Quarterly Security Update for April 2017 Now Available

OIT Quarterly Security Update (April 2017)

Our latest edition of the OIT Quarterly Security Update is now available to the SMU community. In this edition, we discuss how technology is helping the police in an interview with SMU Police Chief Rick Shafer, how the Clery Act reveals campus crime on college campuses, how campus lockdowns work, how toll tags can speed up your parking in the morning, and how the Access Control Initiative is improving the requesting and approving cards and codes.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Browser Plugin Alert: OneClass Extension Behaves Like Malware

OneClassAt OIT we always recommend that you be careful when installing extensions and plugins for your web browser. This morning we received a warning from our friends at Canvas to let us know about a new Chrome extension, OneClass, that behaves suspiciously. Here’s what they had to say:

The “OneClass” Chrome extension behaves like malware. It can affect users of several LMSs, including Canvas. OneClass is not affiliated with Instructure [Canvas] in any way.

When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in the user’s LMS (Canvas or other) labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations).

Instructure, the parent company of Canvas, recommends that you do not install this OneClass plugin. If you ever see something suspicious in your web browser or have a question regarding browser add-ons, let the IT Help Desk know at help@smu.edu or 214-768-4357.

The Best Way to Authenticate with Duo

DuoIt has been several months since the University has required Duo Two-Factor Authentication to connect to secure services like my.SMU. While there are several ways to verify your identity with Duo Security, Duo has recently published an easy-to-read, one-page guide on why Duo Push with the Duo Mobile app is the best way to authenticate. Continue reading The Best Way to Authenticate with Duo

Phishing Alert: Protect Yourself!

In the past two days, two widespread phishing e-mails have been arriving in mailboxes across campus. Make sure to protect yourself and your data and NEVER open any links or attachments in these emails! Below are examples of the reported phishing messages:Phishing Attempt Example 1

Phishing Message Example 2

 

If you received either of these messages, delete them immediately! If you clicked on any of the links or attachments within the messages, reset your password immediately and call the IT Help Desk at 214-768-4357.

Social Networking and Your Personal Information

Most social networking sites have options for you to define your security or privacy settings.   At times, they may be changed or upgraded in a way that affects how your personal information is made available on the internet. To be sure you are aware of what information is being shared and how it is important to review security setting periodically.

Continue reading Social Networking and Your Personal Information

Fall 2016 Security Report Now Available

OIT Security Report 2016

Our Fall 2016 Edition of the newly revised OIT Security Report is now available to the SMU community. In this edition, we discuss Cybersecurity Awareness Month, how ransomware is impacting industries and you, a warning from a victim of a scam, credit card fraud, how to secure your smartphone, and how our simulated phishing emails help our community learn to spot the red flags of spam and phishing attempts.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Internet Applications, Internet Safety, and You

As more applications are run from the internet, rather than installed locally on a device, each of us needs to become more cognizant of browser security settings and internet safety practices.  The following are a few key tips for internet safety. Continue reading Internet Applications, Internet Safety, and You

Duo Required for my.SMU Starting October 10th.

DuoSince April, the University has required Duo two-factor authentication (2FA) for all SMU employees to access the Payroll, time reporting, HR & Benefits areas of my.SMU. Beginning October 10th, Duo will be required to access any part of my.SMU. In an effort to protect our systems, we need all employees to register at least one device with Duo. We encourage you to follow the instructions at smu.edu/duo to enroll in Duo today to continue uninterrupted access to my.SMU. Continue reading Duo Required for my.SMU Starting October 10th.

Do You Know How to Spot A Phish?

AnitPhish (Anti-Phishing Campaign)Phishing is a method of identity theft which requests confidential information such as usernames, account numbers, passwords, etc. by masquerading as a legitimate, trusted company.  This term typically refers to attempts through email.  However, this same type of attack can occur in person (social engineering) or over the phone (farming).

Phishing emails have become very sophisticated.  It used to be that they were so poorly written that you could just rely on really bad grammar or spelling errors to determine their legitimacy.  That is no longer the case.  The emails can appear to come from trusted addresses and cleverly designed with graphics, disclaimers, etc.  So how can you determine if an email is legitimate?

Continue reading Do You Know How to Spot A Phish?

Cyber Security Awareness Month is Here

October is National Cyber Security Awareness Month (NCSAM).  Technology plays such an integral role in our daily lives—everything from paying bills to controlling our TV lineup is managed online. The wealth of information stored online about each one of us is staggering. As part of Security Awareness Month will be looking at how to keep you safe and protected both online and at work.

Just take a moment to consider the various accounts you have and the services you use. These companies have information about your spending patterns, your entertainment patterns, and your various interests right at their fingertips. Although most of us enjoy the convenience of having all of this data stored and synchronized across multiple devices, there is a cost to having this data propagated everywhere. The protection of this information starts with you.

Throughout the month of October, OIT will send you weekly emails that will help you increase your knowledge and awareness about cybersecurity.

I work with Cybersecurity Superheroes!Security Showdown

As part of Cyber Security Awareness Month, we will be hosting our first Security Showdown on the afternoon on October 21st. Go ahead and mark your calendars. The theme this year is “I work with Superheroes” and if you know of any cybersecurity superheroes, we want to know about them.  We will have more information about this interactive event in the coming weeks.