Archive

Archive for the ‘CyberSecurity Awareness’ Category

National Cyber Security Awareness Month Just Around the Corner!

September 26, 2013 Comments off

More and more cybercrimes occur every day over the world. Unfortunately, many
people are still unaware of the dangers that lurk just around the mouse click.
It is for this reason that, over the past few years, Homeland Security has made
it a priority to bring cyber awareness to the masses. With the help of various
organizations they are able to reach a vast number of individuals. That is why
SHSU will participate in National Cyber Security Awareness Month with other
organizations across the country.  Read More.

Social Engineering Alert

May 30, 2013 Comments off

At least one agency in the Texas State University System has been the target of two attempted social engineering events in the past few weeks. We want to make sure that you are careful with the information that you provide to those that contact your department.

Social engineering is a means of manipulating a person into releasing information or performing acts that will give another person access to secure information. A lot of times the person being manipulated may not realize what is happening until well after the information is given out.

For additional information on this topic including steps to help you avoid being a target, read the July 2012 Cyber Security Tip Newsletter published by the Texas Department of Information Resources. Additional information can also be found on the United States Computer Emergency Readiness Team site.

If you feel you have been the target of social engineering, please do not hesitate to contact IT@Sam to report the issue.

Stay Safe in a Dangerous Online World Part 2

August 9, 2011 Comments off

Last month we talked about some ways that you can help mitigate the likelihood of getting a virus, downloading malware or falling prey to a phishing attempt. This month we will touch on a few ways you can protect yourself from a phishing attempt.

For a bit of background on “phishing,” see Wikipedia.

“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

E-mail and Phishing

E-mail is the main attack route for a phishing attempt, the goal of which is to steal your personal information. To help recognize a phishing attempt use these five guidelines.

  • A non-specific or generic greeting.Internet criminals don’t normally setup mailing lists with users names autoloaded in, so their email messages usually start with:
    • Dear Customer
    • Dear Account Holder
    • Dear PayPal user
  • Fake links. A link in an email can be made to say anything in the text. Place the mouse cursor over the link and Outlook will display the actual link destination. In my example I made a link that displays as the Home Depot website but in reality is a link to the SHSU Homepage.
  • Links to Non-secure login pages. All legitimate login pages will exist on a secure website. To see if the site you are on is secure look at the beginning of the address. Secure sites begin with “HTTPS:” not just “HTTP:”. The S at the end denotes that site as secure. If you are unsure about a page that claims to be secure you can click on the name of the company to the left of the URL address and see who has verified the website. For example SHSU’s SamWeb is located at HTTPS://SAMWEB.SHSU.EDU and we have been verified by GlobalSign as a secure site.
  • Asking for personal information. The entire point of the phishing attempt is get you to give up your personal information (Social Security Number, Credit Card Number, Bank Account, Residential Address, etc.) so that they can either steal your identity or sell your contact information to companies around the world. Every company that you do business with probably already has all of the information that they need from you. If you think it might be a legitimate request for information then look up that company’s contact information online (not from the e-mail they sent you) and call them to confirm.
  • Immediate Needs and Deadlines. Criminals don’t want to wait around for you to send them your vital information so they will put emergency notices and deadlines into their phishing attempts. They will frequently say that an account is going to expire within a few days if you don’t respond or that a service will be terminated and you will have to pay exorbinant reconnect fees. Don’t be fooled by this, take the time you need to verify that this is a real request before you give out any information, and whatever info you do give, do it over the phone and not via e-mail.

Cyber Security Awareness Month Poster Contest

July 19, 2011 Comments off

October is Cyber Security Awareness month and IT@Sam is proud to announce that we are hosting a Cyber Security Poster Contest.

We are also issuing a call for judges. If you have experience dealing with cyber security issues, technology issues, or are just interested in becoming a judge please contact Lucrecia Chandler at UCS_LKN@shsu.edu

2011 Poster Contest Entry Requirements

Poster submissions should cover a cyber security problem and specific remedies or actions to combat that problem.

Contestants

  • This contest is open to all currently enrolled students at Sam Houston State University.
  • Students can submit more than one poster.
  • Students must be willing to make minor adjustments if necessary based on feedback from judging committee.

Poster Guidelines

  • Resolution must be sufficient to be printed at a max of 24”x36” without scaling (300dpi minimum).
  • Submissions must be in .jpg format.

