Next week we have two events being held. September 22, 2020 is the Protecting yourself against cybercrime 2021 workshop from 2:00 pm to 3:30 pm. This is a great opportunity to complete your mandatory training and ask as many questions about cybersecurity as you like.
If you are not able to make the training but still would like to discuss cybersecurity, join us for the Cybercafe on September 24 at 3:00 pm. For 30 minutes you can ask all your burning cybersecurity questions. Our Security Administrator will be joining us, so the questions can get as technical as you like. While you can ask anything you like, I will also be presenting a current news item as a topic of discussion. Check back on September 23 to see what that topic will be.
See you there!
All malware is not created equal. This week a particularly devious piece landed in an MRU inbox. It was wrapped up in a zip file attachment. Here is what the malicious email looked like:
This malicious email is hard to identify as it contains a previously sent email thread. Interestingly enough, there is no human behind this email. It was sent by malware. When it gets on your machine it picks an email in your inbox and replies to it. Sending a copy of itself to an unsuspecting recipient.
The email is generic enough to work with pretty much any email. However it is the vagueness that flags it as suspicious. The other tell is the sender’s email address. Because this is malware and not a person sending out the email, the sender’s email address is incorrect.
If you decide to click and open the attachment, you see an Excel spreadsheet with this in the first cell.
If you missed the other two red flags, this one is your last chance to dodge the bullet. This very official looking graphic is asking you to enable editing and content to be able to “decrypt” the document It is also telling you what type of device to use to view it. Anytime you have this kind of instruction given to you to view a document, close it immediately and report it.
The instructions are not there to enable you to view the document. They are there to ensure the malware can be installed and will function. By asking you to enable editing and content, it is bypassing the safety controls we have in place to prevent the running of macros. It is not “decrypting” anything. If you can’t open a document just by clicking on it, consider it a threat.
This is another reminder how important it is to check the sender’s email address before you open an attachment or click on a link. If you recognize it, contact the sender using another method and confirm that they sent the email. If you don’t recognize it, don’t click. You wouldn’t take candy from a stranger, you shouldn’t take attachments from them either; no matter how enticing they are.
I know it is hard to believe, but it has been 5 months since all of us were sent home to work. Being jettisoned into a working from home environment with little preparation has its challenges. With the lines between work and our personal lives being blurred, it is normal for our file management to become a little chaotic. The introduction of the new VPN service in the middle of all that certainly didn’t help. I am pretty sure I supported 48.7 people through the transition. Now that things have calmed down a bit and it is apparent we are going to be working from home for the foreseeable future, I thought a few file management tips would be helpful.
Give everyone their own profile on shared computers
Not everyone has the ability to have a separate computer for every member of the family. Often we have to share with others in the household. By creating a separate profile for each person, you limit what they can access. To use the computer they login to their profile which is secured with a password. What applications they can use and what documents they have access to depends on which user profile they are logging into. While this doesn’t completely protect your data, it does limit the damage that can be done. You can find more information on setting up user profiles on How To Geek.
Use a different browser for work
Keeping your work and personal life separate is not easy when you are using the same computer for both. If you have a personal gmail account, you have seen how easy it is to accidentally send an email to your boss with your personal email address and save that report you were working on in your personal Google Drive. Both confuse your colleagues into thinking you are a hacker trying to gain access to the network. As well it makes it difficult for you to find things.
By using a separate browser for work, all your work bookmarks are in one easy to find place. In addition when you send an email or save a document, it will be your Mount Royal email and Google Drive login credentials that will be auto-filled rather than your personal ones.
Save your documents in Google Drive or the MRU Network
When we are in a hurry, it is easy to click the Save button and then put that document on the default drive. Unfortunately, that is often the C: drive or your desktop. If your hard drive crashes, the files will be lost unless you back them up onto another drive. In addition, if you are due for a new machine, you will loose any data stored locally. Remember, IT Services does not back anything up when they replace your machine.
Make your life easier, save files on your MRU Google Drive. If you find the Google Drive too onerous to use, download Google Drive File Stream. It will add a G: drive to file explorer allowing you to save and open documents just like you do with the C: drive. A Mac version of Google File Stream is also available.
If you don’t like using the Google Drive, you can download files from the MRU network using Webfiles. Once your work is done, don’t forget to upload them back onto the network. Remember files left on your C: drive or desktop are vulnerable. Don’t leave them there.
Limit access to shared documents to those with a Mount Royal email address.
If you are sharing documents with colleagues or students, limit who can access them by choosing to share them with those who have a Mount Royal email address or a specific email address. This ensures that even if someone outside of the University community gets a hold of the link, they cannot access the document.
If someone requests access to this document later on, deny them access and remind them to use their Mount Royal login credentials to view it. This prevents hackers who are using a generic Gmail account from impersonating a colleague or student and tricking you into giving them document access.
If you have VPN access don’t download files to your home machine
Some of you need VPN access to remote in to your MRU workstation. If you have this type of access, you are working with sensitive data. That data must stay on the Mount Royal network. Do not download it to your machine at home.
Remember to give yourself a pat on the back
We are all working in less than ideal conditions trying to deliver ideal results. I hope these tips make that a bit easier. Don’t forget to give yourself a pat on the back for doing a great job. You rock!
It’s that time of the year again. Last year’s cybersecurity awareness training is being archived and the new training program is being launched. This year we not only have a new program, but we have a brand new tool to deliver it, The Security Education Platform by Proofpoint.
