Multi-factor authentication limits unauthorized account access

As you may have read, Yahoo recently announced a major security breach impacting 1 billion users.  Numerous websites have posted information regarding the security breach, and Yahoo provides the following page with additional information: Yahoo Security Notice December 14, 2016. In response to this major breach, Yahoo is recommending that account holders take immediate action including the use of Yahoo’s Account Key, a tool that utilizes multi-factor authentication to protect user accounts.  Multi-factor authentication provides an extra layer of security for user accounts and it can significantly decrease the likelihood of unauthorized account access.

 

Users are reminded to visit University of Memphis Security to learn more about policies, guidelines, and security best practices that will help protect the University’s IT resources and user accounts.  IT security is very important at the UofM and we support multi-factor authentication via our Duo product implementation.  Account holders are encouraged to review the following page and sign up for multi-factor authentication (Duo) in order to provide additional security for their user accounts:  Duo Multifactor Authentication

 

The University of Memphis Boosts Cybersecurity with Duo

Information Technology Services has partnered with Duo Security to provide Multi-factor Authentication for U of M computer account holders. Duo offers a method for you to protect your account by requiring a secondary means (or factor) of authentication in addition to your password. Duo is convenient because it allows you to leverage your phone and mobile devices as the second factor.

 

As cybersecurity tools have matured, bad actors have increasingly shifted from directly targeting computer systems to launching sophisticated phishing attacks against the people who access these systems. While simple password-based authentication has become increasingly vulnerable, Duo substantially reduces the threat of unauthorized access to your account. Use of Duo protects your sensitive personal information, as well as that of your colleagues and students, from illegitimate disclosure or alteration.

 

Who is Eligible?

 

All members of the University of Memphis community —  including faculty, staff, and students — are eligible to take advantage of Duo.

 

How Do I Enable Duo?

 

To enable Duo for your account, login to iAM and select “Duo Account Security.” You will then be guided through the process of registering your phones. Once you have enabled Duo, you will be prompted to authenticate with your second factor the next time you log in to any campus web resource.

 

How Do I Get Help?

 

Further information regarding Duo can be found at ( http://www.memphis.edu/its/security/duo.php ). For assistance, please contact the Service Desk at 901.678.8888.

 

Regards,
Robert

 

Welcome! An Important Message about IT Services and Security

Information Technology Services (ITS) welcomes you to the University of Memphis and wishes you a successful academic year.  We understand this is an exciting time for everyone as the semester begins. However, we want to take a moment to provide you with these important reminders.

We encourage you to review tips for protecting your personal information on the ITS Security website. Additional security information is accessible by clicking links on the left-hand side of that page.  If you receive any suspicious email, you may forward it to abuse@memphis.edu for analysis.

 

For technical assistance, please visit umHelpdesk to submit your requests online, call 901.678.8888, or email umtech@memphis.edu. Visit the umTech page for more information.

 

Finally, please be sure to review the policies regarding information technology located on the Policies and Procedures website. We encourage you to especially review the following policies:

 

Campus Data Security Policy

Data Access Policy

Security and Protection of Electronic Information Resources

Acceptable Use of Information Technology Resources

 

If you have any questions or concerns, please don’t hesitate to contact me!

Regards,

Robert

ITS Strategic Planning

Each spring, Information Technology Systems (ITS) collects feedback from students, staff and faculty using the Techqual survey. This year that feedback will be supplemented by a review of our organizational effectiveness, and the results from both efforts will support this year’s strategic planning effort. Ben Bryant has agreed to assist with our review of organizational effectiveness.

 

Mr. Bryant, a founder of SCB Computer Technology in 1976, has over 40 years of experience in the IT industry and has a long history of supporting the University. He holds BBA and MS degrees from the UofM and has served on the UofM Board of Visitors since 1997. He was appointed Executive in Residence at the FedEx Institute of Technology in 2010 and continues to serve the University as Executive in Residence at the Crews Center for Entrepreneurship.

 

As part of this engagement, Mr. Bryant will confer with individuals throughout ITS and the University. We anticipate the review will be completed by June, 2016 and recommendations will be reviewed to identify opportunities that can be leveraged to increase operational efficiencies and effectiveness within ITS. Mr. Bryant can be reached at 901.678.1597.

 

Meetings with Ben Bryant will be coordinated as needed during the coming weeks. Please contact me with any questions about this process.

Regards,

Robert

Ransomware

The ITS Security team would like to make the campus community aware of a new piece of malware, called “Locky”, that is actively being circulated online.  Locky is part of a new breed of malicious software called ransomware, as its primary purpose is to encrypt or “lock” a user’s files and force the individual to pay a ransom to regain access to their files.  This malware is also doubly dangerous as it not only encrypts all of a user’s files on their local computer, but can also infect files on any networked file share that the user may share with others.

