Next week we have two events being held. September 22, 2020 is the Protecting yourself against cybercrime 2021 workshop from 2:00 pm to 3:30 pm. This is a great opportunity to complete your mandatory training and ask as many questions about cybersecurity as you like.
If you are not able to make the training but still would like to discuss cybersecurity, join us for the Cybercafe on September 24 at 3:00 pm. For 30 minutes you can ask all your burning cybersecurity questions. Our Security Administrator will be joining us, so the questions can get as technical as you like. While you can ask anything you like, I will also be presenting a current news item as a topic of discussion. Check back on September 23 to see what that topic will be.
See you there!
All malware is not created equal. This week a particularly devious piece landed in an MRU inbox. It was wrapped up in a zip file attachment. Here is what the malicious email looked like:
This malicious email is hard to identify as it contains a previously sent email thread. Interestingly enough, there is no human behind this email. It was sent by malware. When it gets on your machine it picks an email in your inbox and replies to it. Sending a copy of itself to an unsuspecting recipient.
The email is generic enough to work with pretty much any email. However it is the vagueness that flags it as suspicious. The other tell is the sender’s email address. Because this is malware and not a person sending out the email, the sender’s email address is incorrect.
If you decide to click and open the attachment, you see an Excel spreadsheet with this in the first cell.
If you missed the other two red flags, this one is your last chance to dodge the bullet. This very official looking graphic is asking you to enable editing and content to be able to “decrypt” the document It is also telling you what type of device to use to view it. Anytime you have this kind of instruction given to you to view a document, close it immediately and report it.
The instructions are not there to enable you to view the document. They are there to ensure the malware can be installed and will function. By asking you to enable editing and content, it is bypassing the safety controls we have in place to prevent the running of macros. It is not “decrypting” anything. If you can’t open a document just by clicking on it, consider it a threat.
This is another reminder how important it is to check the sender’s email address before you open an attachment or click on a link. If you recognize it, contact the sender using another method and confirm that they sent the email. If you don’t recognize it, don’t click. You wouldn’t take candy from a stranger, you shouldn’t take attachments from them either; no matter how enticing they are.
Cisco has released an update to their Jabber for Windows application. This update fixes a critical vulnerability that would allow an attacker to potentially execute arbitrary code on your computer without requiring any action on your part while the application was running in the background.
If you use Jabber for Windows please update it immediately. The Jabber for Windows update can be downloaded here. Enter your MRU login credentials when prompted to gain access to the download. Although Jabber for Mac has not been effected, it is still a good idea to keep it updated. The latest version can be downloaded here.
If you are only using Jabber on your iphone or Android smartphone, you are not affected by this vulnerability. For more details, read the Latest Hacking News article.
I know it is hard to believe, but it has been five months since all of us were sent home to work and attend classes. Being jettisoned into a working from home environment with little preparation has its challenges. With the lines between work/school and our personal lives being blurred, it is normal for our file management to become a little chaotic. The introduction of the new VPN service in the middle of all that certainly didn’t help. I helped over 51 people transition to GlobalProtect. Now that things have calmed down a bit and it is apparent we are going to be working from home for the foreseeable future, I thought a few file management tips would be helpful.
Give everyone their own profile on shared computers
Not everyone has the ability to have a separate computer for every member of the family. Often we have to share with others in the household. By creating a separate profile for each person, you limit what they can access. To use the computer they login to their profile which is secured with a password. What applications they can use and what documents they have access to depends on which user profile they are logging into. While this doesn’t completely protect your data, it does limit the damage that can be done. You can find more information on setting up user profiles on How To Geek.
Use a different browser for work
Keeping your work/school and personal life separate is not easy when you are using the same computer for both. If you have a personal Gmail account, you have seen how easy it is to accidentally send an email to your boss/instructor with your personal email address and save that report you were working on in your personal Google Drive. Both confuse your colleagues/instructors into thinking you are a hacker trying to gain access to the network. As well it makes it difficult for you to find things.
By using a separate browser for work/school, all your work bookmarks are in one easy to find place. In addition when you send an email or save a document, it will be your Mount Royal email and Google Drive login credentials that will be auto-filled rather than your personal ones.
Save your documents in Google Drive or the MRU Network
When we are in a hurry, it is easy to click the Save button and then put that document on the default drive. Unfortunately, that is often the C: drive or your desktop. If your hard drive crashes, the files will be lost unless you back them up onto another drive. In addition, if you are an employee due for a new machine, you will lose any data stored locally. Remember, IT Services does not back anything up when they replace your machine.
Make your life easier, save files on your MRU Google Drive. If you find the Google Drive too onerous to use, download Google Drive File Stream. It will add a G: drive to file explorer allowing you to save and open documents just like you do with the C: drive. A Mac version of Google File Stream is also available.
