Welcome to the January 2016 edition of the Information Security Newsletter.

In a continuing effort to better protect campus resources, access to Banner INB from off-campus has been moved behind the VPN. This means that in order to access Banner INB from off-campus, you must first be logged into the SUU VPN. This includes if you are working from home and are connected to your home network. You still need the VPN in order to access INB. If you are on-campus, access hasn’t changed and you do not need the VPN. The VPN is a Virtual Private Network that encrypts all communication between your computer and the campus network. It basically extends our network over the Internet to include your computer. All campus employees have access to the VPN. Additionally, we encourage its use when employees are traveling and need to connect to untrusted wifi networks such as found in hotels, airports, and any other public hotspot offering free wifi. This will help protect you from others in your vicinity eavesdropping in on your wifi connection (see Security Mistake #8 below) and potentially stealing sensitive information such as passwords.

To get access to the VPN, you need to install the VPN client on your campus laptop. Open up a web browser, go to https://lightning.suu.edu, and enter your account credentials. The VPN system will attempt to automatically install the client, but sometimes this automatic process fails. If it does fail, it should give you a link to download the installer. Go ahead and download the installer and run it on your computer.

There is also a VPN client for Android and iOS devices if you want to use the VPN from your mobile devices. Simply search for Cisco AnyConnect in Google Play or the AppStore and install the free app.

Once you get the AnyConnect VPN client installed, you’ll want to connect to the VPN anytime you’re traveling or trying to access protected services such as INB. Simply launch the AnyConnect client, connect to “lightning.suu.edu”, and enter your credentials. You should see a little locked icon in your system tray. When you want to disconnect, simply right-click on the icon and disconnect, or exit the AnyConnect client.

If you have any issues, just let me know.

Beware the IRS Scam

Tax season is rapidly approaching. A couple of employees have reported receiving phone calls from someone pretending to be the “IRS” claiming that they were filing a law suit against the individual for failure to pay back taxes. They provide a phone number for you to call to help resolve the issue. This is a SCAM. If you receive such a call, simply hang up. You may report it on the IRS web site (link given below).

The fraudsters will be in full force as tax season begins, so be on the lookout for various scams. Another common scam is where people impersonate you and file a phony tax return collecting a tax refund before you file the real one. For additional information, the IRS has a list of Tax Scams/Consumer Alerts on their web page: https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.

Internet Explorer versions 8, 9, 10 and Windows 8 will no longer receive updates

Microsoft has announced that it will no longer be providing updates, including security fixes, for Internet Explorer (IE) versions 8, 9, and 10, and for Windows 8 as of January 12, 2016. As I’ve mentioned before, the #1 way of protecting your computers from malware infection is to keep all software on your computer up-to-date. Since Microsoft will no longer be providing updates to those versions of IE and Windows, you’ll want to upgrade as quickly as possible.

For Internet Explorer, you’ll want to either upgrade to IE 11, or you’ll want to switch to another browser, like Mozilla Firefox or Google Chrome. If you’re already on Windows 10, Edge is the replacement for IE.

For Windows 8, you can either upgrade to 8.1 or to 10. Both should be free upgrades. If you anticipate upgrading to Windows 10, you’ll need to upgrade to 8.1 first, and then you’ll be able to upgrade to 10. Keep in mind that you’ll want upgrade before July 29, 2016. It’s a free upgrade for eligible devices until then. Afterwards you will have to pay for the upgrade. Please note that this is for your home computers. The IT department will handle the upgrades to Windows 10 for any campus computer.

10 Security Mistakes Nearly Everyone is Guilty Of - #7 & #8

Mistake #7: Leaving Devices Unattended

You should never leave your devices unlocked and unattended. Although the biggest risk is device theft, you are also leaving yourself susceptible to data theft. Protect those mobile devices at all times. Make sure they are locked with a good PIN or password, and for those devices that support it, are encrypted and have remote wiping capabilities enabled.

Mistake #8: Browsing on Unsecured Connections

It’s always tempting to connect to that free wifi hotspot at the hotel or coffee shop. However, it’s easy for the bad guys to eavesdrop on unencrypted wireless communications and potentially snoop your confidential and private information, including passwords. If you’re going to be conducting sensitive business online, make sure it’s on a trusted network such as your home or the SUU network, or you’re using the VPN to encrypt your communications. When you’re traveling, you should get in the habit of always connecting to the VPN when you access a public hotspot.

Phishing: Beware of E-mail Attachments

Just another reminder to not click links or open attachments in e-mails that you were not expecting. We recently had a couple of employees open an attached “invoice” for something they never ordered. Once opened the attachment promptly infected the users’ computers, encrypting all of the data, making it unusable. Fortunately, they had a backup of their data and we were able to restore their files.

Information Security Awareness Training

It’s been a couple of months since I’ve been able to offer training sessions. Please see the schedule below for live sessions that will be offered in the month of January. If you want to complete the training online, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Awareness Training in your list of courses.

All live sessions will be in room Lib 002 (Library).

Tuesday, January 19th @ 3:00-4:30pm
Wednesday, January 20th @ 9:00-10:30am

Winner of the Monthly Bookstore Drawing

November: Lynne Brown
December: Laura McAneney

Our great employees are our best early warning system for phishing and other social engineering attacks. We encourage all employees to report any phishing e-mails they receive or scams they are aware of. Every month we conduct a drawing for a bookstore gift card. To enter the monthly drawing, simply forward phishing e-mails that you have received to phish@suu.edu, or send an e-mail detailing any scams to the same address. You will be entered for every e-mail you send in.