Content

  • Content should be targeted for a large audience that will include fellow students along with faculty and staff.
  • Correct spelling, punctuation, and grammar must be used.
  • All content must be original and generic. No brands, vendors, etc.
  • A long shelf life is desirable.
  • Professional (or paid) assistance is not allowed.
  • Sponsorship is not allowed.
  • This contest is to showcase your work to the higher education community. We will license all entries under a Creative Commons Attribution-Non Commercial-Share Alike 3.0 Unported License (http://creativecommons.org/licenses/by-nc-sa/3.0/).
  • Submissions will be featured on the IT@Sam Service Desk Blog, Twitter feed, and Facebook pages along with various Cyber Security related presentations.

Prizes

There will be prizes for the top three posters and an Honorable mention for the fourth place winner. Please stay tuned for an update in a future IT@Sam Newsletter issue about the prizes.

Epsilon Security Breach

April 4, 2011 Comments off

Many of you may have received an email over the weekend from a company that you do business with that reads similarly to the following:

We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.

Epsilon has assured us that the only information that may have been obtained was your first and last name and e-mail address. REST ASSURED THAT THIS VENDOR DID NOT HAVE ACCESS TO OTHER MORE SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBER OR CREDIT CARD DATA.

Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

In keeping with standard security practices, the <COMPANY> will never ask you to provide or confirm any information, including credit card numbers, unless you are on a secure <COMPANY> site.

Epsilon has reported this incident to, and is working with, the appropriate authorities.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely,

<COMPANY>

Security Week has published a story regarding this breach and is keeping it updated with the brands that have been affected. Please take a look and if you do business with any of the reported companies, please be extra cautious of any emails that appear to be sent from them to you in coming weeks, especially if they are asking you for personal information. If you are concerned about the legitimacy of an e-mail, it is always best to contact the company for verification.

Stay safe out there!

Secure Your Passwords

March 30, 2011 Comments off

If you need some incentive to secure your password just Google “password hack horror stories.” You’ll see stories of drained PayPal accounts, deleted Gmail accounts, hacked Facebook accounts with terribly embarrassing status updates and myriad other stories that will inspire you to rethink your personal password strategy. Resolve to secure your passwords and try the following tips:

  • Take a lesson from the Gawker Media hack this past December and avoid the passwords on this list.
  • Follow the tips for creating strong passwords published in Microsoft’s Online Safety guide.
  • Don’t use the same password for all your accounts. That way, if some dishonest person does successfully hack one of your accounts, they won’t have hit the mother load and gained access to everything.
  • Never share your password with anyone, not even if they seem legit, not even with us!

 

Cyber Security Awareness Month

September 27, 2010 Comments off

Cyber Security Awareness Month is coming up in October. Information Resources has scheduled several sessions pertaining to Cyber Security Awareness that we’d like to invite the SHSU community to attend. You’ll find the calendar of events listed below. We hope to see you there!

General Cyber Security
Kayla Stephenson, Information Resources – Client Support

This session will be a general overview of cyber security and what you as an individual can do to be secure while online. We will touch on phishing, copyright, malware, spyware, and anti-virus, among other topics.

Sessions:

Monday, October 4, 2010
Olson Auditorium (AB4, room 220)
2PM until 3PM
Tuesday, October 26, 2010
Olson Auditorium (AB4, room 220)
4PM until 5PM


Identity Theft
Kristy Vienne, Assistant VP Student Services and Director Bearkat OneCard Office

This session is targeted to all interested individuals. Information on how identity theft happens will be presented along with remedies if it happens to you.

Sessions:

Thursday, October 7, 2010
Olson Auditorium (AB4, room 220)
4PM until 5PM
Wednesday, October 20, 2010
Olson Auditorium (AB4, room 220)
2PM until 3PM


Laptop/Travel Preparation
Kayla Stephenson, Information Resources – Client Support

Do you travel a lot? Do you take your laptop with you when you do? Targeted toward faculty and staff, this session will cover topics on how to ensure that your laptop is in tip-top shape before you travel.

Sessions:

Tuesday, October 12, 2010
Olson Auditorium (AB4, room 220)
4PM until 5PM
Thursday, October 28, 2010
Olson Auditorium (AB4, room 220)
4PM until 5PM


Copyright Infringement
Ann Holder, SHSU Copyright Officer

Targeted toward students, this session will cover the risks associated with using peer-to-peer networks, the penalties associated with copyright infringement, public domain, and SHSU policies and procedures.

Sessions:

Wednesday, October 13, 2010
Olson Auditorium (AB4, room 220)
2PM until 3PM
Thursday, October 21, 2010
Olson Auditorium (AB4, room 220)
4PM until 5PM
Follow

Get every new post delivered to your Inbox.

Join 352 other followers