Information Security Awareness Month
October was National Security Awareness Month. This year, our focus for training was Social Engineering. Our training included a combination of online security awareness videos as well as an assessment of our current security practices. In addition to our Blackboard course, we posted weekly blogs (blog.smu.edu/itconnect) for Security Awareness Month. We have also created a useful calendar to remind us of best practices. This was done in conjunction with Risk Management and will soon be distributed to Faculty and Staff.
Simulated Social Engineering Breach
To augment these traditional education mediums, we contracted with an outside vendor to simulate a breach on campus. Doing this was essential in order to identify potential weaknesses on campus and to better safeguard our data and computing information. This exercise was eye-opening as it exposed many of our weaknesses. After the consultants met with department leaders, our Information Security team began partnering with them in ways to resolve these security issues as quickly as possible. It is our goal to continually assist departments across campus in security awareness so that we never have a security breach. Please do not hesitate to contact us if you have questions on how to better secure your area.
Another exercise conducted by OIT was a self-phishing message sent to staff (in August) and then to faculty (in October). This particular message included content found in most phishing emails. It encouraged users to click on a link and then login to a website. If anyone clicked the link and/or logged in when prompted, an anti-phishing training was presented to provide education and awareness. Although many people did detect that it was spam and called to inquire if they should open the email, there were a number of individuals that fell prey.
Remember, the protection of our data and our assets relies on each and every one of us. We can't get too comfortable or too lax in protecting this information. Are you doing your part?
There's a pretty severe virus circulating right now known as Cryptolocker. This virus arrives via email as an attachment. It is an executable but disguised as a PDF file or other file type. Once the executable is run, it targets well know file types (including all documents, pictures, etc). It then encrypts these files making them unreadable. You are then prompted to send a payment in order for the data to be decrypted. Essentially, all files are lost at that point!
Please remember to open attachments only from known senders and only if you were expecting them! It might also be a good time to ensure you have a solid backup of your data! (Faculty and staff, see the information on CrashPlan Pro for your office machines)