Regis ITS Security shares updates, reminders
Happy New Year from Regis ITS Security!
Last year was full of great changes and we couldn’t have done it without the support from our wonderful community! We’d like to take this time to review the changes made and provide reminders to ensure we stay vigilant against malicious actors.
Successes:
- We’ve achieved Gramm-Leach-Bliley Act compliance.
- Successfully enforced Multi-Factor Authentication across our Regis systems. We will also be reviewing how sponsored accounts are used in our community as a project moving forward.
- Phishing reporting button added to Outlook
- Migration from Carbon Black to Microsoft Defender
Reminders:
OneDrive:
OneDrive is the official data storage location for Regis University. By centralizing Regis’s data storage with OneDrive, we are able to reduce our costs, improve the integrity and security of the data, reduce redundancy of files and improve user experience by working with a single platform. Moving forward, please only use OneDrive as your primary data storage location. With your help, we ask that you start migrating away from other services like Dropbox as we will be requiring OneDrive as your storage location in the future.
Email Use:
Did you know that malicious actors create “social profiles” of you online before they launch a phishing attack? If they know you’ve used your work email to register elsewhere, all they have to do is disguise their message as a legitimate notification from a service that you really registered for. By using your Regis work email for personal use, this becomes a much easier process for malicious actors. We ask that you only use your Regis email for Regis related activities.
Phishing:
Phishing attacks are a constant threat to a campus and are becoming more sophisticated each day. These attacks can put personal and university data and systems at risk. We encourage the Regis University community to take an active role in protecting themselves against phishing attacks.
How do I identify a phishing email?
The first rule is remembering to never give out any personal information in an email! This includes SSN, driver’s license information, addresses, etc. There are also visual cues to watch out for like unfamiliar greetings, inconsistencies in email addresses, links and websites (domains) and emails that contain links and attachments or forms to complete.
- An unfamiliar greeting
- Something that can arouse suspicion is an unfamiliar greeting. Words like “customer," “account holder," or “dear sir/madam” may be a sign that this is a phishing email.
- Inconsistencies in email addresses, links and websites (domains).
- You will often see grammar errors and misspellings in the body of the email and the sender address. If the email includes links or attachments that are allegedly from Dropbox, but when you hover over the link to verify and it doesn’t include “dropbox.com,” that is a huge giveaway.
- Threats and urgency!
- Any email that sounds urgent or includes threats and negative consequences should be considered suspicious. The malicious actor hopes that with urgency you may not examine the email thoroughly.
See something, say something!
You can report a suspicious email which dramatically reduces the impact of an attack against our community by using the Barracuda Essentials button in the top right of your Outlook email.
- Highlight the email in Outlook that is suspicious
- On the top right of Outlook, CLICK the “Message Actions Barracuda Essentials” button
- Click the blue “Report & Provide Feedback” button
Traveling:
Notify ITS when you will be using Regis systems when traveling out of state for extended periods of time. This helps ITS validate user activity when reviewing suspicious sign-in properties associated with your account and avoids potential account lock outs. Please call the Help Desk (303) 458-4050 to inform ITS.
Stay Informed:
Communication is important! Every month we host a community meeting to discuss topics related to current IT issues, projects, policy, best practices, and future roadmaps. We also intend for the meeting to be an open forum for community members to speak with IT staff and ask questions they may have. We look forward to seeing you there!
- When: First Monday of each month, 2 p.m. MST
- What: Open discussion about all things related to Regis IT
- Who: Regis ITS staff and community
- Where: https://regis.zoom.us/j/5046726055