• CIS Homepage
  • CIS HelpDesk
  • CIS SharePoint
  • CIS Internal Wiki


Skip to end of metadata
Go to start of metadata

[Student]  [Faculty]  [Staff]  [Security Notices]


 Technology Blog Archive

Blog Posts


The fast pace of change has made weeks feel like months as we march ever closer to the start of the Spring term. The busyness has been all the more jarring looking out the window and seeing campus shrouded in inactivity.  Despite the physical distances between, it is encouraging to know that so many are working so hard to continue the educational experience for our students online. With that in mind, here are your technology updates from the past week.

Remote Access to Campus (VPN)

Work continues on resolving the VPN remote access issues.  If your office is critically impacted, please have your department head or dean contact the CIS HelpDesk.  

CIS Helpdesk Support for Spring Term

If you need assistance please submit a ticket,  call 206.281.2982, or email help@spu.edu.  The Helpdesk will provide support 7:30am-5pm M-F. Evening support from 5pm-9pm will be provided Monday through Thursday from April 13th - May 21st.  

The CIS Helpdesk is closed to walk-in support. If you need in-person support, please contact the Helpdesk to make an appointment.  Only 1 person will be allowed into the CIS space at at time to maintain social distancing.  Appointments can be made M-F 10am-3pm for the first week of school and alternating Mondays/Tuesdays from 10am-3pm for the remainder of the term.  

Academic Labs and Software

Work continues to get academic labs hosted in the cloud.  The team is on track to begin testing with select faculty next week.  CIS plans to deliver the following 10 applications by the start of the term.  Additional applications will follow. If you have additional software that is critical and needs to be prioritized, please speak with your dean.  

Minitab • Autodesk AutoCAD • Autodesk Revit • ArcGIS • The Food Processor • MATLAB • Multism • Maple • LabView •SketchUp Pro

Adobe At-Home

Adobe is offering free use of Adobe Creative Cloud for all students, faculty, and staff through May 31. We are working with Adobe to extend access through the end of our spring quarter. 

Zoom Pro: Security and Privacy

There have been a number of recent security issues with Zoom making headlines (WSJ) lately. As usage has increased, so has the abuse of Zoom's easy-to-use and open platform.  See the following articles to understand key issues and how to secure your Zoom classes and meetings.  At this time we recommend 

Scams and Cybersecurity

Scammers worldwide are taking advantage of the COVID-19 crisis. Lax security and fractured communications during a rapid pivot of business and technology operations create a perfect environment for fraud. Stay vigilant as well as healthy.

Student Employees Work From Home

If you have student employees who lack the computing resources to do their work remotely, have your department head contact the Office of Student Employment (OSE@spu.edu).  Please be prepared to provide information on the number of student employees impacted and the resources they need access to.  

CIS is exploring remote desktop solutions that may allow students and employees to access on-campus workstations remotely. When contacting the Office of Student Employment, also note whether there is a desktop computer on campus that the student normally uses.

Loaner Computers for Students

The Technology Support Services team at the CIS HelpDesk has prepared a limited number of used computers to loan to students needing a device for the Spring term. Please have students contact the Center for Learning (cfl@spu.edu) for the evaluation of need. Approved students will be able to return the device at the end of the loan term or purchase it from the University.

Remote Call Centers and Phones

CIS has set up internet-based call centers for several campus offices including CIS, Student Financial Services and Admissions.  If your area is in need of routing your department's call center to those working remotely, reach out to the CIS Helpdesk. The service cost is $33/person/month.  If you need your individual phone forwarded, please submit a support ticket to the CIS Helpdesk.  


It has been another challenging week in CIS as COVID-19 continues to disrupt our campus operations and our community.  We continue to struggle with vendors who are also overwhelmed and navigating their own remote work and supply chain obstacles.  There have been long hours, early mornings, and late nights for many. 

We're not there yet, but I remain confident in the amazing folks in CIS and ETM.  Over the last two weeks I've seen them pull together, collaborating and innovating in new ways despite being physically separated and often with the kids stuck at home.  We've even checked off a few internal milestones of the Digital Transformation initiative, though not in the way we would have liked.  