If you don’t like using the Google Drive, you can download files from the MRU network using Webfiles. Once your work is done, don’t forget to upload them back onto the network. Remember files left on your C: drive or desktop are vulnerable. Don’t leave them there.
Limit access to shared documents to those with a Mount Royal email address.
If you are sharing documents with colleagues, instructors or students; limit who can access them by choosing to share them with those who have a Mount Royal email address or a specific email address. This ensures that even if someone outside of the University community gets a hold of the link, they cannot access the document.
If someone requests access to this document later on, deny them access and remind them to use their Mount Royal login credentials to view it. This prevents hackers who are using a generic Gmail account from impersonating a colleague, instructor or student and tricking you into giving them document access.
If you have VPN access don’t download files to your home machine
Some employees need VPN access to remote in to their MRU workstation. If you have this type of access, you are working with sensitive data. That data must stay on the Mount Royal network. Do not download it to your machine at home.
Remember to give yourself a pat on the back
We are all working in less than ideal conditions trying to deliver ideal results. I hope these tips make that a bit easier. Don’t forget to give yourself a pat on the back for doing a great job. You rock!
IT Services is proud to announce the imminent arrival of their new remote file access tool, Webfiles. Previously when you clicked on the Remote File Access link in MyMRU, you were directed to SRAS. This allowed you to upload and download files on the Mount Royal network remotely. This tool was used by students, staff and faculty and was linked to our old VPN Pulse Secure.
As of September 7, 2020 Pulse Secure will no longer be supported and SRAS will no longer function. In preparation of this, we have been moving those using Pulse Secure over to our new VPN Global Protect.
Webfiles will replace the SRAS upload and download functionality. Just like SRAS, it is available to students, staff and faculty. If you use the Remote File Access link in MyMRU to access SRAS, sometime before August 24, 2020 the link will be updated to give you access to Webfiles. If you use secure.mtroyal.ca, to access SRAS, please move over to Webfiles before September 7, 2020 to ensure continued access to remote files.
Change is always challenging however Webfiles is much easier to use than SRAS , making this change a welcome one. For details on how to use Webfiles, refer to the user guide Accessing files and folders remotely using Webfiles. For the latest information on remote file access, visit the Working Off-Campus webpage.
It’s that time of the year again. Last year’s cybersecurity awareness training is being archived and the new training program is being launched. This year we not only have a new program, but we have a brand new tool to deliver it, The Security Education Platform by Proofpoint.
Thanks to this new tool, we are able to mandate cybersecurity awareness training for all employees! While everyone has access to the online training tool, depending on your role you may be able to take a workshop to meet your training requirement. On Monday, August 17 the new training goes live!
If you have any questions about the new training platform, contact me at firstname.lastname@example.org or call me at 403-440-6329.
Employees who are set up to use ‘remote desktop’ will need to save their work and power down their campus PCs from home 8 p.m. on Sat., July 18 for an annual maintenance shutdown. PCs will automatically be turned on the following morning at 8 a.m. Employees who are working on campus will need to power down their PCs and empty fridges of any perishables before leaving work on Friday, July 17.
We have decided to issue the newsletter every second week over the summer. With people going on vacation, readership tends to die down a bit at this time. As we are super busy putting together new training materials, writing documentation and generally getting things sorted for September we thought we would step back from the newsletter a bit.
To keep you up to date on the latest phishing threats, we will continue to add new phishing emails to the Phish Bowl as they come in. Please check it on the weeks that there is no newsletter to stay informed.
You can expect to receive the newsletter on the following dates:
The regular weekly newsletter will return September 4.
See you in two weeks!
Currently, people across the University use the Pulse Secure VPN also referred to as SRAS to create a secure encrypted connection between their home machine and their MRU workstation. Unfortunately, budget constraints are requiring us to move to a more cost effective service. The new service is called GlobalProtect. The good news is, it is more powerful and easier to use.
The move from Pulse Secure/SRAS to GlobalProtect is happening in phases. Although everyone on campus who has access to Pulse Secure will also have access to the new service, you aren’t required to move over until you have received a notification with instructions on how to install, configure and use the new service.
The Working Off Campus webpage has everything that you need to know about the move and how to use the new service including user manuals and a list of FAQs. As always, you can contact the Service Desk for support.
We know that working from home is frustrating enough without having to deal with a new service, unfortunately it couldn’t be helped. We apologize for any inconvenience.
With the Phish Bowl up and running I don’t do many posts about phishing emails any more. However one showed up on campus this week that provides such a great teaching opportunity, that I had to write about it.
Here is the offender:
To make things even more confusing, the email links to a legitimate Google Form. Clicking on the Fill Out Form button, does indeed take you to a Google form. Nothing malicious is loaded onto your machine and the form looks like a completely legitimate evaluation form, with one exception. It asks for your Microsoft ID and password.
Any time any form asks you for a password, no matter how legitimate it looks, exit the form immediately. If you do enter your credentials and then realize that you shouldn’t , change them immediately.