.  

[1] Verizon 2021 Data Breach Investigations Report (https://www.verizon.com/business/resources/reports/dbir/)
[2] Valimail Email Fraud Landscape Spring 2019 Report (https://valimail.docsend.com/view/qndhuhn)

October is CyberSecurity Awareness Month

Special News, TechNews, , , ,
Cybersecurity & Infrastructure Security Agency Logo

See Yourself in Cyber. #BeCyberSmart.

Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school. 

4 Things You Can Do to #BeCyberSmart

About Your Role

Special News, TechNews, , ,

When we say See Yourself in Cyber, we mean see yourself in cyber no matter what role you play. As an individual or consumer, take steps to protect your online information and privacy. Faculty, staff, and service providers can take ownership of their role by putting cybersecurity in place to prevent incidents while protecting the University’s brand and reputation. Administrators support critical operations and are a part of the network of functions and systems that others rely on.

Remember: your role plays an important part in ensuring cybersecurity for the larger ecosystem!

Phishing and Social Engineering

Special News, TechNews, , , ,

Phishing and social engineering campaigns are the #1 source of ransomware and other malware[1].
Phishing is a type of cybersecurity attack where malicious actors send messages pretending to be a trusted person. Social Engineering is the psychological manipulation of people into performing actions like installing malicious software, clicking a malicious link, or divulging sensitive information.

Reduce your chances of your falling victim to phishing attacks!

Beware of messages that:

  • Do not clearly identify themselves or their company
  • Come from an email address that does not match the company’s domain
  • Do not give full contact information such as the title of sender, the company’s physical address, or phone number
  • Make too good to be true offers with no strings attached
  • Ask to pay an upfront fee or asks you to transfer money for them
  • Ask to give your credit card or bank account numbers
  • Ask to send copies of personal documents
  • Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.

If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2021 Verizon Data Breach Investigations Report (DBIR)

Beware of Disaster Scams

Special News, TechNews, , , ,

Remain vigilant for scams particularly related to disasters and other current events. Recent phishing campaigns include emails with attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with Hurricane Ian-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Hurricane Ian relief efforts.

In general, avoid clicking links in unsolicited emails, never reveal personal or financial information in email and do not respond to solicitations for this type of information. Always verify the sender of email messages.

For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to Simmons Information Security Officer, Richard Phung, or the Technology Service Desk.

Upcoming Sharkpass Duo Updates

Special News, TechNews, , , , , , ,
Example of a new Duo Push

Simmons Technology will be updating Duo Security — the technology behind Simmons Sharkpass — to the Universal Prompt which will affect the look-and-feel of logging into Simmons resources. 

After this change, a redesigned prompt will be presented to users at the time they login providing a sleeker, more simplified interface. 


Stay tuned! More details to be announced soon.

Information Security and Phishing

TechNews, , ,

ID Badge IconNearly 20 million students in the US are expected to attend universities this fall. 

This is an exciting time for Simmons as our students, faculty, and staff return for the academic year. Unfortunately, the return to school provides ample opportunities for cybercriminals who wish to take advantage of people during these particularly busy times.

Phishing attacks are once again on the rise, accounting for more than 20% of data breaches in 2021[1]. It is estimated that one in every 99 messages (1.2%)[2] is malicious which equates to nearly 3.4 billion fake emails per day.

Luckily there are some healthy security practices that we all can take to reduce risk:

  • Beware of email messages claiming to be of an urgent nature.
  • Pay attention to the sender of the email message.
  • Look out for fake logos, signatures, or suspicious message contents.
  • Check those URLs; only visit official, reputable websites with encryption.
  • Think twice before clicking links or opening attachments.
  • Protect your passwords and use different passwords for your work, school, and personal accounts.
  • Keep your machine clean. 
  • Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date.
  • Delete sensitive information if you no longer need it.
  • Back-up your files regularly. 

Be mindful of common scams targeting college students, including:

  • Emails that contain “important information about your Simmons account” or a “problem with your registration”
  • Tech Support scams where you get a call about a “problem with your computer”
  • Scholarship scams, textbook rental or book-buying scams.
  • IRS scams demanding money for a fake “federal student tax”
  • Tuition reimbursement or student debt cancellation scams
  • Messages asking for your login information, passwords, or other personal information
  • Fake friend requests, fake login pages, and fake DropBox or Google Docs share notices.

Thank you for your continued cooperation supporting your information security and online safety!  For more information about phishing and Internet scams, as well as ways to identify them, please visit our Phishing and Scams resource page

Please send any questions or concerns to Simmons Information Security Officer, Richard Phung, or the Technology Service Desk.  

[1] Verizon 2021 Data Breach Investigations Report (https://www.verizon.com/business/resources/reports/dbir/)

[2] Valimail Email Fraud Landscape Spring 2019 Report (https://valimail.docsend.com/view/qndhuhn)

Icon made by Pixel perfect from www.flaticon.com

Important Sharkpass/Duo Changes

TechNews, , ,

Icon of No PhoneSimmons uses SharkPass to provide an additional layer of security for our Simmons login. In recent years, SMS passcodes, Duo Mobile Passcodes, and Telephone voice call verification have become avenues for scammers to steal login credentials.

On July 11, 2022, Technology will disable the use of SMS passcodes, Duo Mobile passcodes, and telephone voice calls as authentication methods for SharkPass.  Users authenticating using their Simmons Account credentials after this date must use a Duo Push to their mobile device, or an approved security token.

The Duo Push is the preferred authentication method for Sharkpass/Duo as it offers an easy-to-use and seamless experience for the community in addition to increased security.

To avoid any potential service disruptions, be sure to enroll and begin to use your Duo Push-enabled smartphone or mobile device to be used with SharkPass. Instructions may be found at the SharkPass Information website.

What if I don’t have a cell phone or mobile device?

If you do not have a cell phone that is compatible with the Duo Push, you may be eligible for a free two-step verification hardware token. Please contact the Service Desk, at 617-521-2222.

These changes are a part of Simmons’ continual efforts to make our systems more secure.  Please be on the lookout for future communications describing improvements to this service.