The Information Security team supports Texas Woman's University by providing cybersecurity services, education and expertise to support confidentiality, integrity and availability for data across our campuses.
June 30, 2021
Information Security Training moving to Bridge
Information Security Training is moving to Bridge, the university’s new employee learning system.
What does this mean for you?
- Annual cybersecurity training will be conducted in Bridge. As of July 2, the previous course in Canvas will be closed.
- If you are actively taking the Canvas course during cutover, your progress will not migrate since the course in Bridge is new. Log into Bridge to complete the new training course after July 2.
- If you have any training materials or documentation that reference Information Security Training in Canvas, please update to refer to Bridge.
- If you employ student assistants, please notify them that training is moving to Bridge.
After the July 2 cutover:
- Log into Bridge to verify whether your training is completed, due or past due. Your previous completion date will be imported into Bridge.
- If your training is due or past due, complete the training in Bridge.
- If you have required Information Security Training but believe you have already completed it this year, contact firstname.lastname@example.org to verify your course enrollment.
Information security training is mandated by the State of Texas and is required to be completed at hire and annually thereafter by all employees and contractors who use a computer for 25% or more of their responsibilities. IT Solutions thanks you for supporting information security awareness and university compliance.
Past announcements are available below.
Facebook Data Breach
April 3, 2021
Facebook Data Breach
Facebook announced it was breached in 2019 resulting in personal records of over 500 million Facebook users being obtained by cyber criminals. Those 500 million records were recently publicly released; now anyone in the world could have access to them. If you had a Facebook account on or before 2019, your data may have been included in that breach and public release. Examples of your information that could have been released include your name, home address, phone number, email address, birth date or any other information you provided to Facebook.
If you are concerned that your data was obtained and released, here are several steps you can take to help protect yourself.
- Change the password that you use for your Facebook account. The new password should be strong, long (we recommend a passphrase) and different than any other password you use for any other account. All of your accounts should use a unique password.
- Enable two-factor authentication (often called 2FA, MFA or two-step verification) on Facebook and all other accounts, especially for personal email accounts and any financial or retirement accounts.
- Protect your privacy and be mindful of what information you share with websites. If you have an account with a website that is hacked and your data is stolen, assume your data could be sold or shared with other companies.
- Understand that there is no way to 100% protect yourself from a data breach. There is only so much you can do to protect your data. Because many companies and organizations collect, share and sell your data, it can be assumed that cyber criminals can find information about you. They may use your personal information to trick or fool you into making a mistake, using a technique called . Be very careful and suspicious of emails or phone calls asking you to share personal information (such as your password, bank account or credit card) or pressuring you to take actions that seem odd or suspicious (such as paying a fine).
Multiple Vulnerabilities in Apple Products - Update and Patch Now
February 2, 2021
Multiple Vulnerabilities in Apple Products - Update and Patch Now
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. This could allow an attacker to access your systems and then install programs; view, change, or delete any data.
- macOS - operating system for Apple desktops and laptops
- iOS - iPhone operating system
- iPadOS - iPad operating system
- tvOS - Apple TV operating system
- watchOS - Apple Watch operating system
- Xcode - Apple's integrated development environment (IDE)
For TWU Assets:
- IT Solutions will address vulnerabilities and apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
- Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Evaluate read, write, and execute permissions on all newly installed software.
- Apply the Principle of Least Privilege to all systems and services.
For Personal Devices:
- Personal devices should have automatic updates turned on. If automatic updates are not applied, update affected system to the latest version.
- Do not download, accept or execute files from untrusted and unknown sources.
- Do not visit untrusted websites or follow links provided by untrusted or unknown sources.
Stay Scam Aware
December 14, 2020
IT Solutions is excited that so many of you completed Information Security training. However, being aware of scams and spam is an ongoing effort.
Your Information is Valuable
Your data and information have become the most valuable 21st Century commodity; a commodity that others are looking to exploit for their own personal gain or profit. It’s wise to challenge a situation when it seems like too much information is being asked. Instead, ask yourself, “Is it really necessary or worth it, that I give up this information?”
TWU will NEVER:
- Ask you to give us your password
- Ask for your social security number via email
#1 Tip to Avoid Scams
Slow down and read and reply to email on a laptop or computer (rather than your phone), which allows you to see the full email address of the sender, as well as to copy any hyperlinks and test them in a malicious link scanner like https://urlscan.io/
Learn more at https://twu.edu/technology/information-security/.
What is Smishing?
July 30, 2020
Text or SMS-based phishing (otherwise known as ‘smishing’) has become an emerging threat.
Your contact information is scraped or gathered through a public forum or contact list such as an attendee listing or conference/webinar signup sheet. An attacker makes the assumption that the parties are related (e.g. all work at twu) and attempts to send the phishing attack through sms texts impersonating one party.
Here are some additional resources that explain what a smishing attack is, as well as tips to guard against them:
- YouTube video - https://youtu.be/6ehWeZRNCxM
- Article - https://usa.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-against-it
The best ways to guard against a smishing are similar to guarding against phishing emails. Always scrutinize the implied urgency of any message you receive, and if possible, verify with the sender using another method (e.g. calling the sender to confirm).
Beware of COVID-19 Related Scams and Phishing Emails
June 24, 2020
As people across the country take to distance learning and teleworking, cybercriminals are looking to profit from pandemic fears with a surge of scams, phishing emails, and malicious software related to COVID-19. You will most likely experience an increase in COVID-19 related marketing and messaging through various channels (e.g. browsing websites, emails, phone calls). Some of these messages will convey important official news, while others will undoubtedly be fake with malicious intentions.
Scams and phishing attacks range from the typical “Are you available?” gift card scam, fake charity organizations, to COVID-19 trackers applications containing malware. Recognize more of these attacks by reviewing the latest round-up of COVID-19 related scams and phishing attacks.
In these uncertain times, practice the following security tips to stay safe online:
Verify the source - The new proactive cybersecurity adage has become ‘verify, then trust.’ When a message seems out of place, trust your gut feelings and verify the request through another separate method of contact to confirm it’s authentic.
Play defensively - Ensure you practice good cybersecurity hygiene by installing anti-malware software on your computer and examine messages with additional scrutiny.
Scrutinize the urgency - If the message carries a undue sense of urgency, especially one that prompts you to act, take a deep breath, step back and analyze the message objectively. Scams and phishing campaigns force an emotional response. Recognizing when this happens puts you one step ahead.
Think before you click - In addition to the above tips, never open an attachment or click on a link from senders you don’t recognize. The attachment or link won’t expire, so you’ll have time to think it over for a few extra critical seconds.
Report a Phish - Everyone plays a crucial role in preventing scams and phishing attacks. If you receive one, please follow these instructions for reporting a phish.
For additional helpful consumer tips, please review from the Federal Trade Commission advisory on responding to COVID-19 scams.
Cybersecurity Tips for Working from Home
April 14, 2020
Moving at short notice from a trusted office environment to working remotely can create security risks. There has been an increase in coronavirus-related phishing attacks, according to European cybersecurity agency ENISA. Learn more at https://inside.twu.edu/technology/read/cybersecurity-tips-for-working-from-home
Tools and Resources
- Check if a link is malicious - https://urlscan.io/
- Current email scams - https://www.consumer.ftc.gov/features/scam-alerts
- Recognize and avoid phishing scams - https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Page last updated 10:56 AM, June 30, 2021