Security Digest Vol. III (Fall 2016)
Welcome to Volume III (Fall 2016 Edition) of the Duquesne University Cyber-Security update. Here are some highlights and exciting initiatives that we wanted to bring to your attention:
October is National Cyber Security Awareness Month (NCAM)
Duquesne University has committed to being a National Cyber Security Awareness Month (NCAM) Champion. The University's commitment as a Champion demonstrates the dedication that has been placed in promoting a safer, more secure, and more trusted Internet. At Duquesne University, your computer and mobile device are primary tools in the support of education, social life, and the business of the organization. We rely on these devices to connect to the Internet for homework, research, social networking, online shopping, applications, and email. The Internet is an amazing tool but it must be used safely and securely.
When you use the campus network (or any network), what you do online could not only impact your computer, but other students, faculty, and staff, as well as the network itself. With the combination of security tools and good judgement, you can help keep our Duquesne University community less likely to be a victim of a security incident - including loss of data - or system problems.
Duquesne University is committed to providing a resilient computing environment protected with the latest tools and techniques (technologies). Computing and Technology Services is available to help when needed, but, most importantly, we need your help to keep our community cyber-safe.
Your first step is to STOP. THINK. CONNECT.
JOIN US at Duquesne's First-Ever Cyber-Security Conference!
As part of our commitment to NCAM, the Federal Bureau of Investigation (FBI), in partnership with CTS, is having Duquesne's Cyber-Security Conference on October 13, 2016, from 1:30-3 p.m. in the Africa Room of the Union.
- Keynote speaker FBI Special Agent Gregg Frankhauser will discuss the importance of cyber-security in our ever-connected lives and address the risks faced by those involved in higher education.
- A panel of Duquesne community members will discuss the unique risks faced by Duquesne and how we can stay protected.
- Raffle, giveaways and food!
For more information, please check out our event page: http://www.duq.edu/about/campus/computing-and-technology/cts-events
Duquesne University Cyber Security News:
Phishing remains a constant threat to our campus community. In addition to a general overview of phishing messages and tips on avoiding them, you can find a list of the most recent phishing emails we've received on our website: www.duq.edu/phishing
If you receive one of these messages, please delete it. If you'd like to report it to Microsoft, you can report it through the Outlook Web Application interface, or by forwarding it to Microsoft via email.
More information about reporting phishing messages can be found here:
Tech Support Phone Scams:
The University has seen a number of fraudulent activities related to Tech Support Phone Scams. In these scams, you might receive a telephone call from an individual claiming to be from Microsoft, Xerox or some other trusted source. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:
- Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords.
- They might also then charge you to remove this software.
- Convince you to visit legitimate websites to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
- Remember, neither Microsoft nor Xerox will ever proactively reach out to you to provide unsolicited PC or technical support.
Brute Force Attack
Over the past few months, CTS has noticed an increase in brute force attacks which is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.
- Maintain a strong password to help prevent being a victim of one of these attacks.
Operating System Upgrades
`Tis the season for new operating systems. iOS 10 was released recently, along with Windows 10 ‘Anniversary' Edition, Android 7.0 ‘Nougat', and Apple's macOS 10.12 Sierra. Be safe and secure when you are upgrading your operating system. Backup your data, read about the update to make sure it applies to your hardware and your needs. If you are updating a mobile device, make sure your battery is fully charged. Sometimes it is good practice to wait one ‘dot' update to a new version of an operating system. This type of incremental update can fix early discovered bugs and sometimes important security features.
CTS Tips: STOP. THINK. CONNECT.
Keep a Clean Machine
- Keep security software current: Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
- Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.
- Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems and other web-enabled devices also need protection from viruses and malware.
- Plug & scan: ‘USBs' and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect Your Personal Information
- Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that's stored in a safe, secure place away from your computer.
- Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It's OK to limit who you share information with.
Connect with Care
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or, if appropriate, mark as junk email.
- Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
- Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with ‘https://' or ‘shttp://', which means the site takes extra measures to help secure your information. ‘Http://' is not secure.
Be Web Wise
- Stay current. Keep pace with new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family and colleagues and encourage them to be web wise.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Back it up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.
Be a Good Online Citizen
- Safer for me, more secure for all: What you do online has the potential to affect everyone at home, at work, and around the world. Practicing good online habits benefits the global digital community.
- Post only about others as you have them post about you.
- See Something, Say Something: Report suspicious Internet activity to CTS at firstname.lastname@example.org and to Duquesne University Public Safety.
- Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center and to your local law enforcement, state attorney general and Duquesne University Public Safety as appropriate.