Introducing Argos Web Viewer

The IT department is excited to introduce a new Argos feature–the Argos Web Viewer (AWV). Traditionally, Argos has only been available as a Windows desktop application, but with AWV, Argos reports will be available to view in most web browsers. AWV includes helpful features such as searching for reports, adding and viewing report shortcuts, and viewing recent reports.

Additionally, over the past few years, there have been several reports that we have made available in the portal. We have received positive feedback in terms of the convenience of these portal reports. With AWV allowing us to publish Argos reports via the web, we will be transitioning these portal reports to AWV, in hopes that they will be similarly convenient to access.

AWV will be available soon. For details on how to access it, please visit the AWV help-center article. As always, if you have any questions, concerns, or feedback, please submit a Help Desk request.

Note: To create or edit reports, the Argos desktop application will still be required.

- SUU Administrative Systems


Information Security Awareness Newsletter - January 2016

Welcome to the January 2016 edition of the Information Security Newsletter.

In a continuing effort to better protect campus resources, access to Banner INB from off-campus has been moved behind the VPN. This means that in order to access Banner INB from off-campus, you must first be logged into the SUU VPN. This includes if you are working from home and are connected to your home network. You still need the VPN in order to access INB. If you are on-campus, access hasn’t changed and you do not need the VPN. The VPN is a Virtual Private Network that encrypts all communication between your computer and the campus network. It basically extends our network over the Internet to include your computer. All campus employees have access to the VPN. Additionally, we encourage its use when employees are traveling and need to connect to untrusted wifi networks such as found in hotels, airports, and any other public hotspot offering free wifi. This will help protect you from others in your vicinity eavesdropping in on your wifi connection (see Security Mistake #8 below) and potentially stealing sensitive information such as passwords.

To get access to the VPN, you need to install the VPN client on your campus laptop. Open up a web browser, go to https://lightning.suu.edu, and enter your account credentials. The VPN system will attempt to automatically install the client, but sometimes this automatic process fails. If it does fail, it should give you a link to download the installer. Go ahead and download the installer and run it on your computer.

There is also a VPN client for Android and iOS devices if you want to use the VPN from your mobile devices. Simply search for Cisco AnyConnect in Google Play or the AppStore and install the free app.

Once you get the AnyConnect VPN client installed, you’ll want to connect to the VPN anytime you’re traveling or trying to access protected services such as INB. Simply launch the AnyConnect client, connect to “lightning.suu.edu”, and enter your credentials. You should see a little locked icon in your system tray. When you want to disconnect, simply right-click on the icon and disconnect, or exit the AnyConnect client.

If you have any issues, just let me know.

Beware the IRS Scam

Tax season is rapidly approaching. A couple of employees have reported receiving phone calls from someone pretending to be the “IRS” claiming that they were filing a law suit against the individual for failure to pay back taxes. They provide a phone number for you to call to help resolve the issue. This is a SCAM. If you receive such a call, simply hang up. You may report it on the IRS web site (link given below).

The fraudsters will be in full force as tax season begins, so be on the lookout for various scams. Another common scam is where people impersonate you and file a phony tax return collecting a tax refund before you file the real one. For additional information, the IRS has a list of Tax Scams/Consumer Alerts on their web page: https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.

Internet Explorer versions 8, 9, 10 and Windows 8 will no longer receive updates

Microsoft has announced that it will no longer be providing updates, including security fixes, for Internet Explorer (IE) versions 8, 9, and 10, and for Windows 8 as of January 12, 2016. As I’ve mentioned before, the #1 way of protecting your computers from malware infection is to keep all software on your computer up-to-date. Since Microsoft will no longer be providing updates to those versions of IE and Windows, you’ll want to upgrade as quickly as possible.

For Internet Explorer, you’ll want to either upgrade to IE 11, or you’ll want to switch to another browser, like Mozilla Firefox or Google Chrome. If you’re already on Windows 10, Edge is the replacement for IE.

For Windows 8, you can either upgrade to 8.1 or to 10. Both should be free upgrades. If you anticipate upgrading to Windows 10, you’ll need to upgrade to 8.1 first, and then you’ll be able to upgrade to 10. Keep in mind that you’ll want upgrade before July 29, 2016. It’s a free upgrade for eligible devices until then. Afterwards you will have to pay for the upgrade. Please note that this is for your home computers. The IT department will handle the upgrades to Windows 10 for any campus computer.

10 Security Mistakes Nearly Everyone is Guilty Of - #7 & #8

Mistake #7: Leaving Devices Unattended

You should never leave your devices unlocked and unattended. Although the biggest risk is device theft, you are also leaving yourself susceptible to data theft. Protect those mobile devices at all times. Make sure they are locked with a good PIN or password, and for those devices that support it, are encrypted and have remote wiping capabilities enabled.

Mistake #8: Browsing on Unsecured Connections

It’s always tempting to connect to that free wifi hotspot at the hotel or coffee shop. However, it’s easy for the bad guys to eavesdrop on unencrypted wireless communications and potentially snoop your confidential and private information, including passwords. If you’re going to be conducting sensitive business online, make sure it’s on a trusted network such as your home or the SUU network, or you’re using the VPN to encrypt your communications. When you’re traveling, you should get in the habit of always connecting to the VPN when you access a public hotspot.

