Duo, Security

Duo Enrollment for Employees and Students

Campus began deploying Multifactor Authentication with Duo in 2018, and today, more than 90% of employees are successfully using it to keep accounts secure and prevent loss of data. Over the next few weeks, the remaining employees and all students will be enrolled in Multifactor Authentication with Duo.

Duo Enforcement Date

April 6: All Remaining Employees

April 13–15: Current Students, last names A–K

April 20–22: Current Students, last names L–Z

Once your Duo enforcement date arrives, anyone not enrolled with Duo will be prompted to self-enroll your mobile device, and Duo authentication will be required the next time you authenticate to a Duo enforced campus system.

Security

LastPass Premium for Students

LastPass Premium is available to all CSU, Chico students. You can claim your free personal Premium LastPass Account.

LastPass is a simple, secure password manager. The easiest way to protect your information online is to have unique, strong passwords for every account, but it’s impossible to remember all of your unique credentials. LastPass provides a secure vault where you can save all your login information. You can save a site to LastPass with just a few clicks and LastPass will automatically fill in the credentials for you the next time you login to that site. LastPass can manage your account passwords on any platform or device: Windows, Mac, iOS, Android, and on the web.

Security, Software

Malwarebytes Enterprise

Malwarebytes Enterprise will replace ESET anti malware on all campus-managed Macintosh desktops. ESET will be removed from Macs by December 2020. This process will begin at 7:00 AM, Monday November 23rd.

This is a centrally managed version of Malwarebytes that will be automatically installed. No action is required on your part. The installation is different from the home version, and can’t be individually installed.

This is the first phase of a broader rollout to campus, including campus-managed PCs.

Security, Software

Flash EOL

The End Of Life (EOL) for Adobe Flash Player is December 31st 2020. 

All remaining Flash Player installations on university computers will be removed by December 31. No further installations will be permitted, as per Adobe, and for the security of the campus. 

If you have content that requires Flash Player to display, you must figure out an alternative method. See Adobe’s article at https://www.adobe.com/products/flashplayer/end-of-life.html for details. 

Phishing, Security

Job Scam Emails

CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email.

Do Not Respond to any job advertisement or offer that requires you to:

  • Give your credit card or bank account numbers or copies of personal documents.
  • Send payment by wire service or courier.
  • Deposit checks or transfer money into your bank account.
  • Receive or process a large check.

Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received. The Career Center can also help you determine if a job posting is a scam.

More information about information security and employment scams:

Example of a recent job scam email:

job scam email example
LastPass, Security

LastPass Premium

We’re excited to offer all current students the benefit of increased online security with a complimentary subscription of LastPass Premium, a simple, secure password manager.

81% of security breaches are caused by weak or reused passwords. The easiest way to protect your information online is to have unique, strong passwords for every account, but it’s impossible to remember all of your unique credentials. LastPass provides a secure vault where you can save all your login information. You can save a site to LastPass with just a few clicks and LastPass will automatically fill in the credentials for you the next time you login to that site. LastPass can manage your account passwords on any platform or device: Windows, Mac, iOS, Android, and on the web.     Prior to registering for the free account, be sure to install the LastPass web browser extensions.  

You will not be able to use your @mail.csuchico.edu email for the free premium account.   If you already have a personal LastPass account using @mail.csuchico.edu email, you will need to change the email to a personal email before claiming the free premium account. The Premium subscription is valid while you are a current student.  After that, you can pay for a premium account or the account can revert to a free account. 

LastPass, Security

LastPass Password Management

81% of security breaches are caused by weak or reused passwords. The easiest way to protect your information online is to have unique, strong passwords for every account, but it’s impossible to remember all of your unique credentials. LastPass is a secure password manager that remembers your online account passwords so you don’t have to. You can save a site to LastPass with just a few clicks and LastPass will automatically fill in the credentials for you the next time you login to that site. LastPass can manage your account passwords on any platform or device: Windows, Mac, iOS, Android, and on the web.

LastPass Enterprise is now available to faculty and staff. To get started using LastPass request a LastPass enterprise account and install the LastPass browser extension using Software Center or Self Service for campus-managed computers.

Phishing, Security

Campus Spearfishing Attack

Over the past two weeks Chico State has been specifically targeted by people who have analyzed our org chart and are crafting email attacks based on that data by creating bogus @gmail accounts and then emailing spearphishing attacks “from” a manager to their staff.

spearphishing example

If you reply to these emails they will ask you to purchase gift cards.

I will be having a busy day and I want to surprise some of the staffs with gift card. The type of card I need is steam wallet gift cards $100 denomination, I need $100 X 7 cards so that will be $700 i will be reimbursing back to you. You will purchase the cards from a nearby store to you, when you get the cards, Scratch out the back to reveal the card codes, take pictures of each cards and send it to me here. How soon

can you get that done? Its Urgent and I want you to keep the physical card safe with you cos I will get them from you later.

Once the scammer has the card codes they can take the money from the cards, even without physical access to the cards.

More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml

Security

Internet Explorer Vulnerability

The Microsoft Internet Explorer web browser is vulnerable to attack as described at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001. There is currently not a fix, and attacks are currently leveraging this vulnerability. We recommend not using Internet Explorer while this issue remains unaddressed.

Chrome and Firefox are available in the Software Center for campus managed PCs: https://support.csuchico.edu/TDClient/1984/Portal/KB/ArticleDet?ID=11735

Safari is installed on all Macs.

Security

NCSAM Week 5: Ransomware

October is National Cybersecurity Awareness Month. For week five CSU, Chico’s Information Security is focusing on Ransomware.

Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion) while some may simply lock the system and display messages intended to coax the user into paying.

What To Do if You Get Infected with Ransomware

  • Do NOT pay the “ransom” or attempt to contact the ransomware creator.
  • Immediately disconnect your computer from the wired or wireless network, to help avoid your computer from infecting others on the network.
  • Contact ITSS for assistance.

ISEC has recommendations for avoiding ransomware on their web page. Please read this information about ransomware and review all of the Cybersecurity Month content to stay safer and more secure online.