Locky is currently being spread via email as an attached Word document.  When opened, the Word document will initially appear corrupt, but will prompt the user to enable macros in order to see the full content.  While macros are disabled in Word by default, clicking the prompt to enable macros will cause the computer to download and execute the malicious software that is responsible for encrypting all of the files.

Please use caution when opening any attachment received via email if it is unexpected, from a sender unknown to you, or the language or content is suspicious in any other way.  If you receive an attachment that you are unsure of, you may report the content to abuse@memphis.edu for further analysis.  If you do open an attachment that appears to be suspicious or malicious, please contact the ITS Service Desk by phone at (901) 678-8888, via email at umtech@memphis.edu, or your LSP for further assistance.

For additional information regarding malware, phishing, and other online threats, please visit the ITS Security website at http://www.memphis.edu/its/security.

 

Email Phishing Attempts

Sophisticated email phishing attempts are being conducted in an effort to compromise University accounts.  These emails may contain content such as a request to reactivate your account, an unexpected invoice for a service, or a notice of a false court hearing.  Please use caution when opening any email attachments or clicking any links within suspicious emails.

Information Technology Services (ITS) will never ask you for your username and password via email or over the phone.

If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at (901) 678-8888.  If you mistakenly opened an attachment or provided your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.

Additional information regarding keeping your University account safe can be found at http://www.memphis.edu/its/security/.

Information Security Training Session

ITS is once again offering a training session in Information Security on February 8th, 2015, from 12:00 p.m. – 1:00 p.m in UC 261. We encourage all faculty and staff, especially those with administrative roles, to attend this session to learn more about what you can do to help protect the University’s systems and resources.

Registration for the Information Security session is via the Learning Curve website at http://learningcurve.memphis.edu.

Steps to register:

  • Visit the site and click “ Manage your training”
  • Login with your user name and password
  • Under Registration on left menu, click “class schedule/registration”
  • Select “View All” in the category dropdown box
  • Scroll down to the Information Security session and click “Register”

Please report any problems registering to the ITS Service Desk at extension 8888.

Alert: Malicious Adobe Email Attachment Circulating On-Campus

On Tuesday, January 26th, 2016, a number of UofM users received a message purporting to be from the Adobe Creative Cloud service with a Subject: line of “Adobe Invoice”. The message contained an attachment called “invoice.doc”, that when opened, would attempt to connect to a remote server and install malicious software on the recipient’s computer.

The remote server has since been taken offline and ITS staff are working with units who may have had computers that were impacted by the malicious attachment. If you received one of the “Adobe Invoice” emails with the invoice.doc attachment, please delete the email message and do not attempt to open the attachment.

If you opened the attachment, please contact the ITS Service Desk by phone at (901) 678-8888 or via email at umtech@memphis.edu  or your LSP for further assistance.

For more information about IT security, please visit the ITS security website.

Technology Recall: Surface Pro

Technology Recall:

Microsoft has issued a voluntary recall for Surface Pro, Surface Pro 2, and some Surface Pro 3 devices. To check if your device is eligible, visit the Microsoft AC Power Cord Recall website.

For a personal device, Microsoft will ask that you sign in or create an account for communication about the recall process. Note: This is not your University of Memphis account information.

For a University-owned device, contact the IT Service Desk (email: umtech@memphis.edu phone: 901-678-8888) or AskTom Chat. Your LSP will assist with the recall process.

Important Announcement: Change in Password Reset Process

Important Announcement: Change in Password Reset Process

In an effort to enhance security of passwords and protect University data, ITS will implement a change in its Password Reset service. Effective immediately, the ITS Service Desk (Tier 1) will no longer, administratively, change passwords.  All UofM affiliates (faculty, staff, students, alumni, former students, etc.) will be encouraged to visit the University’s self-service Identity Management website located at https://iam.memphis.edu.  Here, you can initialize your account, reset your password, retrieve your UUID and answer your security questions to regain access to your account.

 

In addition, remember these important tips to ensure your data is secure:

  • Never share your password with anyone. This includes a UofM employee, friend or relative.
  • Beware of phishing emails that attempt to lure you to malicious websites.
  • Watch for email notifications about your password changing. If you did not change your password, please contact the Service Desk immediately.
  • Never respond to an email request for your username and password, or any other request to “verify” your account.

 

For more information about IT security, please visit the ITS security website located at

http://www.memphis.edu/its/security/index.php.