Security is No Joke: Let’s Duo

DuoBeginning April 1, 2019, all matriculated students will be required to use Duo Security’s Two-factor authentication (2FA) when accessing my.SMU. Yes, we know that’s April Fools Day, but this is no joke!

Duo Two-factor authentication will be used to verify a student’s identity when logging into my.SMU. This security measure will be enforced to prevent unauthorized use of a student’s SMU account. Continue reading Security is No Joke: Let’s Duo

New gift card phishing scam using fake supervisor email addresses

As we begin the Spring semester, we would like to remind you to be diligent in watching for phishing emails. Over the last several weeks, OIT has been notified by a number of faculty and staff members who have received messages that appear to come from supervisors. The email will urgently request that the individual purchase a gift card (Walmart, iTunes, etc.). The emails have used an external email address like supervisors.name@gmail.com instead of their SMU email address.

The phisher will request that the gift card numbers and pin need to be emailed or texted to the supervisor. These scammers do their research to get the name of the boss and details of his/her employees. Tracing their source is very difficult.

Don’t be fooled!

Below is the sample email exchange in chronological order. Never comply with a request like this and always confirm either in person or with a phone call with the supervisor to make sure this is not a scam. In the example exchange below, Sally ABC is the chair of the Alternative History department of “univ.edu” and was spoofed by the bad guys. Dave XYZ is Sally ABC’s personal assistant.

From: Sally ABC<sally.abc@gmail.com>
To: Dave XYZ <dxyz@univ.edu>
Subject: Respond
There is something I need you to do. Can you get this done ASAP? I need couple of Walmart gift cards (worth $100) for some a giveaway for a student club. Please get the physical card from the store. I need to send them out in less than an hour. When you get the cards, scratch out the back to reveal the card codes, and email me the codes.
I am going into a meeting now with limited phone calls, so just reply my email.
Sally ABC
Sent from my iPad
-----------------------------
Subject: Re: Respond
From: Dave XYZ <dxyz@univ.edu>
To: Sally ABC<sally.abc@gmail.com>
Sally,
Find below the codes below:
Xxxxx 12234 xxxyyy
Abcde 12345 12344
Sent from my iPhone
------------------------

If you have any questions, please feel free to contact the IT Help Desk at 214.768.HELP (4357) or at help@smu.edu.

CylancePROTECT now compatible with macOS 10.14 Mojave

Back in September, just days before the release of macOS 10.14 Mojave, we recommended users to not update due to a serious compatibility issue with our CylancePROTECT anti-virus software that would cause the computer to deadlock upon reboot. We are happy to announce that with CylancePROTECT version 2.0.1494.546 and higher, the issue has been resolved. Continue reading CylancePROTECT now compatible with macOS 10.14 Mojave

SMU CSO George Finney Recognized as Security Thought Leader

George Finney - Selected as a 2018 Security Magazine Thought Leader

We are proud to announce that OIT’s own George Finney has been featured as one of Security Magazine’s Security 500 as a Thought Leader for 2018!

George has worn many hats during his long career at SMU, and he has made great strides in revolutionizing cybersecurity practices during his time as Chief Security Officer. From modernizing physical security to the creation of a security operations center, George and his team have shown how important cybersecurity is to the success of SMU as a whole.

In addition to his duties as CSO, George has also written a book on cybersecurity practices: No More Magic Wands: Transformative Cybersecurity Change for Everyone. The book details common cybersecurity issues in an informative, entertaining, and above-all actionable way.

Congratulations to George on his achievement!

Fall 2018 Security Report Now Available

OIT Quarterly Security Update (Fall 2018)

Our Fall 2018 edition of the OIT Security Report is now available to the SMU community. In this edition, we discuss how you can safeguard your personal information when using wearables, such as a Fitbit or Apple Watch, so you can track your fitness and keep your privacy. Our CSO discusses when an organization values empowerment, allowing employees to take responsibility for their own result, the organization has a greater chance of succeeding – especially in cybersecurity. Plus, Ms. Security returns with advice on phishing and why you shouldn’t worry about Distributed Denial of Service attacks because OIT does.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Password Managers Make Security Easy

PadlockAs National Cybersecurity Awareness Month draws to a close, one of the easiest things you can do to help protect your identity and your sensitive files is to ensure that you have unique, secure passwords for all of your online services. Of course, that is easier said than done! Keeping up with all of the passwords for every last service you use online can be overwhelming if you go it alone. Thankfully, there are plenty of tools out there that can help.

Continue reading Password Managers Make Security Easy

Summer 2018 Security Report Now Available

OIT Spring 2018 Security Report

Our Summer 2018 edition of the OIT Security Report is now available to the SMU community. In this edition, we show you how nearly everything that happens when you use a computer is written to a log on your computer or a server somewhere, discuss the new European privacy law called the General Data Protection Regulation, or GDPR, see how you can bring a Security Minute to your next meeting, plus more advice from Ms. Security.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Privacy Is Dead, Now Where’s My Inheritance

Originally featured in OIT’s Spring 2018 Security Report

Privacy is Dead

PrivacyIt’s probably not the first time you’ve heard this.  A private investigator, Sam Rambam was quoted as saying “Privacy is Dead – Get Over it” in 2006.  In 2012, Huffing Post contributor Miles Feldman posed the question “Is Privacy Dead?”  If it is, then our inheritance may have been in probate for years without us knowing it. The most recent major violation of privacy comes through a Facebook developer, Cambridge Analytica (discussed later in this newsletter), who collected data on millions of Americans without their consent to help political strategists win the 2016 US Presidential Election.  But most likely this is only the tip of the iceberg. Continue reading Privacy Is Dead, Now Where’s My Inheritance

CylancePROTECT now safeguards your home computers

CylancePROTECT Home EditionSMU is pleased to introduce a new employee benefit to help you safeguard your family’s personal devices from malware, ransomware, and other cyber-attacks. We have partnered with Cylance® to protect our corporate devices, and as part of our steadfast commitment to information security, we are now happy to offer employees exclusive access to the same caliber of anti-malware/antivirus protection for up to 10 of your family’s devices (Windows and macOS supported) through Cylance’s Employee Purchase Program. For less than the cost of a Grande Iced Coffee, you can protect your home computer for a month from malware and viruses.  Continue reading CylancePROTECT now safeguards your home computers