by ·Comments Off on Monthly Cybersecurity Newsletter – January

January edition:

Creating a Cybersecure Home

(https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201801_en.pdf)

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

by ·Comments Off on Vulnerabilities: Meltdown and Spectre
What are the vulnerabilities?
A design flaw in computer processors (CPU’s) announced earlier this week introduced two vulnerabilities,?Meltdown (CVE-2017-5754) and?Spectre?(CVE-2017-5753 and CVE-2017-5715). 
Meltdown primarily affects Intel CPUs and a demo code has been released to exploit the vulnerability. Many vendors have already released patches to address Meltdown. Because of the nature of the vulnerability, these patches may impact performance. Spectre?not only affects Intel processors but also AMD and ARM processors. This flaw is harder for attackers to exploit, but may be more difficult for companies to fix.?
 
What is the risk?

These bugs could allow hackers to steal data from your devices through malicious software or a hacked website, however there are currently no reports of this vulnerability being exploited by hackers. These vulnerabilities affect computer hardware dating to the mid-1990s, so updates to operating systems such as Windows, macOS, Linux, Android, and iOS are required to protect devices from these flaws.

 
What should I do?
Patching this vulnerability on servers, endpoints, and mobile devices is the only way to ensure it will not be exploited. Due to the large number of systems impacted, patching solutions will vary in both availability as well as potential impact. Denison ITS staff will test and deploy patches to College-managed technology resources (including College-owned computers), prioritizing based on system criticality.  
 
For your personally owned devices — including smartphones, tablets, home computers, etc. — we recommend you use your device’s software update feature to make sure you are updated to the latest versions. This includes updating web browsers like Chrome and Firefox to the latest versions, which contain some protections against Spectre and Meltdown. Some manufacturers will be releasing updates in the weeks to come, so we recommend you continue to check your device’s update features for new versions. If you are running an old, unsupported operating system, you may need to update to a newer operating system version. 

by ·Comments Off on Monthly Cybersecurity Newsletter – December

December edition:

Lock Down Your Login

(https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201712_en.pdf)

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

by ·Comments Off on Announcing Gartner Campus Access in MyDenison

Denison community members now have access to Gartner Core Research. The link to “Gartner Research” can be found on the MyApps tab within MyDenison.

Gartner is the world’s leading research and advisory company, helping business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

 

Campus Access Benefits to Faculty and Students

Researchers and academic staff
• Plan courses that are relevant and innovative for business and IT
• Access data and information to substantiate the evidence in research
• Use a common business language
• Offer materials that can complement lectures and seminars
• Leverage expert opinion when drafting dissertations and research papers
• Benchmark and appraise commercial opportunities related to research initiatives

Students
• Gain exposure to real-life business case studies, trends and expert opinions
• Enhance practical understanding of how organizations have re-engineered their
processes to increase revenues, reduce costs, and increase market share
• Understand and keep up to date on technologies and tools available
• Obtain validation and research for papers
• Discover how organizations improve operational effectiveness
• Easily find and download documents that enhance insight and understanding
of subjects and courses

by ·Comments Off on Monthly Cybersecurity Newsletter – November

November edition:

Shopping Online Securely

(https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201711_en.pdf)

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

by ·Comments Off on Cybersecurity Trick or Treat

October is National Cybersecurity Awareness Month, and while hackers try to trick us all the time, we’re here with some treats for the Denison community:

Keep your account safe with two-factor authentication!

  • Over the last year, 37 individuals have had a suspicious login on their Denison account, which typically indicates that their password has been compromised by a malicious actor. Google helps us detect those events after they’ve occurred, and two-factor authentication (2FA) goes one step further by protecting your account during login.
  • Two-factor authentication is now available for your Denison account via our partnership with Duo – Enroll in Duo today to keep hackers from accessing your email and Google Drive files!

Bring your cybersecurity questions to the upcoming cybersecurity workshop for faculty and staff.

  • Visit us on October 25th from 1:30 to 2:30 PM in Talbot 212. Please RSVP.

How many times has your personal information been exposed to hackers?

  • This tool from the New York Times will help you determine your minimum level of exposure.

Cybersecurity awareness training for employees.

Google will start reminding us to stay alert by marking HTTP websites with forms as “Not Secure” in the Chrome browser.

  • Look for this change in an October update of Google Chrome.

 

 

by ·Comments Off on Monthly Cybersecurity Awareness Newsletter – October

October edition:

Helping Others Secure Themselves

(https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf)

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

by ·Comments Off on Monthly Cybersecurity Awareness Newsletter – September

September edition:

Password Managers

(Note:  Denison ITS recommends LastPass)

(https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201709_en.pdf)

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.

by ·Comments Off on Equifax Data Breach Information

What is the Equifax data breach?

On September 7, 2017, Equifax CEO Rick Smith announced that on July 29, 2017 Equifax suffered a data breach between May and July 2017. The breach may have included the personal credit information of 143 million Americans, including social security numbers, birthdates, addresses, driver’s license numbers and credit account information. As a point of comparison, there are only about 126 million households in America.

What does this mean for me?

If a malicious actor were to get your personal information, they could sell it, or use it to impersonate you. They could open credit accounts in your name, and use them for illegal means. This could lead to lowering your credit score, or having charges pressed against you for non-payment. It is a serious breach, but we are all in this together.

What can I do to protect myself?

  • Consider a credit monitoring/protection service – Equifax has a website, www.equifaxsecurity2017.com, where you can check to see if your record is impacted. After you enter your last name and last 6 digits of your social security number (SSN) it will tell you whether your personal information was part of the breach. Afterward, it will give you the opportunity to enroll in TrustedID Premier*. Based on the number of enrollments, they will give you an enrollment date. On your enrollment date, you will have to return to the link they gave you and continue through the enrollment process. Once enrolled, Equifax will monitor your credit and alert you if there is a problem. *NOTICE:  The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.
  • Setup your personal account on SSA.gov – The stolen information from this breach could potentially be used to open an account with the SSA and perpetrate tax fraud. We recommend creating an SSA account as a preemptive measure.
  • Consider freezing your credit accounts – A freeze tells the four major credit agencies that your credit report should not be shared and a new line of credit should not be opened when requested. You can unfreeze your account with a PIN if you want to take out a loan in the future. In order to freeze your credit, you must notify each of the major credit bureaus. Brian Krebs, a renowned information security professional has a great post that covers this topic in detail.
  • Check your credit report annually – The Ohio Attorney General website has more information.

What if I have more questions?

In addition to information provided on www.equifaxsecurity2017.com, Equifax also has a toll free number setup, 1-866-447-7559, although some callers are reporting a fast busy signal due to high call volume.