Information Security

The Information Security team supports Texas Woman's University by providing cybersecurity services, education and expertise to support confidentiality, integrity and availability for data across our campuses.

Announcements

October 12, 2021

Google Shared Drive Incident

The self-service creation of Google Shared Drives is currently unavailable as IT Solutions continues to remediate and monitor an incident. We are actively working to ensure that the appropriate controls are in place before allowing TWU users to create their own Google Shared Drives. We will update the TWU community as more information is available.

Faculty, staff and students may request the creation of a Google Shared Drive by contacting the Service Desk via 940-898-3971servicedesk@twu.edu, or techchat.twu.edu.

Previous Announcements

Past announcements are available below.

Cybersecurity Awareness Month Events

September 27, 2021

Cybersecurity Awareness Month Events

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The theme for the month is, ‘Do Your Part. #BeCyberSmart’ and Texas Woman’s University is proud to be a champion and support this online safety and education initiative this October. 

The cybersecurity of our faculty, staff and students is important to Texas Woman’s University. Throughout the month of October, IT Solutions will host new , including competitive opportunities with prizes like Apple AirPods, TWU power banks, and Dining Dollars:

Cybersecurity Awareness Month Info Booth

October 5, 12:00-1:00 PM, Student Union 1st Floor | In-person event | Presented by TWU Information Security

Drop by the Cybersecurity Awareness Month Info Booth for giveaways and information about this year's activities.


Find the Phish - Phishing Tournament

October 11-15 | Virtual event | Presented by TWU Information Security

Can you find the phish? Constant streams of email provide ample opportunity for cyber criminals to take advantage of hurried email practices such as skimming content, downloading attachments and clicking links. In TWU’s first phishing tournament, TWU faculty, staff and students can prove their sleuthing skills by reporting authorized, simulated phishing attempts. The tournament will take place over the course of one week where participants will receive various authorized, simulated phishing emails from TWU Information Security and the SANS Security Awareness Platform.

Prizes:

  • 1st place - Apple AirPods with TWU case
  • 2nd place - Apple AirTag
  • 3rd place - TWU branded power bank

TWU Asset E-waste Recycling

October 21, 10:00 AM-2:00 PM, East Side of FMC | In-person event | Presented by TWU IT Solutions and Facilities Management & Construction

Faculty and staff are invited to clear out and responsibly recycle all TWU non-tagged assets that may be outdated, broken, or simply taking up space within their departments or academic components. Proper destruction of storage devices and electronics is key to keeping TWU cyber secure.

IT Solutions (ITS) is hosting Computer Crusher, a local electronic waste (e-waste) recycler, to collect TWU non-tagged assets. This event is for faculty and staff that work with TWU equipment.

For drop-off procedures and accepted items, please see event details at 

 

TWU Cybersecurity Trivia

October 28-29 | Virtual event | Presented by TWU Information Security

Put your cybersmarts to the test! Questions will be based on cybersecurity tips we share all month long, so follow along on Twitter (@TWUTech) and Facebook (TWU Technology) to gain an advantage. Participants must be a Texas Woman's University faculty, staff or student to play. 

Prizes:

  • 1st place - $50 TWU Dining Dollars
  • 2nd place - $25 TWU Dining Dollars
  • 3rd place - $15 TWU Dining Dollars

Registration is required to play and is limited to 50 participants. Register here: https://forms.gle/oHZLCTvNRGH7XPzw8


Happy Cybersecurity Awareness Month!

Information Security Training moving to Bridge

June 30, 2021

Information Security Training moving to Bridge

Information Security Training is moving to Bridge, the university’s new employee learning system.

What does this mean for you?

  • Annual cybersecurity training will be conducted in Bridge. As of July 2, the previous course in Canvas will be closed.
  • If you are actively taking the Canvas course during cutover, your progress will not migrate since the course in Bridge is new. Log into Bridge to complete the new training course after July 2.
  • If you have any training materials or documentation that reference Information Security Training in Canvas, please update to refer to Bridge.
  • If you employ student assistants, please notify them that training is moving to Bridge.

After the July 2 cutover:

  • Log into Bridge to verify whether your training is completed, due or past due. Your previous completion date will be imported into Bridge.
  • If your training is due or past due, complete the training in Bridge.
  • If you have required Information Security Training but believe you have already completed it this year, contact twutraining@twu.edu to verify your course enrollment.

Information security training is mandated by the State of Texas and is required to be completed at hire and annually thereafter by all employees and contractors who use a computer for 25% or more of their responsibilities. IT Solutions thanks you for supporting information security awareness and university compliance.

Facebook Data Breach

April 3, 2021

Facebook Data Breach

Facebook announced it was breached in 2019 resulting in personal records of over 500 million Facebook users being obtained by cyber criminals. Those 500 million records were recently publicly released; now anyone in the world could have access to them. If you had a Facebook account on or before 2019, your data may have been included in that breach and public release. Examples of your information that could have been released include your name, home address, phone number, email address, birth date or any other information you provided to Facebook.

If you are concerned that your data was obtained and released, here are several steps you can take to help protect yourself.