Phishing: Beware of E-mail Attachments

Just another reminder to not click links or open attachments in e-mails that you were not expecting. We recently had a couple of employees open an attached “invoice” for something they never ordered. Once opened the attachment promptly infected the users’ computers, encrypting all of the data, making it unusable. Fortunately, they had a backup of their data and we were able to restore their files.

Information Security Awareness Training

It’s been a couple of months since I’ve been able to offer training sessions. Please see the schedule below for live sessions that will be offered in the month of January. If you want to complete the training online, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Awareness Training in your list of courses.

All live sessions will be in room Lib 002 (Library).

Tuesday, January 19th @ 3:00-4:30pm
Wednesday, January 20th @ 9:00-10:30am

Winner of the Monthly Bookstore Drawing

November: Lynne Brown
December: Laura McAneney

Our great employees are our best early warning system for phishing and other social engineering attacks. We encourage all employees to report any phishing e-mails they receive or scams they are aware of. Every month we conduct a drawing for a bookstore gift card. To enter the monthly drawing, simply forward phishing e-mails that you have received to phish@suu.edu, or send an e-mail detailing any scams to the same address. You will be entered for every e-mail you send in.


Information Security Awareness Newsletter - November 2015

Welcome to the November 2015 edition of the Information Security Newsletter.

Happy Holidays and Be Careful Out There

Here are some resources to help you stay safe during the holiday season.

The Top 5 Holiday Scams from The CyberHeist News. With permission, I’m copying The CyberHeist News top 5 holiday scams to watch out for.

  1. Black Friday/Cyber Monday Specials: This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information - but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a “special offer” is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.
  2. Complimentary Vouchers or Gift Cards: A popular holiday scam is big discounts on gift cards. Don’t fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and “Think Before You Click” on offers or attachments with any gift cards or vouchers!
  3. Bogus Shipping Notices From UPS and FedEx: You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all your files hostage until you pay 500 dollars in ransom.
  4. Holiday Refund Scams: These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there’s a “wrong transaction” and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? if the debit card gets compromised, the bad guys can empty your bank account quickly.
  5. Phishing on the Dark Side: A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!

Shopping Online Securely by the SANS Institute

I’m linking to the November 2015 Monthly Security Awareness Newsletter published by the SANS Institute. Yes, it’s a link in an e-mail. When you hover over the link, you should be going to www[dot]securingthehuman[dot]org. This is a website operated by SANS. The newsletter gives some more advice on how to protect yourself online. https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201511_en.pdf

The best advice that I can give is to be wary of offers that seem to good to be true, and to check your accounts often. I check mine every day or two. Additionally, I have enabled alerting on my accounts so I get automatic emails whenever my credit card is used. Also, I recommend using well-known shopping sites like Amazon, eBay, Walmart, Target, etc. If you’re buying something from a relatively obscure site, then I would recommend doing a little bit of research about the site before you buy.

10 Security Mistakes Nearly Everyone is Guilty Of - #5 & #6

Mistake #5: No Security Solutions

Everyone should have some form of Anti-Virus/Anti-Malware (AV) protection installed on their computer and ensure that it’s up-to-date. There are both commercial and free products available. I don’t have any specific recommendations, other than to have something. It’s also important to understand that Anti-Virus software isn’t 100% effective. It’s good to have AV, but you shouldn’t engage in risky behavior such as clicking on unknown links in e-mails or opening attachments with the rationale that it’s safe, thinking your AV solution will protect you.

Mistake #6: ‘It won’t happen to me’

The Internet is a wonderful thing, but it also makes each one of us as accessible to the bad guys as anyone else. If we think it won’t happen to us, then we tend to engage in risky online behavior and not adhere to basic protective best practices like we’ve been talking about. Thus consequently, we actually make it more likely that it will happen to us. Most criminals are looking for the easy catch, and by us subscribing to a few basic protective measures, we can greatly reduce the chance of becoming a statistic.

Information Security Awareness Training

I appreciate those who have already completed the training. For those that want to attend a live training session, I’ll be scheduling more sessions for December. To complete the training online, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Awareness Training in your list of courses.

Winner of the Monthly Bookstore Drawing

October: Earl Mulderink

Our great employees are our best early warning system for phishing and other social engineering attacks. We encourage all employees to report any phishing e-mails they receive or scams they are aware of. Every month we conduct a drawing for a bookstore gift card. To enter the monthly drawing, simply forward phishing e-mails that you have received to phish@suu.edu, or send an e-mail detailing any scams to the same address. You will be entered for every e-mail you send in.


Vendor System Support

SUU has several support contracts for third-party systems such as Banner, TouchNet, Astra, Argos, etc. We encourage departments to utilize this valuable resource for troubleshooting issues or errors. Not only can these vendors provide corrective and efficient solutions, but listening to them can provide a very useful learning experience.

In many cases, our contracts with vendors provide an unlimited amount of support tickets.

As always, our team will do all we can to support these systems as well. So when vendor support requires us to be involved, please don’t hesitate to contact us.

- SUU Administrative Systems


Microsoft Office 365 Free for SUU Students, Faculty, and Staff

Office 365

The SUU IT department is pleased to announce that Office 365 is now available to students, faculty, and staff for free for home use. Student must sign up using a valid suumail.net email address. Students can get an suumail.net email address if they do not already have one at https://my.suu.edu/suumail. Faculty and staff must use their suu.edu email address to sign up for Office 365.