Security, Wireless

Immediate Action Required: Eduroam Network Update

Changes are being made to the encryption infrastructure that secures the Eduroam network. Wireless devices require a configuration update to ensure uninterrupted network access. These changes are schedule for April 11th. Failure to run the update in advance may result in an interruption of your Eduroam access.

Please log into your CSU, Chico Portal account and follow the “EDUROAM NETWORK UPDATE” instructions.

Please run this update on each of your mobile devices.  It should only take a few minutes of your time.

If you have questions or concerns, please submit a request at support.csuchico.edu or contact IT Support Services.

Security, Training

February Phishing Awareness Campaign

As part of a phishing awareness campaign an email was sent to campus in February that mimicked a phishing email. About 8% of us that opened this email were found susceptible to phishing. This is lower than the 16% from a similar campaign in December. February’s campaign differed from December in that it linked to a page that asked for credentials to be entered, instead of just linking directly to educational material.  Unfortunately about half of those that clicked on the link then provided credentials. Had this been an actual phishing attempt this would have allowed these accounts to be compromised and put the campus at risk.

Here is what the email looked like with some signs that it was not legitimate noted:

Clicking on the link in the email brought you to a login page. Here is what that page looked like with some signs that it was not legitimate noted:

Simulated Phishing Campaign Results

The simulated phishing campaign was broken into two groups: employees and students. If you are both an employee and a student you may have received two simulated phishing emails. Below you can see the results of this campaign.

Students

Employees

We are planning future phishing awareness campaigns, including more simulated phishing emails. We hope that improved awareness of the signs and dangers of phishing will reduce the number of compromised campus accounts and resources, and help protect campus data.

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

More information about the PhishMe simulated phishing tool is available at http://www.csuchico.edu/isec/tools_resources/phishme.shtml

Security

Handling Identity Finder Results

Identity Finder is a tool designed to locate confidential Level 1 data that may be stored on campus computers.  To protect the privacy and confidentiality of our students and employees, it is important that all campus computers are scanned and the results be processed.

Identity Finder is run automatically on campus computers every month, however you still need to “process” the results from the scan.

What you need to do:

    • Launch Identity Finder and set a password

The following article shows what to do if your Identity Finder password is lost (see Creating an Identity Finder Profile):

https://wiki.csuchico.edu/confluence/display/help/Running+Identity+Finder

  • Run Identity Finder and review or “process” your results.  Select Advanced

More information about the CSU, Chico Data Classification Standard can be found here:

http://www.csuchico.edu/isec/data_protection.shtml

Open a support ticket with ITSS if you have any questions or need assistance:

https://support.csuchico.edu/TDClient/Requests/ServiceDet?ID=8999

More information about Identity Finder https://www.csuchico.edu/identityfinder

 

Security

Career Center Job Scam Warning

The Chico State Career Center sent this good advice about avoiding scams when job hunting:

Play it smart! As you search for the job of your dreams, keep the following in mind:

No legitimate employer will ever ask you to send or receive money on their behalf.

Do Not Respond to any job advertisement or offer that requires you to
-give your credit card or bank account numbers or copies of personal documents, but you get nothing in writing
-send payment by wire service or courier
-deposit checks or transfer money into your bank account
-receive or process a large check

And in general, remember the old adage, “if it sounds too good to be true, it probably is.”  When in doubt, before you apply, contact the Career Center (SSC 270 or 530-898-5253), and we can help you determine if a particular job posting may in fact be a scam.  Even if you aren’t inclined to apply, please notify our office of any posting that seems suspicious to you.

We want to assure you that the majority of postings are legitimate.  Success in the job market is often enhanced by applying to numerous postings, rather than just a select few.  You should not be wary of applying to jobs in general, just keep the above guidelines in mind and when in doubt, ask us!

For more information, please refer to the following links:

Chico State Information Security: http://www.csuchico.edu/isec/

FBI: https://www.ic3.gov/media/2017/170118.aspx.

Chico State Career Center
Student Services Center 270
530-898-5253
JobCat Database
www.csuchico.edu/careers

Security

Campus Phishing Attempt

Campus was targeted with a phishing email today. The email linked to a web site in an attempt to obtain campus credentials.

Immediately, our security team did the following to remediate the issue:

  • the URL was submitted, classified and blocked on campus as phishing
  • security at offending source was notified
  • take down of yolasite.com was issued

Below are some signs that this was not a legitimate email:

phishing-1-24-17

The form that was linked to had some additional signs that it was not legitimate:

phishing-form-1-24-17

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

Maintenance, Security, Workstations

January Desktop Security Updates Approved for Campus Computers

The majority of campus Windows desktops will have updates sent to them in the next day or so. For security reasons, campus computers are given an installation deadline for monthly patches. The installation deadline this month is Thursday, February 2nd at 5:00 PM. On Thursday at 5:00 PM, if you have not installed this month’s patches, they will automatically begin installing, and when done, may reboot your computer. If your computer is off at the time of the deadline, updates will begin installing the next time you log in, and when done, may reboot your computer.

 We highly recommend that you install the patches as soon as you are prompted to do so, before the installation deadline. This way, you can be present when the computer needs to restart and you have more control over the restart timing, allowing you to save any open work. If you ignore the update messages you run the risk of updates being applied while you are not present and potentially having your computer restart and possibly even losing unsaved work.

In addition to Microsoft updates, there may be updates for Adobe Flash, Google Chrome, Mozilla Firefox, Oracle Java, and other 3rd party applications. These updates will require you to close all your browser windows. Please save any work in your browsers before doing so.