Thanks to this new tool, we are able to mandate cybersecurity awareness training for all employees! While everyone has access to the online training tool, depending on your role you may be able to take a workshop to meet your training requirement. On Monday, August 17 the new training goes live!
If you have any questions about the new training platform, contact me at firstname.lastname@example.org or call me at 403-440-6329.
Employees who are set up to use ‘remote desktop’ will need to save their work and power down their campus PCs from home 8 p.m. on Sat., July 18 for an annual maintenance shutdown. PCs will automatically be turned on the following morning at 8 a.m. Employees who are working on campus will need to power down their PCs and empty fridges of any perishables before leaving work on Friday, July 17.
Currently, people across the University use the Pulse Secure VPN also referred to as SRAS to create a secure encrypted connection between their home machine and their MRU workstation. Unfortunately, budget constraints are requiring us to move to a more cost effective service. The new service is called GlobalProtect. The good news is, it is more powerful and easier to use.
The move from Pulse Secure/SRAS to GlobalProtect is happening in phases. Although everyone on campus who has access to Pulse Secure will also have access to the new service, you aren’t required to move over until you have received a notification with instructions on how to install, configure and use the new service.
The Working Off Campus webpage has everything that you need to know about the move and how to use the new service including user manuals and a list of FAQs. As always, you can contact the Service Desk for support.
We know that working from home is frustrating enough without having to deal with a new service, unfortunately it couldn’t be helped. We apologize for any inconvenience.
With the Phish Bowl up and running I don’t do many posts about phishing emails any more. However one showed up on campus this week that provides such a great teaching opportunity, that I had to write about it.
Here is the offender:
To make things even more confusing, the email links to a legitimate Google Form. Clicking on the Fill Out Form button, does indeed take you to a Google form. Nothing malicious is loaded onto your machine and the form looks like a completely legitimate evaluation form, with one exception. It asks for your Microsoft ID and password.
Any time any form asks you for a password, no matter how legitimate it looks, exit the form immediately. If you do enter your credentials and then realize that you shouldn’t , change them immediately.
IT Services is proud to announce the launch of a new reporting process for phishing emails. If you are an employee, you will be able to use our new PhishAlarm button. If you are not, you can forward emails to email@example.com, our new email address for everything cybersecurity related.
Reporting a malicious email as an employee
If you have taken a look at your Gmail side panel, you may have noticed this .
If you don’t see your side panel, click the arrow in the bottom right hand of your screen.
Previously if you found an email that you thought was dangerous to your colleagues or you weren’t sure if it was legitimate, you had to click the Forward button and then type in firstname.lastname@example.org in the To field. Now we have a handy button.
To report a malicious email using the PhishAlarm button
- Open the email
- Click the PhishAlarm button in the side panel.
- Click Report Phish. A confirmation pane appears.
- Click the X to close the confirmation pane.
Not only is the PhishAlarm button super easy to use, it sends the cybersecurity team more information about the email making it easier to investigate. It’s a win for everyone!
While we won’t be ignoring emails sent to email@example.com, we are encouraging employees with phishing email concerns to use the PhishAlarm button. If you click the button and see a popup displaying something that looks like this:
You are not registered as an authorized user. If you are an employee, completing a registration form will rectify the problem. If you are not, you are unable to use the PhishAlarm button and will have to forward suspicious emails the old fashioned way.
Reporting a malicious email if you are not an employee
Unfortunately, we are unable to offer the functionality of the PhishAlarm button to those who aren’t employees. You will still see the PhishAlarm button, but if you try to use it you will get an unauthorized user notification.
The good news is, we have created a new email for reporting cybersecurity incidents, firstname.lastname@example.org. This new email will make it easier for the cybersecurity team to identify which reported emails are a priority and to respond quickly. While we won’t be ignoring emails sent to email@example.com, we are encouraging people to use firstname.lastname@example.org going forward.
With everyone working from home, our popular sticker program no longer worked. However, we have come up with a terrific replacement…digital stickers!
Just like before you can earn the stickers by reporting phishing emails. However you can also download them from the MRU Cybersecurity Hub. Instead of putting them on your electronic devices, we are asking people to add them to the end of their email signatures. Everytime you send out an email, the recipient will get a nice reminder of how to stay cybersafe.
As before, you can still earn contest entry codes for the Cybersecurity Challenge. However instead of sending me a picture of your sticker, just send me an email requesting a code with the sticker in the signature.
Every quarter there will be a new sticker and a new code! Happy collecting!!
If you haven’t completed your cybersecurity or PCI awareness training for 2020 yet, you might want to do that before the end of the month. We have a new training tool that we will be introducing July 1. As a result we will be losing access to our current training videos and interactive pre-tests on April 30.
To tide us over until the new tool is rolled out, on April 29 I will be uploading new videos with quizzes. However, you will not have the ability to test out of the video and it will take longer to complete the training. I apologize for the inconvenience, however you can look forward to more targeted training once the new tool is rolled out.
The good news is, you still have a few days to complete the current version of the training. If you have any questions , please feel free to contact me at email@example.com.
04/27/20 update: There has been some confusion around the security awareness training completion date. The deadline has not changed, you still have until June 30 to complete your mandatory training. The only difference is if you complete it before April 30, it will be easier.