Welcome to the August 2015 edition of the Information Security Newsletter.

I hope we all had a great summer and I would like to personally welcome the new faculty and staff to SUU.

###Information Security Awareness Training

To help members of our campus community better protect both campus information as well as personal information, the University provides Information Security Awareness Training. The goal of the training is to increase awareness in our campus community of how information, whether campus related or personal, is targeted and the steps we can take to better protect ourselves, our campus, and our families.

Every employee is expected to complete the Information Security Awareness Training yearly. The training period runs during Fall and Spring semesters, so we are beginning a new round of training for the upcoming year, beginning August 17th.

The training can either be completed online via Canvas or by attending a live training session offered regularly throughout the year. The online training offers the flexibility of completing it at your own pace. To access the online training, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Awareness Training in your list of courses.

The live training offers the opportunity to complete the training in one sitting. For the month of August, the live training sessions will be offered during Welcome Week. Multiple sessions are offered for your convenience. Simply attend the session that works best with your schedule.

All live sessions will be in room PEB 101 (PE Building).

Tuesday, Aug 18th @ 9:30-11:00am Tuesday, Aug 18th @ 1:00-2:30pm Tuesday, Aug 18th @ 3:00-4:30pm Wednesday, Aug 19th @ 2:30-4:00pm

More sessions will be scheduled once the semester gets under way to accommodate those who are unable to attend during Welcome Week, and still want to participate in a live session. If a particular department/unit would like to schedule an individualized training, please contact Mark Walton to schedule a time.

###Help Desk Move

The IT Help Desk has moved. It is now located in the Sharwan Smith Center in Room 106, which is right across the hall from the Chartwell’s dining area. If you have any IT needs, you’ll want to check the Help Desk first. They often can help you right over the phone. They can be reached at 865-8200.

###Password Managers

We’ve talked a lot about passwords and password managers in the past. Best practices for passwords include having sufficiently long/complex passwords and having unique passwords for every account. To help keep track of all those passwords, we recommend the use of a password manager. With a password manager, you use a “master” password to access your password vault, which then stores all of your other passwords. There are two categories of password managers: file-based and cloud-based. A file-based manager is where the password vault is created and stored on your local computer. The advantage is that your passwords are protected from the hackers of the world. The disadvantage is that if you want access to your passwords on multiple devices, then you’ll need to use a file replication service, such as Dropbox, to sync your password vault on all of your devices. A cloud-based service is where you log into their web site and store all of your passwords within their service. An advantage is that because it’s web-based, it’s accessible from any web browser. The disadvantage is that it’s a cloud service, and as such is a target for hackers.

For on-campus use, the IT Department officially supports KeePass. For those running Windows 7, simply download the latest version from keepass.info, and install it. For Windows 8.1 users, it is available in the Software Center.

KeePass is meant to be a simple and easy-to-use password manager. There are certainly other password managers out there, which work equally well. Some IT recommendations for home use, in addition to KeePass, include 1Password (file-based) and LastPass (cloud-based). They both have basic versions which are free, and you can upgrade to their premium versions for additional functionality. An added word of caution. Make sure you remember your “master” password. If you forget that password, there is absolutely no way to recover your password vault. That’s kind of the point of a password manager.

###Windows 10 - Beware scams

Windows 10 was released at the end of July. For those with home computers running Vista, Windows 7, or Windows 8/8.1, you should be eligible for a free upgrade. Just make sure you’re downloading it from Microsoft. The bad guys are using this as an opportunity to trick people into installing malware on their computers. They are sending out fake Windows 10 upgrade emails with either malicious links or malicious attachments in an attempt to gain access to people’s computers.

As for the campus deployment of Windows 10, our current plan is for IT to evaluate Windows 10 in our offices and test compatibility with our suite of enterprise software. We may deploy Windows 10 in a pilot phase in one of our open student labs either late this fall, or early spring. As the compatibilty improves with other enterprise software we use on campus, we will provide deployment to new faculty/staff computers as an optional install. As with any new operating system, sufficient testing must be completed internally in order to provide the best support we can to the campus community.

###Winner of the Monthly Bookstore Drawing

July: Aimee Uchman

Our great employees are our best early warning system for phishing and other social engineering attacks. We encourage all employees to report any phishing emails they receive or scams they are aware of. Every month we conduct a drawing for a bookstore gift card. To enter the monthly drawing, simply forward phishing emails that you have received to phish@suu.edu, or send an email detailing any scams to the same address. You will be entered for every email you send in.

Mark Walton Director IT Security walton@suu.edu