Despite everything we've still found time for community.  Department meetings and one on ones continue by video chat.  The weekly CIS board game lunch is now run in a MS Teams channel using spreadsheets.  Seeing how we've already adapted gives me great confidence in the resilience of the SPU community.  We've got this!

CIS Helpdesk Support Online

The CIS Helpdesk is currently closed to walk-in support.  If you need assistance, please submit a ticket, call 206.281.2982 or email help@spu.edu.  All CIS staff remaining on campus are diligently working on remote teaching and work at home technology.  If you need to pick up a piece of equipment, please call in and schedule a time in advance.

Remote Access to Campus

We know the impact that this is having on your ability to work remotely.  This is CIS's top priority.  Staff continue to work with multiple vendors to deliver a new remote access technology up and running.  This has taken substantially longer than expected as our vendors and their tech support centers are also overwhelmed.  We also apologize for the network disruptions caused but the rapid testing and roll-out. Teams are working on three different vendor solutions concurrently and hope to deliver one of them by Monday.

SPU VPN / Citrix - When you do not need access to department file shares or on campus only systems like Raiser's Edge, please disconnect from the VPN to allow others access to these resources. 

Instructional Technology

ETM has be conducting and In-Service on remote teaching to help faculty transition to running courses remotely. Contact Educational Technology and Media with any online teaching and learning questions. CIS also partnering with ETM and the Library to research and implement remote instruction and proctoring services.

Academic Labs and Software

Work is being finalized on the remote labs infrastructure.  CIS teams are on track to deliver most key software applications remotely by the start of the term.

Adobe At-Home

Adobe is offering free use of Adobe products for all students, faculty, and staff through May 31.  We are working to confirm access will extend through the end of our spring quarter.  In the meantime, this is now available for installation.

Video Conferencing with Zoom Pro

Zoom Pro licensing has been increased to 800 seats to accommodate all faculty and staff.  Capacity can be expanded further if there is need.

Video Conferencing with MS Teams

Microsoft Teams performance has been improved and it works well for meetings of up to about 10 people.  We've also increased our licensing level allowing phone call in capabilities and other additional features. 

Make sure to disconnect from the SPU VPN while using Teams video chat.

Microsoft Support Articles for Teaching / Meeting Remote

Laptops / Computers

The Technology Support Services team at the CIS HelpDesk have prepared a number of laptops and all-in-one computers if you need a work at home device. Please work with your supervisor to get access to a loaner device and schedule a time to pick it up. If you plan to use personal equipment from home, please review the Working from Home with Personal Devices post. 

Educause COVID-19 Resources

Educause is working to consolidate resources addressing the COVID-19's disruption to institutions of higher education. Educause is a nonprofit association and the largest community of technology, academic, 
industry, and campus leaders advancing higher education through the use of information technology.


Technology Updates

Related Blog Posts

This is a challenging time for our community as we grapple with the needs of our students, restructuring pedagogy, and rethinking business process, all while dealing with the impacts on our personal lives and our families. The rapid change to working from home was not something many of us had prepared for and has presented many challenges. Current University work/teach remote technologies were never meant to accommodate the volume of people now using them.

In that context I consider the fact that we are able to conduct business at all under these circumstances a minor miracle. It is only by God’s grace, the foresight of incredible folks He’s placed in CIS and ETM over the years, and their advocating for the adoption of new technologies that SPU is enabled to pivot operations so quickly. I have been amazed to see how so many have pulled together (while practicing social distancing) to find new ways of serving our community and our students in this crisis.

It has been a bit hectic in CIS as we head toward classes resuming in a few weeks.  We are working to scale up existing technologies to accommodate the dramatic increase in demand while rolling out new systems to ensure business continuity. I want to give special thanks to the great folks in CIS and ETM who are making all this possible.  Here is what we're doing in order of priority.

