Information Security Awareness Training

To help members of our campus community better protect both campus information as well as personal information, the University provides Information Security Awareness Training. The goal of the training is to increase awareness in our campus community of how information, whether campus related or personal, is targeted and the steps we can take to better protect ourselves, our campus, and our families.

Every employee is expected to complete the Information Security Awareness Training yearly. The training period runs during Fall and Spring semesters, so we are beginning a new round of training for the upcoming year, beginning August 16th.

The training can either be completed online via Canvas or by attending a live training session offered regularly throughout the year. The online training offers the flexibility of completing it at your own pace. To access the online training, simply log into Canvas at http://suu.instructure.com (enter your campus credentials), and look for Information Security Awareness Training in your list of courses.

The live training offers the opportunity to complete the training in one sitting. For the month of August, the live training sessions will be offered during Welcome Week. Multiple sessions are offered for your convenience. Simply attend the session that works best with your schedule.

All live sessions will be in room BU 110 (Business Building).

Wednesday, Aug 17th @ 3:00-4:30pm Thursday, Aug 18th @ 10:30-noon Thursday, Aug 18th @ 1:00-2:30pm

More sessions will be scheduled once the semester gets under way to accommodate those who are unable to attend during Welcome Week, and still want to participate in a live session. If a particular department/unit would like to schedule an individualized training, please contact Mark Walton to schedule a time.

Access to Data Center and Surrounding IT Offices

Every couple of years the IT department undergoes a security assessment conducted by outside security professionals. One of the findings of the last assessment centered around physical security of the data center and surrounding IT offices. The risk was classified as “high” by the assessment team, and the IT department felt it prudent to implement the team’s recommendation and better control access to sensitive IT areas. Anyone needing to meet with IT staff whose office is part of a sensitive location will now need to make prior arrangements to meet in another part of the building and be escorted into any restricted area. We know this will inconvenience many, and unfortunately reflects the ever increasing threat the University faces.

Lessons from Pokemon Go

Have you caught them all? With the Pokemon Go craze, it presents an opportunity to highlight issues whenever you install a new app. Upon installation, a new app will often ask for permissions to certain features of your mobile device, like your location, photos, camera, etc. You need to pay careful attention to what access you grant to your device. Case in point. An oversight with the Pokemon Go app actually granted access to all of the information available through your Google account if you used a Google account to sign-in. This effectively granted the app access to your e-mail, search history, and other potentially private information which was not needed for the functionality of the game. The issue has been corrected in this case, but each of us needs to better understand how our private information could potentially be exposed simply by installing an app. I’m not saying to avoid installing any apps, just be aware of the potential cost when it comes to your privacy.

Current Scam: Money Request from Paypal.

Paypal has a feature that allows users to do a “money request.” Fraudsters are using compromised accounts and using the feature to not only try and solicit funds directly from unsuspecting users, but also to trick individuals into clicking on malicious links included in the request. Always be cautious when it comes to links in messages, and remember, that advice doesn’t just apply to e-mails. Any service that allows you to message another individual and allows for links can be abused, whether that’s Paypal, Facebook, or whatever.

Current Scam: Social Security Account Fraud.

There is a Social Security Account scam going around where you receive an official-looking email from the Social Security Administration with an invitation to create an account so you can receive your benefits or check on your estimated benefits. The link takes you to a fake website where the fraudsters hope you will enter your personal information. Remember to never click on links in these types of emails. If you want to sign up for a My Social Security Account, make sure you are going to the official site at ssa[.]gov.