Category: Security Awareness

Duo Two-Factor Authentication Live Thursday April 21.

Duo Two-Factor Authentication Live Thursday April 21.

At 9:30 AM on Thursday, April 21, 2016, OIT will implement two-factor authentication for all SMU employees to certain online services, starting with my.SMU. This rollout includes student workers. The two-factor authentication utilizes a solution from Duo Security called Duo Mobile.

What is Duo and what does it mean to me?

Duo two-factor authentication (2FA) adds a second layer of security to online services. Verifying your identity using a second factor (like your phone or another mobile device) helps prevent anyone but you from using your SMU account to log in to a protected service, even if they know your password. In other words, Duo provides assurance that only you can access protected information.

Duo and my.SMU

The first system to be protected with Duo two-factor authentication is the Payroll, time reporting, HR & Benefits areas of my.SMU. This will provide protection for your direct deposit accounts, bank routing information, tax statements, and other sensitive employee data. Your access to Web Clock will also be protected.

What do I need to do?

  1. Download the Duo Mobile app from your smartphone’s app store. Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian.
    Don’t have smartphone, don’t worry. You can also use a landline, tablet, or an SMS.
  2. On April 21, use your desktop or laptop computer to log in to my.SMU and access secure information, such as your past paychecks or W2.
  3. Follow the on-screen DUO enrollment instructions. We suggest having your smartphone available to scan a QR code with the Duo Mobile app.
  4. Add a second device, such as your office phone, to Duo.

Step by step instructions can be found at blog.smu.edu/itconnect/2016/03/29/duo-two-factor-authentication-2fa-setup/

To find out more about Duo two-factor authentication, including FAQs about Duo and video tutorials, please visit the Duo service page at smu.edu/duo.

If you have any problems or concerns, please contact
the IT Help Desk at 214-768-HELP (4357).

Phishing Alert: Please protect your account information

Phishing Alert

There was another round of phishing emails today targeting SMU employees. These appeared to come from HR/Payroll pertaining to salary increases. The links in the email directed to an external login page that captured SMU credentials once entered.
Please be extra cautious and guard your account information.

When you receive an email requesting your login information, please take a second look!

  1. Check the from address: The from address should be a valid, known address for SMU. In addition, the content of the email should be appropriate for that sender. For example: you wouldn’t expect to receive payroll information from someone in OIT!
  2. Check the web addresses referenced: Is the site they are referencing a true SMU site hosted on the SMU servers? Is it a site you have heard of before?
  3. When in doubt, check with the Help Desk!

If you did fall victim to the phishing email, please change your password immediately and contact the IT Help Desk at 214-768-HELP (4357).

Duo Two-Factor Authentication Live Thursday April 7.

Duo Goes Live Thursday April 7.At 9:30 AM on Thursday, April 7, 2016, OIT will implement two-factor authentication for SMU staff to certain online services, starting with my.SMU. On April 21st, the two-factor authentication requirement will be expanded to all SMU employees. The two-factor authentication utilizes a solution from Duo Security called Duo Mobile.

What is Duo and what does it mean to me?

DuoDuo two-factor authentication (2FA) adds a second layer of security to online services. Verifying your identity using a second factor (like your phone or another mobile device) helps prevent anyone but you from using your SMU account to log in to a protected service, even if they know your password. In other words, Duo provides assurance that only you can access protected information.

Duo and my.SMU

The first system to be protected with Duo two-factor authentication is the Payroll, time reporting, HR & Benefits areas of my.SMU. This will provide protection for your direct deposit accounts, bank routing information, tax statements, and other sensitive employee data. Your access to Web Clock will also be protected.

What do I need to do?

  1. Download the Duo Mobile app from your smartphone’s app store. Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian.
    Don’t have a smartphone, don’t worry. You can also use a landline, tablet, or an SMS.
  2. On your desktop or laptop computer, log in to my.SMU and access secure information, such as your past paychecks or W2.
  3. Follow the on screen DUO enrollment instructions. We suggest having your smartphone available to scan a QR code with the Duo Mobile app.
  4. Add a second device, such as your office phone.

Step by step instructions can be found at blog.smu.edu/itconnect/2016/03/29/duo-two-factor-authentication-2fa-setup/

To find out more about Duo two-factor authentication, including FAQs about Duo and video tutorials, please visit the Duo service page at www.smu.edu/oit/services/duo.

If you have any problems or concerns, please contact
the IT Help Desk at 214-768-HELP (4357).

Setting Up Duo Two-Factor Authentication at SMU

Please Note:

These instructions are for new users only. For those re-enrolling a device, please call the IT Help Desk at 214.768.HELP (4357). More information is also available on the Duo 2FA page at smu.edu/duo.

Duo

The following steps are our recommendations for the initial setup of Duo’s Two-Factor Authentication (2FA) at SMU.

  1. Install the Duo Mobile app on a smartphone or tablet.
  2. Enroll your mobile device with Duo.
  3. Activate Duo Mobile for your Device.
  4. Add a second device, such as your office phone.
  5. Configure Duo to automatically send a Duo Push to your mobile device.

We will go through these steps to get you started with two-factor authentication with Duo. Continue reading Setting Up Duo Two-Factor Authentication at SMU

New Email Phishing Simulations Coming Soon

AnitPhish (Anti-Phishing Campaign)Phishing attempts are email messages sent by hackers pretending to be your friends, coworkers, or trusted companies. These emails try to lure you to reveal your personal information, such as your passwords, credit card numbers, or bank account numbers, with alarmist sounding messages. Some may even direct you to an official-looking website requesting such information. These websites may also be infected with computer viruses or other forms of malicious software. Phishing messages have potential to damage our IT infrastructure and expose sensitive University data.

Due to the increased volume of recent phishing attempts, SMU’s Information Security Team is launching another round of the phishing awareness program, AntiPhish. This program will send simulated phishing emails, analyze how SMU employees respond to these messages, and track the success of employees in recognizing and deleting phishing emails. For those falling victim to the phishing attempts, the Information Security Team will offer training tools to help employees learn how to avoid falling victim to phishing messages. The phishing simulations will take place at SMU in the coming weeks.

As a reminder, if you receive any email message that appears malicious or asks for confidential personal information, Information Security asks that you do the following:

  • Contact the IT Help Desk or your local IT Support group regarding the email.
  • Delete the email from your mailbox without clicking on any hyperlinks or attachments.

For valuable resources and other information, please visit the Information Security website at www.smu.edu/OIT/Infosec.

If you have questions about the upcoming phishing simulation or training tools, please contact the IT Help Desk at 214-768-4357 (HELP).

IT Connect is published by the Office of Information Technology at Southern Methodist University.


Office of Information Technology
Copyright © Office of Information Technology, SMU
smu.edu/help  | 214.768.HELPhelp@smu.edu