  • Change the password that you use for your Facebook account. The new password should be strong, long (we recommend a passphrase) and different than any other password you use for any other account. All of your accounts should use a unique password.
  • Enable two-factor authentication (often called 2FA, MFA or two-step verification) on Facebook and all other accounts, especially for personal email accounts and any financial or retirement accounts.
  • Protect your privacy and be mindful of what information you share with websites. If you have an account with a website that is hacked and your data is stolen, assume your data could be sold or shared with other companies. 
  • Understand that there is no way to 100% protect yourself from a data breach. There is only so much you can do to protect your data. Because many companies and organizations collect, share and sell your data, it can be assumed that cyber criminals can find information about you. They may use your personal information to trick or fool you into making a mistake, using a technique called . Be very careful and suspicious of emails or phone calls asking you to share personal information (such as your password, bank account or credit card) or pressuring you to take actions that seem odd or suspicious (such as paying a fine).

Multiple Vulnerabilities in Apple Products - Update and Patch Now

February 2, 2021

Multiple Vulnerabilities in Apple Products - Update and Patch Now

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. This could allow an attacker to access your systems and then install programs; view, change, or delete any data.

Affected systems

  • macOS - operating system for Apple desktops and laptops
  • iOS - iPhone operating system
  • iPadOS - iPad operating system
  • tvOS - Apple TV operating system
  • watchOS - Apple Watch operating system
  • Xcode - Apple's integrated development environment (IDE)

Recommendations

For TWU Assets:

  • IT Solutions will address vulnerabilities and apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

For Personal Devices:

  • Personal devices should have automatic updates turned on. If automatic updates are not applied, update affected system to the latest version.
  • Do not download, accept or execute files from untrusted and unknown sources.
  • Do not visit untrusted websites or follow links provided by untrusted or unknown sources.

Stay Scam Aware

December 14, 2020


IT Solutions is excited that so many of you completed Information Security training. However, being aware of scams and spam is an ongoing effort. 


Your Information is Valuable
Your data and information have become the most valuable 21st Century commodity; a commodity that others are looking to exploit for their own personal gain or profit. It’s wise to challenge a situation when it seems like too much information is being asked. Instead, ask yourself, “Is it really necessary or worth it, that I give up this information?”

TWU will NEVER:

  • Ask you to give us your password
  • Ask for your social security number via email

#1 Tip to Avoid Scams
Slow down and read and reply to email on a laptop or computer (rather than your phone), which allows you to see the full email address of the sender, as well as to copy any hyperlinks and test them in a malicious link scanner like https://urlscan.io/ 

Learn more at https://twu.edu/technology/information-security/

What is Smishing?

July 30, 2020

Text or SMS-based phishing (otherwise known as ‘smishing’) has become an emerging threat.

Your contact information is scraped or gathered through a public forum or contact list such as an attendee listing or conference/webinar signup sheet. An attacker makes the assumption that the parties are related (e.g. all work at twu) and attempts to send the phishing attack through sms texts impersonating one party.

Here are some additional resources that explain what a smishing attack is, as well as tips to guard against them:

The best ways to guard against a smishing are similar to guarding against phishing emails. Always scrutinize the implied urgency of any message you receive, and if possible, verify with the sender using another method (e.g. calling the sender to confirm). 

Beware of COVID-19 Related Scams and Phishing Emails

June 24, 2020

As people across the country take to distance learning and teleworking, cybercriminals are looking to profit from pandemic fears with a surge of scams, phishing emails, and malicious software related to COVID-19. You will most likely experience an increase in COVID-19 related marketing and messaging through various channels (e.g. browsing websites, emails, phone calls). Some of these messages will convey important official news, while others will undoubtedly be fake with malicious intentions. 

Scams and phishing attacks range from the typical “Are you available?” gift card scam, fake charity organizations, to COVID-19 trackers applications containing malware. Recognize more of these attacks by reviewing the latest round-up of COVID-19 related scams and phishing attacks. 

In these uncertain times, practice the following security tips to stay safe online: 

Verify the source - The new proactive cybersecurity adage has become ‘verify, then trust.’ When a message seems out of place, trust your gut feelings and verify the request through another separate method of contact to confirm it’s authentic.

Play defensively - Ensure you practice good cybersecurity hygiene by installing anti-malware software on your computer and examine messages with additional scrutiny.

Scrutinize the urgency - If the message carries a undue sense of urgency, especially one that prompts you to act, take a deep breath, step back and analyze the message objectively. Scams and phishing campaigns force an emotional response. Recognizing when this happens puts you one step ahead. 

Think before you click - In addition to the above tips, never open an attachment or click on a link from senders you don’t recognize. The attachment or link won’t expire, so you’ll have time to think it over for a few extra critical seconds. 

Report a Phish - Everyone plays a crucial role in preventing scams and phishing attacks. If you receive one, please follow these instructions for reporting a phish

For additional helpful consumer tips, please review from the Federal Trade Commission advisory on responding to COVID-19 scams.

Cybersecurity Tips for Working from Home

April 14, 2020

Moving at short notice from a trusted office environment to working remotely can create security risks. There has been an increase in coronavirus-related phishing attacks, according to European cybersecurity agency ENISA. Learn more at https://inside.twu.edu/technology/read/cybersecurity-tips-for-working-from-home

Tools and Resources

Page last updated 1:28 PM, October 12, 2021