Cybersecurity

What is "Phishing"?

Attackers attempt to obtain information by posing as a trusted individual or institution and asking you to provide information.

There has been an increase in fraud and scam emails. Currently, this has taken the form of fraudulent job postings.

Fake job postings come as unsolicited emails sent to directly to your account or through online job-listing sites. We advise students, faculty and staff to avoid being scam victims by following these guidelines:

Beware if the email or job posting:

• Does not indicate the company name
• Comes from an email address that doesn’t match the company name
• Offers to pay a large amount for almost no work
• Offers you a job without ever interacting with you
• Asks you to pay an application fee
• Wants you to transfer money from one account to another
• Offers to send you a check before you do any work
• Asks you to give your credit card or bank account numbers
• Asks for copies of personal documents
• Says you must send payment by wire service or courier
• Offers you a large payment for allowing the use of your bank account – often for depositing checks or transferring money
• Sends you an unexpectedly large check

No legitimate employer will send payment in advance and ask the employee to send a portion of it back. DO NOT provide any personal information, especially social security numbers or financial information! 

Phishing Resources

• Don't Let Phishing Reel You In
• Avoiding Social Engineering and Phishing Attacks
• Learn how to recognize phishing emails
• Phishing Attack Telltale Sign

Report a phishing attempt by the Phish Notify button in Outlook or calling 701.777.2222.

Current Phishing/Scam Emails

• Researchers: 30,000& increase in pandemic-related threats
• Phishing uses lay-off Zoom meeting alerts to steal credentials
• Scam Alert: Boss emailed asking you to buy gift cards for clients? Be careful?
• Convincing Office 365 phishing uses fake Microsoft Teams alerts
• Abnormal attack stories: DocuSign phishing
• Microsoft warns of COVID-19 phishing, spreading malware
• Microsoft warns of 'massive' phishing attack
• Persuasive Office 365 phishing uses fake Zoom suspension alerts
• A vicious malware wants you to upgrade to Microsoft Word. Be mindful before clicking

UND Anti-Virus Software

It is strongly recommended that personally owned computers connecting to the UND network have anti-virus software running at all times.

All UND owned computers connecting to UND network are required to have university’s antivirus software. UND provides SCEP (System Center Endpoint Protection) free of charge. For additional information about endpoint protection, please visit with your IT department or UND Tech Support.

Approved Ant-Virus Software for the UND Network

North Dakota University System Security

To provide increased security, the North Dakota University System has implemented Duo two-factor authentication when accessing sensitive information in PeopleSoft HRMS Employee Self-Service and all areas of PeopleSoft Finance from on and off campus locations.

Two-factor authentication adds a second layer of security to your online accounts by requiring a second factor (phone or other mobile device). This prevents someone from accessing your account, even if they have your username or password.

Learn more about Duo Two-Factor Authentication.

Duo Two-Factor Authentication

Duo is no longer able to deliver automated phone calls for authentication to users with +86 numbers. International students attending UND with a +86 country code (China) may experience this issue. All other authentication methods, including phone-based options such as Duo Push and SMS passcodes, are not affected. 

• Using Duo Two-Factor Authentication
• Why might Duo phone callback authentication fail to Chinese +86 numbers?

All-In-One Security Key

Users can purchase an all-in-one security key through the Yubico website. In order to work with Duo Two-Factor Authentication, keys will need to be set up by a Duo admin and assigned to a user.

Secured UND Network

Campus users can now select to join the UND secured wireless network.

This secure wireless connection includes complete encryption between endpoints. 

On the Welcome to the UND Network page, Select Click here to join the secured UND network to connect.   

How do I connect to the UND secured wireless network?

• Approved Anti-Virus Software for the UND Network

UND Secured File Share

Secure file share is a secure way to send files that requires the sender to login with their NDUS.identifier credentials and also complete DUO authentication. Senders must be signed up with DUO first. After logging in, the sender can drag and drop files to send. Once sent, the recipient will receive an email that comes from the Sender’s Name [liquidfiles.admin@ndus.edu]. The email will contain a link to the file/s. Once the recipient clicks on the link, they will be prompted to enter NDUS.identifier credentials.

LiquidFiles User Guide

Security Policies and Procesures

There are laws and regulations that require the university to apply certain security safeguards around various categories of sensitive institutional data or information. University policies are written to support institutional compliance with these laws and regulations.

CIO Policies & Procedures

What is Phishing?

“Phishing” is a tech industry term for a kind of cybercrime where people try to fool other people into sending them money or revealing personal information online. The name comes from the idea of fishing: scammers send a message that acts as bait, hoping to “hook” someone.

How to Identify a Phishing Email

The good news is that you have the power to throw these phish back! Let’s take a minute to talk about what you can do to avoid phishing.

1. Just be cautious. Remember the old warning about not talking to strangers? It goes double on the internet, since anyone can pretend to be anyone else and an email from an exciting new friend could actually be a trick. Ask your potential phisher to provide proof or explain their amazing offer in detail, and you’ll trip up an attacker really fast.
2. Remember not to share sensitive information through emails. Details like your passwords, credit card numbers and Social Security Number are things that no legitimate company would be asking you for in an email. 
3. If you suspect you’ve received a Phishing email you can report it to UND UIT via the Phish Notify button in Outlook or calling 701.777.2222 

Resources

• Don't Let Phishing Scam Reel You In
• Team Dynamix
• Email Security - Phishing Emails

Importance of  Strong Passwords

Passwords! They can be a headache, especially when people worry about password safety. Sometimes it seems like that in order to be safe, your password must contain letters, numbers, punctuation, emojis, colors and at least one Egyptian hieroglyph. 