Remote Access to Campus (SPU VPN & Citrix)

The current SPU VPN, which allows access to the campus network remotely, does not scale beyond 50-60 people. This platform has started failing and cutting off access to department file shares and some campus applications as more faculty and staff have moved to remote work. Our Citrix license is limited to 20 concurrent users. 

Recommendation: When you don't need access to department file shares or on campus systems like Raiser's Edge, please disconnect from the VPN to allow others access to resources.

Action Plan: We’re rapidly testing and rolling out a completely new technology to replace the SPU VPN that does not have the same limitations.  The rapid roll-out with little time to test or wait for off hours is what caused the network outages yesterday. The fantastic staff in CIS are making great progress and hope to have this completed early next week.

Academic Labs

Classroom instruction for many programs requires the use of nearly eighty software applications that are currently only accessible by students in on-campus computer labs. CIS is working with Amazon to recreate the lab environment in the cloud, allowing students to access these tools critical to the learning experience from any internet-enabled device, anywhere in the world.

Video Conferencing (Zoom Pro / MS Teams)

Zoom Pro video conferencing will be the primary method for delivering live classes online. We managed to increase our license from 200 seats up to 450 a few weeks ago.  We’re currently working on a new contract with Zoom to scale up to 800 seats, allowing access to all key faculty and staff.  We are also working on procuring several HIPAA-compliant Zoom licenses to allow remote health consults and counseling sessions.

For Microsoft Teams video calling: we've worked directly with Microsoft to resolve a majority of the connectivity and slowness issues. Make sure to disconnect from the SPU VPN while using Teams video chat.

Laptops / Computers

Several faculty and staff do not have laptops or computers to work from home. The Technology Support Services team at the CIS HelpDesk has prepared a number of laptops and all-in-one computers to help. Please work with your supervisor to get access to a loaner device. If you plan to use personal equipment from home, please review the Working from Home with Personal Devices post. 

Call Centers and Phones

The CIS Helpdesk is piloting a cloud-based call center to run our tech support call center remotely. Please reach out to the CIS Helpdesk if there are call center needs in your areas as well.  This is a short term solution to get us through the next few months.  Long term, CIS is working to pivot away from our ancient campus phone system to a cloud-based platform. 

For individual phones, all voicemail is forwarded to the recipients SPU email, unless they opted out. CIS can setup a Voicemail call forward to your home phone or cell phone after your out of office message (“This is …. Press 0 to be forwarded to my cell phone”).

As many of us are working from home for the first time we're encountering the frictional costs that come with any change that interrupts normalcy.  There are a few good articles with tips on working from home as well as some podcasts focused on working and managing people remotely.

Podcasts


Podcasts from Manager Tools about managing and working remotely

For Everyone

For Managers

Remote Support


If you run into any technical issues while working remotely, don't fret. CIS is still available for remote support; our phone lines are still open at (206) 281-2982.


During this time there may be a need to work from home using a personal laptop or home computer. The following are guidelines on how to securely and legally use a personal device for your SPU work in order to minimize risk to the University. Review the Use of Personal / Un-Managed Devices for Work policy for details.

If you need a loaner computer or laptop to work from home effectively, please coordinate with your supervisor.

Using Web Applications (tick)


Using web applications such as Canvas, Banner, Slate, Webmail, or Office365 poses very little risk from a personal device.  

Downloading Files / Storing Sensitive Data 


If you download reports or store files that include sensitive data such as Student ID numbers, you must take proper precautions to remain compliant with data security and privacy regulations.  See the Regulated Data Chart for information on the systems we have contractual protections for, and review the applicable Data Laws and Regulations that govern the information you are working with.  

DropBox / Google Drive / etc.  

While convenient, it is unlawful to store regulated data (such as FERPA) on personal cloud storage platforms.  The University provides OneDrive for Business for this purpose. See the Regulated Data Chart for details on which types of regulated data are contractually protected in OneDrive for Business.

Device Security


It is important to keep your device secure, particularly if you are working from a shared home computer.  Remember to log off of SPU resources or lock devices when you are not present.  Review the Use of Personal / Un-Managed Devices for Work policy for details.

