Information Technology Updates
I have recently attended several briefings on the cybersecurity fallout from the current Russia-Ukraine conflict in eastern Europe. That event has resulted in a lot of FUD (Fear, Uncertainty, Doubt) about the online safety of people worldwide. It is certainly true that cyberattacks have played a role in the conflict, but cyberattacks are present every day. There are three general areas that you can concentrate on to protect yourself and your cyber assets.
- Phishing - Be aware and be skeptical of email you receive, particularly from unknown senders. The bad actors will try to fool you by using well-known personal names on the accounts they are using. They may also copy signature blocks, UNI logos, and other details to make their message appear official. Check the actual email address of the sender. Hover over links with your mouse to see where they are going. If it's not uni.edu or another well-known site, think again and don't click the link.
- Passwords - Passwords are hard and not really sufficient on their own today. They should be unique from one site to another and should be more than a simple word or two. Length trumps complexity. Even though "thequickbrownfoxjumpedoverthelazydog" has several issues and shouldn't be used, it is far better than "R3(s4*#1" for a password. Consider a password manager to help. It can generate lengthy unique random passwords per site and remember them for you.
- Patching - For UNI-managed devices, IT tries to take care of this for you but the process does take your cooperation and time to allow the patches to be deployed and made active. For your personal devices, patching is on you. Allow the operating system and applications to apply updates automatically. And when Windows or Adobe or Office tells you their are patches available, let those updates happen. If you can't do that immediately, okay, but do it soon, within a day or two.
Beginning on Tuesday, February 1st, 2022, Information Technology (IT) will enable Duo Multi-Factor Authentication (MFA) for access to the Student Information System (SIS). In the rapidly changing cybersecurity landscape, MFA remains one of the best protections against bad actors gaining control of accounts and access to important University data. Here are some things to keep in mind when considering the upcoming change:
- Only those currently enrolled in Duo MFA (employees, student employees, and those students who have self-enrolled) will be affected.
- As with other systems protected by Duo MFA, you will be allowed to check a box to be remembered for a certain period of time. On properly configured devices, this limits the number of MFA prompts one must work through each day.
- Duo MFA is already in place in front of the University's Oracle eBusiness Suite (eBiz), Google Workspace suite of tools, and other important University systems.
As always, if you need help with Duo MFA or have any questions or concerns, please don't hesitate to reach out to your IT support by visiting Service Hub and opening a support ticket, or calling the IT Service Desk at (319) 273-5555.
Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. and now they're showing up in the mail. You simply don’t know what’s lurking, and it’s hard to find out safely without the right tools available. Even then, something can slip by and cause no end of trouble on your desktop or network. Read more at https://blog.malwarebytes.com/cybercrime/2022/01/attackers-are-mailing-usb-sticks-to-drop-ransomware-on-victims-computers/
US Police Warn of Parking Meters with Phishing QR Codes
Always think twice when you're tempted to scan a QR code!
Targets aren't just the upper management of a company; the truth is, anybody can be a victim. Even random targeting can allow phishers to gather sensitive information about anyone online, such as their contact details and financial data, which they will use to their advantage. Read more at https://fraudwatch.com/who-are-the-most-common-targets-of-phishing-scams/
The holiday season is nearing. Soon millions of people will be looking to buy the perfect gifts, and many of us will shop online. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and other online shopping scams to steal your information or money. Learn how you can find good deals without becoming a victim at https://www.sans.org/newsletters/ouch/shopping-online-securely-nov-21/
Beginning November 1, 2021, Zoom will require their apps to be no more than nine months behind the current version at any given time.
If you are using a computer managed by UNI, Zoom updates will be done automatically for you and no action is required.
If you are using a personal device (computer or phone), Zoom apps that are outdated will be prompted to be upgraded upon connecting. Information Technology recommends that you regularly download and update to the latest version of the Zoom software by checking for updates within the Zoom client or by navigating to zoom.us/download to take advantage of all the latest security and functionality features. For assistance on keeping your personal devices updated, visit Zoom’s article on upgrading Zoom to the latest version on a personal device.
Duo enabled CatID accounts using Microsoft 365 applications and services will start to be prompted for multi-factor authentication (Duo) on November 3rd, 2021 to match campus security standards. If Duo is not currently turned on for your account, you will not be prompted. If you would like to learn more about multi-factor authentication at UNI, visit this page https://mfa.uni.edu/. If you are not enrolled in multi-factor authentication yet but would like to be, please visit this page https://mfa.uni.edu/enroll-your-account-duo.
Email is still one of the primary ways we communicate, both in our personal and professional lives. However, quite often we can be our own worst enemy when using email. Here are the most common mistakes people make with email and how to avoid them. https://www.sans.org/newsletters/ouch/avoid-the-most-common-email-mistakes/
In October of this year local landline calls to all numbers starting with 319 will need to be dialed with all ten digits. This change has been mandated by the FCC for multiple reasons including support of the new 988 National Suicide Prevention Lifeline. The UNI IT Voice team made system modifications so both 7 digit and 10 digit dialing will function as they always have using either procedure. In addition UNI long distance dialing will still require 1 followed by the 10 digit number.
For more information: https://www.fcc.gov/consumers/guides/ten-digit-dialing