Security & Safe Computing Updates

1 year 6 months ago

If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. At times like these, backups are often the only way you can rebuild your digital life. Read more at https://www.sans.org/newsletters/ouch/backups/

1 year 7 months ago

Beware of 'Microsoft Office' USB sticks that show up in the mail. It's a scam! Plugging the USB into a computer will trigger a virus alert and encourage people to call a customer support line, where a scammer will take over the computer and demand payment. Read more here:  https://www.pcmag.com/news/beware-microsoft-office-usb-sticks-that-show-up-in-the-mail-its-a-scam

1 year 7 months ago

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact. What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19. When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike. Read more at https://www.sans.org/newsletters/ouch/charity-disaster-scams/

1 year 8 months ago

Phishing attacks have become the most common method cyber attackers use to target people at work and at home. Read more at https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier/

1 year 10 months ago

Should you use a different password for every site? Absolutely! Should you use your browser to store all of those distinct passwords? Probably not..

https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/

1 year 11 months ago

While social media is a fantastic way to communicate, share, and have fun with others, it is also a low-cost way for cyber criminals to trick and take advantage of millions of people. Don't fall victim to the three most common scams on social media. Read more at https://www.sans.org/newsletters/ouch/top-three-social-media-scams/

2 years 3 weeks ago

I have recently attended several briefings on the cybersecurity fallout from the current Russia-Ukraine conflict in eastern Europe. That event has resulted in a lot of FUD (Fear, Uncertainty, Doubt) about the online safety of people worldwide. It is certainly true that cyberattacks have played a role in the conflict, but cyberattacks are present every day. There are three general areas that you can concentrate on to protect yourself and your cyber assets.

  1. Phishing - Be aware and be skeptical of email you receive, particularly from unknown senders. The bad actors will try to fool you by using well-known personal names on the accounts they are using. They may also copy signature blocks, UNI logos, and other details to make their message appear official. Check the actual email address of the sender. Hover over links with your mouse to see where they are going. If it's not uni.edu or another well-known site, think again and don't click the link.
  2. Passwords - Passwords are hard and not really sufficient on their own today. They should be unique from one site to another and should be more than a simple word or two. Length trumps complexity. Even though "thequickbrownfoxjumpedoverthelazydog" has several issues and shouldn't be used, it is far better than "R3(s4*#1" for a password. Consider a password manager to help. It can generate lengthy unique random passwords per site and remember them for you.
  3. Patching - For UNI-managed devices, IT tries to take care of this for you but the process does take your cooperation and time to allow the patches to be deployed and made active. For your personal devices, patching is on you. Allow the operating system and applications to apply updates automatically. And when Windows or Adobe or Office tells you their are patches available, let those updates happen. If you can't do that immediately, okay, but do it soon, within a day or two.

 

2 years 2 months ago

Beginning on Tuesday, February 1st, 2022, Information Technology (IT) will enable Duo Multi-Factor Authentication (MFA) for access to the Student Information System (SIS). In the rapidly changing cybersecurity landscape, MFA remains one of the best protections against bad actors gaining control of accounts and access to important University data. Here are some things to keep in mind when considering the upcoming change:

  • Only those currently enrolled in Duo MFA (employees, student employees, and those students who have self-enrolled) will be affected. 
  • As with other systems protected by Duo MFA, you will be allowed to check a box to be remembered for a certain period of time. On properly configured devices, this limits the number of MFA prompts one must work through each day.
  • Duo MFA is already in place in front of the University's Oracle eBusiness Suite (eBiz), Google Workspace suite of tools, and other important University systems.

As always, if you need help with Duo MFA or have any questions or concerns, please don't hesitate to reach out to your IT support by visiting Service Hub and opening a support ticket, or calling the IT Service Desk at (319) 273-5555.

2 years 2 months ago

Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. and now they're showing up in the mail. You simply don’t know what’s lurking, and it’s hard to find out safely without the right tools available. Even then, something can slip by and cause no end of trouble on your desktop or network. Read more at https://blog.malwarebytes.com/cybercrime/2022/01/attackers-are-mailing-usb-sticks-to-drop-ransomware-on-victims-computers/

Pages

  • ITTC 36
  • (319) 273-5555
  • Service Hub