As we move to remote learning, you may not have internet services while you are off campus.  Comcast is currently offering some free internet connectivity.

Who offers home internet service for low-income residents in Seattle?

These companies offer low-cost, high-speed Internet in Seattle, all for around $10 a month. With help from these programs, you can check your email, do your homework, search for jobs, pay your bills, watch short video clips, download music, and much more. You can also purchase laptops, desktop computers and tablets starting at $109, and qualify for a discounted smart phone plan as well. 

This information is also available in Amharic, Chinese, Oromo, Somali, Spanish and Vietnamese

See below for contact and general information for each of these offerings. 

For more information, please contact Brenda Tate at (206) 386-1989 or by email at brenda.tate@seattle.gov.

Comcast Comcast LogoInternet Essentials Program
(855) 846-8376

  • $9.95/month unlimited internet (download speeds up to 15Mbps) + tax. No credit checks, contracts or equipment rental fees.  Must live in an area where Comcast is available.
  • Free installation and in-home Wi-Fi. Access to 40 1-hour sessions of XFINITY Wi-Fi hotspots outside the home every 30 days.
  • Four programs offered in Seattle:
    • Traditional family program: Must have a child who qualifies for the free or reduced school lunch program or attending a school that has over 40% of students on free/reduced lunch program. See list of schools here.
    • Seniors: Must be 62+ and low income.
    • Public housing residents: Must be receiving HUD housing assistance.
    • Veterans: Must be a verified veteran and receive state or federal assistance.
  • Refurbished laptops available for purchase (includes Microsoft Office, Norton Security Suite and 90-day warranty) for $149.99 + tax.
  • No Comcast Internet service for past 90 days or recent unpaid Comcast bills (under a year old).

Wave - Wave logoSimply Internet by Wave
(206) 386-1989

  • Seattle residents: Please use these forms to apply for Wave's Simply Internet program. *Please follow the special instructions on the forms for submitting your application.

  • $9.95/month unlimited internet (for speeds up to 10Mbps) + tax. No credit checks, contracts or equipment rental fees. Must live in an area where Wave is available.
  • Free installation and in-home Wi-Fi
  • Eligibility includes:
    • Anyone who qualifies for the Seattle Utilities Discount Program; or
    • Qualifies for low-income subsidized housing; or
    • Has a child who qualifies for the free or reduced school lunch program.

InterConnection Logo

InterConnection

(206) 633-1517, visit their store at: 3415 Stone Way N, Seattle, 98103, or their online store at connectall.org.

  • Create an account at connectall.org
  • $11.95 per month internet through the Sprint 4G LTE Internet network through Mobile Citizen.
  • Purchase a hotspot device for $99 (plus tax and shipping)
  • Unlimited 4G LTE data; no throttling or overage charges
  • Can be used wherever there is Sprint 4G LTE service.
  • Refurbished laptops starting at $109, with a range of software (Windows 7 Pro, Microsoft Office Home & Business 2010, Microsoft Security Essentials, and a 1-year warranty)
  • Desktops, flat screens, tablets and high-end laptops are also available
  • DSHS recipient or income below 80% Area Median. See income limits here
  • They have a store in Seattle offering products and assistance


Faculty and staff can prepare for the possibility of disruptions to class, research and campus operations due to Coronavirus Disease 2019 (COVID-19) by becoming familiar with the technology tools that make it possible to work, study and teach when you can’t get to campus. Most campus resources (such as Canvas, Slate, WebMail, and Banner) are already available online from any location.   

This guide highlights many tools that can help you teach, learn, and work remotely.

Remote Teaching and Learning


This technology toolkit can help instructors prepare for a possible disruption to classes with recommendations on what to do in advance, how to conduct classes remotely and how to organize your course materials and communicate with students. 

ETM will be offering workshops and advice next week to help faculty transition to running courses remotely. Contact Educational Technology and Media with any online teaching and learning questions.

Canvas

Canvas can be used for online quizzes, homework submission, asynchronous discussion boards, grade books, document sharing and more.