How to Create A Strong Password

But the truth is that it’s easier to create a long, strong, safe password than most people think. Let’s take a quick look at a few tips for making a password that will keep your account safe. 

1. You can use a passphrase instead of a password. Passphrases or sentences will always be longer than a single word (which is good, because government advice now suggests that passwords be anywhere from eight to 64 letters long!) and they stick in your mind better, because they have more meaning.
2. Make sure it’s something you can remember without writing down. If you do have to write down your password, make sure to protect that paper really carefully — like locking it in a desk drawer or safe.
3. Check your password strength online.   Many cybersecurity companies have free password strength checkers available.
4. Check out our infographic on shaking up your passphrase protocol and pick up a few good tips on creating and protecting strong passwords. 

Importance of Multi-factor Authentication

“Multi-factor authentication” (MFA) is a tech industry term for using different types of verification to get into an account. The idea is that you use multiple things at the same time to really prove that you’re actually you. A password is one example of a factor; a fingerprint is another. 

Multi-factor authentication makes it much harder for hackers to break into people’s accounts. If they have one password but not the other one or two factors that they need, then they can’t get into that account after all.

Tips for Authentication

1. Check whether you can set it up on any of your accounts. Most accounts that you’d want to protect offer it. In a setup like this, the account will ask for something in addition to a password — usually, sending a text message to your phone. 
2. Use different types of authentication. There are different types of factors: something you know, something you have and something you are. Use factors from different families for extra protection.
3. You can use authenticator apps to easily handle two-factor authentication for multiple accounts. 

Staying Safe on Social Media

There are more than four billion people on the Internet today, and many of them use social media to communicate. But while social media can be fun and a great way to chat with friends, it can be risky as well. When people share personal information about themselves, they may become targets for scammers and identity thieves.

However, you can take a few simple precautions to keep yourself and your friends and family safe on social media. Here’s how. 

First, always use the strongest privacy settings you can. Check the Settings section of your social media profile and make sure what you’re posting can only be seen by your friends.

Second, think about what you post before you post it. It’s easy for people to misunderstand a joke or a fun meme, especially with billions of people out there who might see it. It’s easy to avoid this, though. Think of your social media as your outfit: there are some things you wouldn’t wear in public because people would laugh or think it wasn’t a good choice.

App Safety

Apps are part of our lives now. Remember that slogan, “There’s an App for That”? Nowadays, it seems like there really is an app for everything — from games to shopping, fitness, beauty, hobbies and more. No wonder that almost 50% of all smartphone users download at least one new app a month. 

Just like with any device or program, though, it’s important to choose and use your apps carefully. Some apps may be scams or contain viruses. Here’s what you can do to keep yourself safe. 

First, look out for permissions. Any time you install an app, it’ll ask you to allow it permission to access functions of your device — stuff like the camera, text messaging ability and contacts list. But should a fitness app need to use your camera, or a game need to know who you call? You can click “Deny” to keep an app from getting certain permissions. 

Second, get your apps from the official sources. Apple App Store and Google Play have standards for what apps they include, and something from the official store is less likely to cause problems for you.

Resources

STAYING SAFE ON SOCIAL MEDIA 

APP SAFETY TIPS[BROKEN LINK]

Data Protection

Today, personal data is more important than ever. Lots of organizations collect information while doing business, and that means if those organizations get hacked, that customer info gets exposed to the world. 

Your smarts, though, can make a difference and help protect those people who trust you with their data. Let’s talk about protecting personal and customer information. 

First, it’s important to know what you can and can’t collect. You can usually find that information within your department training program and policies.  You should also be familiar with the university policy on data classification and information technology standards located at below web link.  Being familiar with the types of data such as private or restricted and how to properly identify, store, transmit, and destroy will help ensure compliance, keep data secure, and keep you out of trouble.     

Some ways you can help protect personal or sensitive data is to utilize secure means of transmitting such as UND Liquid Files or via VPN connection, controlling access to data by limiting to only those with need to know, not storing private or restricted data on your local hard drive, and deleting data when no longer needed.

Second, be aware of possible trouble. Some data, like email addresses, seems harmless enough, but it can be exploited by a scammer. If someone approaches you and asks for personal or customer information, you’ll be the first line of security between an innocent person and someone wanting to steal their identity.  It is okay to be suspicious when someone asks for info. 

Resources

CUSTOMER DATA PROTECTION 

UIT POLICIES

Starting Your Career in Cybersecurity

Behind every new report of a data breach, data leak, or computer hack is a company or organization scrambling to put out the fire, which is great news for job seekers or soon-to-graduate students with cybersecurity skills. Unfortunately, this is bad news for most companies because there is currently an imbalance between the supply and demand of skilled professionals to address these vulnerabilities.

The 2018 (ISC)² Cybersecurity Workforce Study estimates a global shortage of cybersecurity professionals of around three million workers. This shortage of skilled job seekers is having a real-world impact on companies and the people responsible for cybersecurity at those companies. The study also points out that Gen X and Baby Boomer workers make up about half of the current cybersecurity workforce, leaving many entry-level opportunities for new college graduates and pathways for growth as these more experienced workers approach retirement age.

The need for trained cybersecurity professionals is not going to go away. The US Bureau of Labor Statistics projects a 28% growth in US employment for cybersecurity consultants between 2019 and 2026. How can students go beyond the concepts taught in computer science or cybersecurity classes and make themselves more attractive to future employers? We encourage students to take the initiative to learn more about current issues in cybersecurity and take advantage of the many cybersecurity resources available.

Resources

UND Cybersecurity (B.S.) site

UND Online Master of Science in Cybersecurity site

 Start Your Cybersecurity Career

Career in Cybersecurity Infographic