Security Awareness – Page 29

New Logins for My.SMU and Employee.SMU

Very soon, OIT will be adding my.SMU and Employee.SMU to our list of sites using the secure Shibboleth login. For those not familiar with Shibboleth, it is a software solution that provides Single Sign-On (SSO) service, allowing you to gain access to web resources both inside and outside SMU after logging in just one time. Shibboleth also allows websites, such as Concur and Lynda, to grant access to their online resources. This is all done securely and in a way that preserves your privacy. We have used Shibboleth to authenticate to external sites for some time, but my.SMU and Employee.SMU are two of the most widely used SMU sites to begin using the Single Sign-On service.

The Shibboleth Login

When you log in to my.SMU, you will see the new my.SMU portal. Upon clicking the Login button, you’re directed to the Shibboleth login page. You use your SMU ID and password to log you in. You will be able to move freely between the services without having to log in every time, as long as you are in the same browser.

Once you log out, you will need to exit (Alt+F4 for Windows) or quit (⌘+Q for Mac) out of the browser – not just close the tab or window – to end your session.

Don’t Bookmark It

Please, do not bookmark the Shibboleth login page. The Shibboleth login page ONLY works if you are sent to it by a web service or application. It requires information from the originating web service to know where to go after you log in. You should bookmark the site you are trying to access (smu.edu/lynda for example) rather than the Shibboleth Login Page.

Find Out More

For more information about Shibboleth, please see the Shibboleth service page at www.smu.edu/OIT/Services/Shibboleth.

Update 10/04/2015: Page updated to reflect change in rollout date.

Password Managers: What are they and should I use one?

For those who are challenged with managing multiple different passwords for different accounts they might consider using a password manager, also known as a password vault.

A password manager is a piece of software that helps someone to organize their own passwords or pin codes. It typically is a local database that encrypts passwords and the database itself uses a master password to open it. Some types of password managers also acts as a Form Filler, where once a particular website is launched, and it prompts for a username and password, the password manager recognizes the request and will automatically fill the user name and password into the form. This type of password manager can be used as a defense against “phishing” as it is setup to handle automated logins to a particular site, and will not work with an imitation or a look alike website.

Some password managers include a password generator. In this case, when you define an entry in the database for a password, the password manager can generate a password that can be stored and used as needed. There are also password managers that are available online. This type of tool is a web based version similar to a desktop password manager, but allows for more portability.

Password managers have pros and cons. Some of the pros are listed above, while one of the main cons is that if your computer (or phone if you have a password manager on your smartphone) is lost, so are your passwords. Even though they may be protected and encrypted inside of the password manager, you no longer have access to that information.

(A few password manager tools are Keepass, Lastpass, Roboform, Kaspersky Password Manager and 1password)

Phishing Exercises Coming Soon.

Phishing No. It’s not about fish doing Zumba.

Twice per year, SMU conducts a simulated phishing exercise where the University sends a simulated phishing message to employees based on the types of phishing messages we have most recently received. Last year, over 100 SMU accounts were compromised due to users falling victim to these attacks so we are committed to reducing our click through rate through user education and awareness. When we started the simulated phishing awareness campaigns in 2013, we saw a 40% click-through rate. In 2014, we reduced that click-through rate to 20%. In our first campaign of 2015 that number had dropped to just 10%.

Security Alert: Windows 10 Upgrade Scam

Windows Microsoft is in the process of releasing their new Windows 10 Operating System. The software will be available to download free of charge.

Please read carefully!

There are several scams circulating around this new release. The scammers are pretending to be Microsoft Tech Support and are contacting individuals via phone, email or browser pop-up windows that appear to be legitimate but actually contain malware.

Please do not click on any popup add claiming to be from Microsoft about your Windows 10 upgrade.

OIT is in the process of reviewing the Windows 10 Operating System and ensuring that University applications will continue to function properly with this new OS. More details regarding the upgrade process will be communicated in the Fall.

Here is the legitimate link on Microsoft’s web site about Windows 10: http://www.microsoft.com/en-us/windows/windows-10-upgrade

Updating Emergency Contacts in my.SMU

If you haven’t recently, it’s a good time to update your emergency contacts in my.SMU.

Faculty & Staff Instructions

From the landing page, select Personal Information located under Employee Self – Service.
Click on Emergency Contacts.
Click Add Emergency Contact.
Enter the Contact Name.
Indicate the Relationship to Employee. If the employee has the same address or telephone select one of the following options:If you indicated that the emergency contact address or phone is the same as yours it will display on the screen and can be edited if needed.
If the contact has a different address select Edit Address to provide address information.
If the contact has a different phone select Add Phone Number and indicate the Phone Type and Phone Number.
Click Save. To view a contact list select the Return to Emergency Contacts link.
For multiple contacts check one to be the Primary Contact.
Edit or Delete contacts by selecting the appropriate icons.
Click Save.

Student Instructions

Visit the Update/Verify Personal Info section of the Student Self-Service tutorial: sites.smu.edu/oit/training/story/studentselfservice/story.html.