SPU Zoom PRO Videoconferencing

  • Zoom Pro Licensing: SPU currently has 450 Zoom Pro licenses that are intended for academic instruction.  Other business needs should use Microsoft teams or Zoom Basic.
  • Online classes, webinars, lectures: Host live web broadcasts to students or colleagues worldwide and record to the cloud or computer. SPU Zoom Pro provides meetings of unlimited time duration for up to 300 participants.
  • Office hours, study groups: Share screens, give PowerPoint presentations or have real-time video conversations for office hours, study groups or collaboration.
  • Mobile Zoom: Use the Zoom app for iPhone, iPad, or Android for chat and video conference on the go .
  • FERPA/PII: SPU Zoom Pro is compliant with Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student educational records. See the Regulated Data Chart.
  • Learn how to use it: Educational Technology and Media (ETM) provides additional instructions for faculty teaching with Zoom

Panopto Lecture Capture

Panopto allows users to easily record their screen and/or self and additional camera inputs on their computer then upload and stream the content from an online location. See  Educational Technology and Media's training materials on Panopto for more details.

Meet virtually with video, voice, and chat


Web-based video conferencing and online chat platforms are available for you to connect with your students and colleagues.

Microsoft Teams

  • Online Meetings and Collaboration: Part of the Office 365, MS Teams offers chat-based workspace for real-time collaboration, communication, meetings, file and app sharing.
  • Mobile MS Teams: Use the mobile MS Teams app for iPhone, iPad, or Android for chat and video conference on the go .
  • FERPA/PII: MS Teams is compliant with Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student educational records. See the Regulated Data Chart.

Zoom Basic Videoconferencing 

  • Meetings, collaboration: Share screens, give PowerPoint presentations or have real-time video conversations for office hours, study groups or collaboration.
  • Limitations: Zoom Basic is limited to 40 minute sessions with up to 100 attendees.
  • Phone conference line: Use the phone conference line — included with your Zoom account — so participants can join meetings by phone.
  • Mobile Zoom: Use the Zoom app for iPhone, iPad, or Android for chat and video conference on the go .
  • FERPA/PII: SPU Zoom Basic is NOT compliant with Family Educational Rights and Privacy Act (FERPA) or other data privacy standards.

Connect remotely to your files, computer or other resources


If you are working from home, you should use the SPU VPN to connect to your files and resources remotely.  Remote Desktop tools can be used to connect to campus resources from a personal device securely.

Citrix Remote Desktop

Remote Desktop access allows you to access your work computer from a personal computer off campus. Your computer software and files are all available.  Current licensing limits restricts this service to 20 concurrent users.

Remotely access files and resources (VPN)

From your SPU managed laptop, click the  icon on the bottom right corner of your screen and select the SPU VPN.  Click Connect in the popup window.  Once connected, you'll be able to access file shares and other campus resources.  

Store your files online to easily access them remotely


Keep your files in the cloud with Onedrive for Business so that you can access them from remote locations with an internet connection. You have 1TB of storage available to you.  See the Regulated Data Chart for what types of information is safe to store in your Onedrive for Business account.

Collaborate with others using online productivity platforms


Collaboration platforms empower you to work with peers from different locations, and since your work is stored in the cloud you can access it from anywhere with an internet connection.

  • Office 365 applications are web-based, support collaborative editing, and are accessible via the internet. They offer online word processing, spreadsheets, presentations, storage and more.








Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. Week one was all about recognizing the online threats and taking responsibility for your security, Own IT. Week two gave you simple steps to make your online presence safe and secure, Secure IT.  Week three covered the threats that are out there and how to protect yourself, Protect IT.


Welcome to week four where we will share some stories that demonstrate the sophistication of the threats out there and how a little awareness and simple steps can protect you.  


Topics

Phishing Attempt by Phone 


PeterGunst@DigitalLawer reported on Twitter that he, “Was just subjected to the most credible phishing attempt I've experienced to date.”

Here were the steps:

Phone Call

 1) "Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?" Me: no.

