Information Security

August 31, 2023

Enroll in Google 2-Step Verification

Texas Woman’s University is strengthening its security posture by enabling multi-factor authentication (MFA) (also referred to as two-factor authentication (2FA) or two-step verification) for specific systems across the University. MFA adds an extra layer of protection when accessing accounts and requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent via voice or text message or tap a verification prompt via a secure app on their phone. 

A phased approach is being used so that groups can easily manage their enrollment into the MFA program. Google Workspace is the next system to require MFA through Google 2-step verification. To enable 2-step verification for your account, please follow the steps detailed in the “Turn on 2-Step Verification” help article provided below. Please copy and paste the link to open in your browser.

https://support.google.com/accounts/answer/185839 

TWU recommends setting up Google 2-step verification using one of the following options:

1. Google Prompt
2. Text (SMS) message
3. Phone call

More information and frequently asked questions can be found at https://twu.edu/technology/information-security/multi-factor-authentication-mfa/google-mfa/ 

December 13, 2021

TX-RAMP Certification for Cloud Services

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.” 

To comply, DIR established a framework for collecting information about cloud services security and assessing compliance with required controls and documentation. Beginning January 1, 2022, Texas Government Code § 2054.0593 mandates that state agencies (including TWU) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements.

Any cloud service contract being renewed after December 31st, 2021 will be subject to the TX-RAMP certification process and will involve TWU, DIR, and the respective cloud vendor. New contracts and renewals taking place in 2022 will have additional vetting that will have to take place and will significantly increase the amount of time to procure cloud services.

When requesting to renew or purchase a cloud service, please follow the current TWU procurement process. During the risk assessment, TWU Information Security will assess the cloud service and its intended usage at TWU. The risk assessment will determine if the cloud service vendor is required to pursue TX-RAMP certification. If TX-RAMP certification is required, the vendor must have a valid certification before the contract can be executed.

Additional details regarding the TX-RAMP program and vendor certification process can be found via DIR: https://dir.texas.gov/texas-risk-and-authorization-management-program-tx-ramp

If you have any questions or concerns, please contact Procure@twu.edu.

June 24, 2020

As people across the country take to distance learning and teleworking, cybercriminals are looking to profit from pandemic fears with a surge of scams, phishing emails, and malicious software related to COVID-19. You will most likely experience an increase in COVID-19 related marketing and messaging through various channels (e.g. browsing websites, emails, phone calls). Some of these messages will convey important official news, while others will undoubtedly be fake with malicious intentions. 

Scams and phishing attacks range from the typical “Are you available?” gift card scam, fake charity organizations, to COVID-19 trackers applications containing malware. Recognize more of these attacks by reviewing the latest round-up of COVID-19 related scams and phishing attacks. 

In these uncertain times, practice the following security tips to stay safe online: 

Verify the source - The new proactive cybersecurity adage has become ‘verify, then trust.’ When a message seems out of place, trust your gut feelings and verify the request through another separate method of contact to confirm it’s authentic.

Play defensively - Ensure you practice good cybersecurity hygiene by installing anti-malware software on your computer and examine messages with additional scrutiny.

Scrutinize the urgency - If the message carries a undue sense of urgency, especially one that prompts you to act, take a deep breath, step back and analyze the message objectively. Scams and phishing campaigns force an emotional response. Recognizing when this happens puts you one step ahead. 

Think before you click - In addition to the above tips, never open an attachment or click on a link from senders you don’t recognize. The attachment or link won’t expire, so you’ll have time to think it over for a few extra critical seconds. 

Report a Phish - Everyone plays a crucial role in preventing scams and phishing attacks. If you receive one, please follow these instructions for reporting a phish. 

For additional helpful consumer tips, please review from the Federal Trade Commission advisory on responding to COVID-19 scams.

April 14, 2020

Moving at short notice from a trusted office environment to working remotely can create security risks. There has been an increase in coronavirus-related phishing attacks, according to European cybersecurity agency ENISA. Learn more at https://inside.twu.edu/technology/read/cybersecurity-tips-for-working-from-home