LastPass, Security

Cybersecurity Month, Week 2: Flex Online, Strengthen Your Passwords

Creating, storing, and remembering passwords can be challenging for all of us online, but the truth is that utilizing unique and strong passwords is your first line of defense against cybercriminals and data breaches. It has never been easier to maintain your passwords with secure, free, and simple-to-use password managers. With a few moments of forethought today, your online accounts can remain safe for years to come.

LastPass is available to students and employees: https://support.csuchico.edu/TDClient/1984/Portal/KB/?CategoryID=18114

You can find more information about Week 2 of Cybersecurity Month at https://www.csuchico.edu/isec/2022-cyber-security-awareness/week2-cyber-security-awareness-2022.shtml

Security

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month is a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The theme for the month is “See Yourself in Cyber,” and Chico State is proud to support this online safety and education initiative in October. The cybersecurity and digital privacy of our employees and students are important at Chico State. Throughout October, the Information Security Team will share activities and awareness materials, and each week will focus on a different theme. Students, faculty, and staff can find more information on upcoming events and themes at https://www.csuchico.edu/isec/2022-cyber-security-awareness/index.shtml.

This year the Chancellor’s Office is sponsoring a Cybersecurity Poster contest. The deadline for submissions is December 1st. 

Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

Week 1: Fear Factor or Multi-Factor? Authenticate to Mitigate

Multi-factor authentication (MFA) is also known as two-factor authentication (2FA) and two-step verification. No matter what you call it, multi-factor authentication is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and dramatically increases your security. This is a great way to See Yourself in Cyber!

You can find more information about Week 1 at https://www.csuchico.edu/isec/2022-cyber-security-awareness/week1-cyber-security-awareness-2022.shtml

Maintenance

CRA, Credential Admin, etc. Server Migration

Scheduled Maintenance: Friday, September 30th 7:00 – 9:00 AM
Services Impacted: CRA, Credential Admin Dashboard, OMNI, Social Work Admin

The campus server hosting the following applications will be undergoing maintenance September 30th 7:00 – 9:00 AM:

Communication, Reporting & Analysis (CRA)
Credential Admin Dashboard
OMNI Server Information
Social Work Admin Dashboard

These services will be unavailable as the server is migrated to a new infrastructure.

Phishing

Phishing Scam Alert

ITSS has received reports that campus employees have been targeted with phishing attacks. These attacks have used email and SMS text messages, posing as campus employees requesting assistance.

Example of the text sent to employees:

Are you available . I am at a meeting and limited to calls, but I am good to go with texts if that works. Need you to handle a task.

Typically these type of attacks will request help with obtaining gift cards. An example of a previous version of this scam is detailed at https://itss.csuchico.edu/2020/06/04/campus-spearfishing-attack/

If you receive a suspicious message delete it without responding, or directly verify with the sender that the message is legitimate. More information about phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml

Telephone

Avaya Maintenance

Scheduled Maintenance: Thursday, September 22nd 7:00 – 8:00 AM
Services Impacted: Avaya Workplace


Starting at 7:00 AM on Thursday September 22nd, work will be performed on the Avaya AADS server in order to make the Avaya IX Workplace application compliant with Modern Authentication.

Little if any downtime is expected during this window, however users may be prompted to re-enter their credentials in the Avaya Workplace client after the changes take effect.

Phishing, Security

Ransomware Alert

The LA Unified School District experienced a debilitating ransomware attack over the weekend, and several advisories have been released this week that have reported similar events targeting the education sector. Our Information Security Team and various other Division of IT Teams are actively monitoring the situation and staying up to date with the recommended compensating controls by the cybersecurity community. As details evolve, we wanted to share some helpful tips:

  • Be cautious of unexpected emails and emails from unknown senders. If an email seems suspicious verify its legitimacy with the sender or with ITSS before providing information or clicking on any links. Phishing is the primary method for ransomware attacks. More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml
  • Store files in a secure location. Box is the approved cloud-based content storage and collaboration service for university staff and faculty. More information about Box can be found at https://support.csuchico.edu/TDClient/1984/Portal/KB/?CategoryID=2877
  • Make sure your computer has system updates installed. Campus-managed computers have system updates installed automatically.
  • If not already used, consider enabling multi-factor authentication for personal accounts used for finance, email, and social media services. Popular options include text message verification, Face ID, or Google Authenticator.  

NPR’s reporting on the incident can be found at https://www.npr.org/2022/09/07/1121422336/a-cyberattack-hits-the-los-angeles-school-district-raising-alarm-across-the-coun

PeopleSoft

PeopleSoft CS – New layout for Classic Pages

During the upcoming PeopleTools upgrade, some pages within PeopleSoft CS will be given a new look and feel.

What will change? Some pages within PeopleSoft CS will have updated navigation. You can see a preview of those changes in our knowledge base. Please note, the Student Center, Faculty Center, and PeopleSoft HR are not impacted by these changes. This new layout will only affect pages within PeopleSoft CS that are primarily used by staff, and by some faculty advisors.

When will the change occur? During the PeopleTools upgrade, over the weekend of September 9, 2022.

Why is this change needed? PeopleSoft must be updated to a new version of PeopleTools in order to stay current with the latest software updates; as part of that update, PeopleSoft CS needs to adopt this new layout.

If you have any questions, you can check out our preview video or open a support ticket. In collaboration with the DAWGS group, we will be sending out some more focused communications out to groups such as admin support coordinators, advisors, etc.

PeopleSoft

PeopleSoft Maintenance

PeopleSoft Campus Solutions (CS) and PeopleSoft Human Resources (HR) will both be unavailable for an extended maintenance window:

  • Scheduled start: Friday, September 9, 2022 at 5:00 PM
  • Scheduled finish: Saturday, September 10, 2022 at 6:00 PM
  • Scheduled duration: 25 hours

This is necessary to install an updated version of PeopleTools.

During this maintenance students, faculty, and staff will be unable to access PeopleSoft CS/HR functions, such as student records, admissions, financial aid, academic advising, class scheduling, state employee job data, payroll, absence entry/approvals, or employee self-service.