2) "Ok. We've blocked the transaction. To verify that I am speaking to Peter, what is your account number?" Me: <gives account number>

3) "We've sent a verification pin to your phone." ~ Gets verification pin text from bank's regular number ~ Me: <reads out the pin>

4) "Ok. I am going to read some other transactions, tell me if these are yours. ~ Reads transactions ~" Me: Yes. These are all legitimate transactions I made

5) "Thank you! We now want to block the pin on your account, so you get a fraud alert when it is used again. What is your pin?" Me: Are you kidding me, no way.

6) Ok! But then we can't block your card Me: that is bs. ~ hangs up, calls the fraud department of bank ~

Details of what was really going on:

Once I gave my account number, the attacker used the password reset flow of the bank's online web site to trigger a text message from the bank.

They used this to gain access to the account. Then read some of my transactions to give the call more credibility

They needed the pin to send money. They failed at that step. Everything before the "what is your pin" seemed totally legitimate.

Their English was perfect. The bank verification code, sent by the expected number, tricked me. The asking for my pin over the phone... not so much.


Stay safe out there people. And now... joyfully resetting all my passwords, filing a police report, getting additional fraud detection in place. Never a dull moment!

A Close Call


Here is a story from a guy who is now a Cyber Security Expert.

"When I was the target of a social engineer. I used to work at a bank and would come in early to open the branch, and review accounts and the previous day’s work. Looking back, it seems likely that someone was watching me.

One morning, someone called claiming to be a private banker from the Midwest. The person was desperately trying to help a high-profile bank customer.

His tone of voice was deliberate and excited, but he held off being pushy and desperate (a good balance for a social engineer). He said that he was trying to complete some new account paperwork on behalf of the client (not uncommon) and he just needed two pieces of information. He claimed he could see that the customer opened an account at my branch and had used a federal government-issued ID to do so. Initially, I was happy to help, and as I had the social engineer on the phone, I brought the customer information up on my system.

I asked him again for the information he wanted, and I found what he was asking for on my system. At that point, though, I hesitated. I was about to reveal confidential customer information over the phone, to an unknown individual. Instantly, my attitude changed and alarm bells started ringing in my head. I immediately hung up the phone.

I sat there for a minute, thinking about the conversation and what just happened, and got angry. The social engineer had almost fooled me. After I cooled off, I called bank security to report the incident. I thought about just how close I had come to being part of a social engineering con. I thought about where that social engineer might have used the data. It could have been used to open a fraudulent account at another bank, or for a fake identity to sell on the dark web."

Facebook Scam


Davin received a private message on Facebook from the ‘Facebook Freedom Lottery’ claiming he and others had won amounts up to $150 000. At first, he didn’t believe it. Businesses don’t give money away out of the blue and to win in a lottery you need to buy a ticket.

However, moments later his cousin who he hadn’t spoken to in some time sent him a Facebook message about the winnings. His cousin claimed that he had also won and noticed Davin’s name on the list of winners. He claimed he had already received his winnings after going through a relatively easy process.

Trusting his cousin, Davin began the process for accepting the prize money which required him to first pay a small upfront fee of $250. Once this was paid, he was to receive the money into his nominated bank account for which he provided details. The next day he was informed that since the prize money was sitting in a bank in America, he would have to pay an ‘international transfer fee’ which could not be subtracted from the winnings for some complex legal reason.

Davin reasoned that since his cousin had managed to receive the money, then he must have gone through the same process and so he would also pay this additional fee.

Over the next two weeks, Davin paid five more fees, each time believing it would be the last. Eventually, in desperation, he spoke to his cousin and asked how many fees he paid before he received his winnings. Davin’s cousin had no idea what he was talking about and told him that he had only just regained control of his Facebook account after it had been hacked.


It then became clear to Davin that he had been scammed. There never was any prize money and the Facebook message was part of the scam. By this time, Davin had already sent $1500 and handed over a wealth of personal information to scammers.


Helpful Links


Homeland Security National Cybersecurity Awareness Web Site  CIS HelpDesk Phishing Scams Page  The National Security Agency (NSA) Information Page  National Cyber Awareness Alerts 


CIS HelpDesk Support and Hours


If you have questions or need more information 

You may visit the CIS HelpDesk Monday – Friday 7:30 am-5:00 pm in Lower Marston Hall

Submit a Helpdesk Request via the Portal: www.spu.edu/cishelpdesk

The CIS HelpDesk can be reached by phone at (206) 281-2982

Monday – Friday         7:30am – 5:00pm

Monday – Thursday    5:00pm – 9:00pm

Saturday                      9:00am – 1:00pm

Email any time at help@spu.edu

Beginning Monday, September 30th, and continuing through the rest of the academic year, the CIS HelpDesk will offer extended support hours (evenings and Saturdays).

Office Hours 
Monday - Friday 7:30 a.m. - 5:00 p.m.

Extended Hours
(Telephone, email, and classroom support, CIS HelpDesk visits by appointment)
 
Monday - Thursday 5:00 p.m. - 9:00 p.m. 
Saturday 9:00 a.m. - 1:00 p.m.




Welcome to week 3 of National Cybersecurity Awareness Month (NCSAM). NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.






Topics

Identity Theft and Internet Scams

Today’s technology allows us to connect around the world, to the bank and shop online, to control our televisions, homes, and cars from our smartphones. With this added convenience comes an increased risk of identity theft and Internet scams. #BeCyberSmart on the Internet at home, at school, at work, on mobile devices, and on the go.

Did You Know?

  • The total number of data breaches reported in 2018 decreased 23% from the total number of breaches reported in 2017, but the reported number of consumer records containing sensitive personally identifiable information (PII) exposed increased 126%.
  • Credit card fraud tops the list of identity theft reports in 2018. The Federal Trade Commission (FTC) received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account.
  • Consumers reported $905 million in total fraud losses in 2017, a 21.6% increase over 2016.

Common Internet Scams

As technology continues to evolve, cybercriminals will use more sophisticated techniques to exploit technology to steal your identity, personal information, and money. To protect yourself from online threats, you must know what to look for. According to the FTC, these are the top three kinds of threats reported in 2018:

  • Identity theft is the illegal acquisition and use of someone else’s personal information to obtain money or credit. Signs of identity theft include bills for products or services you did not purchase, suspicious charges on your credit cards or new accounts opened in your name that you did not authorize.
  • Imposter scams occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information. For example, an imposter may contact you from the Social Security Administration informing you that your Social Security number (SSN) has been suspended, in hopes, you will reveal your SSN or pay to have it reactivated.
  • Debt collection scams occur when criminals attempt to collect on a fraudulent debt. Signs the “debt collector” may be a scammer are requests to be paid by wire transfers or credit cards. In 2018 there was a spike in requests for gift cards and reloadable cards as well

Simple Tips to Protect IT

The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you even in your own home on encrypted Wi-Fi.

  • Shake up your password protocol. According to the National Institute of Standards and Technology, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read the Creating a Password Tip Sheet for more information.
  • Be up to date. Keep your software updated to the latest version available. Maintain your security settings to keeping your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run regular scans.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a security token (a small physical device that can hook onto your key ring).
  • Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar: this signifies a secure connection.
  • Avoid free Internet access with no encryption. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.

Resources Available to You

If you discover that you have become a victim of cybercrime, immediately notify authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. The list below outlines the government organizations that you can file a complaint with if you are a victim of cybercrime.


5 Steps To Protecting Your Digital Home

More and more of our home devices including thermostats, door locks, coffee machines, and smoke alarms are now connected to the Internet. This enables us to control our devices on our smartphones, no matter our location, which in turn can save us time and money while providing convenience and even safety. These advances in technology are innovative and intriguing, however, they also pose a new set of security risks. #BeCyberSmart to connect with confidence and protect your digital home.

Simple Steps to Protect IT

  • Secure your Wi-Fi network. Your home’s wireless router is the primary entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network and your digital devices by changing the factory-set default password and username. For more information about protecting your home network, check out the National Security Agency’s Cybersecurity Information page.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a security token a small physical device that can hook onto your key ring.
  • If you connect, you must protect it. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on. And, if you’re putting something into your device, such as a USB for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software and be sure to periodically back up any data that cannot be recreated such as photos or personal documents.
  • Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
  • Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are and where you aren’t at any given time.








Welcome to week 2 of National Cybersecurity Awareness Month (NCSAM). NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.



Topics

Strong Password


Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No citizen is immune to cyber risk, but #BeCyberSmart and you can minimize your chances of an incident. 

Simple Tips to Secure IT

  • Use a long passphrase. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
  • Don’t make passwords easy to guess. Do not include personal information in your passwords such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
  • Avoid using common words in your password. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
  • Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
  • Keep your passwords on the down-low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
  • Unique account, unique password. Having different passwords for various accounts helps prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up. Find easy-to-remember ways to customize your standard password for different sites.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token, a small physical device that can hook onto your key ring.
  • Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have protecting our online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.

Multi-Factor Authentication (MFA)


Have you noticed how often security breaches, stolen data, and identity theft are consistently front-page news these days? Perhaps you, or someone you know, are a victim of cybercriminals who stole personal information, banking credentials, or more. As these incidents become more prevalent, you should consider using multi-factor authentication, also called strong authentication or two-factor authentication. This technology may already be familiar to you, as many banking and financial institutions require both a password and one of the following to log in: a call, email, or text containing a code. By applying these principles of verification to more of your personal accounts, such as email, social media, and more, you can better secure your information and identity online!

What It Is

Multifactor authentication (MFA) is defined as a security process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information, which uniquely identifies that person.

How It Works

There are three categories of credentials: something you either know, have, or are. Here are some examples in each category. In order to gain access, your credentials must come from at least two different categories. One of the most common methods is to login using your user name and password. Then a unique one-time code will be generated and sent to your phone or email, which you would then enter within the allotted amount of time. This unique code is the second factor

Work Secure


Businesses face significant financial loss when a cyber attack occurs. In 2018, the U.S. business sector had the largest number of data breaches ever recorded: 571 breaches. Cybercriminals often rely on human error, employees failing to install software patches or clicking on malicious links to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity here at SPU.

Simple Tips to Secure IT

  • Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
  • Technology has its limits. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches. 
  • Be up to date. Keep your software updated to the latest version available. Maintain your security settings to keeping your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run
    regular scans.
  • Social media is part of the fraud toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.
  • It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages immediately. 

Phishing


Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts

How Criminals Lure You In

The following messages from the Federal Trade Commission’s OnGuardOnline are examples of what attackers may email or text when phishing for sensitive information:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
  • To see examples of actual phishing emails, and steps to take if you believe you received a phishing email, please visit “

Simple Step to Secure IT

  • Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
  • Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
  • Protect your personal information. If people contacting you have key details from your life, your job title, multiple email addresses, full name, and more that you may have published online somewhere they can attempt a direct spear-phishing attack on you. Cybercriminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
  • Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token a small physical device that can hook onto your key ring.
  • Shake up your password protocol. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
  • Install and update anti-virus software. Make sure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.

CIS HelpDesk Support and Hours


If you have questions or need more information 

You may visit the CIS HelpDesk Monday – Friday 7:30 am-5:00 pm in Lower Marston Hall

Submit a Helpdesk Request via the Portal: www.spu.edu/cishelpdesk

The CIS HelpDesk can be reached by phone at (206) 281-2982

Monday – Friday         7:30am – 5:00pm

Monday – Thursday    5:00pm – 9:00pm

Saturday                      9:00am – 1:00pm

Email any time at help@spu.edu

Beginning Monday, September 30th, and continuing through the rest of the academic year, the CIS HelpDesk will offer extended support hours (evenings and Saturdays).

Office Hours 
Monday - Friday 7:30 a.m. - 5:00 p.m.

Extended Hours
(Telephone, email, and classroom support, CIS HelpDesk visits by appointment)
 
Monday - Thursday 5:00 p.m. - 9:00 p.m. 
Saturday 9:00 a.m. - 1:00 p.m.




  • No labels