Author: cmc12028

Risk and Compliance Self-Assessment Questionnaire

Starting this week, ITS Information Security Office is sending a Risk and Compliance Self-Assessment Questionnaire to designated IT professionals in each school, college, campus, and department.  The purpose of the questionnaire is to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security posture. In addition to identifying institutional security gaps, this questionnaire also assists UConn in maintaining compliance with federal regulations, policies, procedures, and best practices in areas such as FERPA, HIPAA, PII, backups, and incident response. For more information, visit security.uconn.edu/risk-management.

Wireless Risk, Patch Your Personal Devices

The most commonly used security standard for Wi-Fi networks has been compromised.  A recent Key Reinstallation Attack (KRACK) breaks the handshake that encrypts the connection, and cyber criminals could target nearby Wi-Fi networks. There have been no reports yet of this vulnerability being actively exploited. However, ITS recommends that you take action to protect your devices and data.

The intended targets of this attack are end-user devices.  ITS-supported clients will be patched by ITS, and we strongly encourage that you install security updates on personal devices that connect to a Wi-Fi network as soon as they are available.  Microsoft has patched their operating systems, and Apple will be releasing fixes shortly.  Those with Android smartphones should check with their phone manufacturer or mobile carrier for updates.  Other devices, such as individual wireless routers, should be updated with vendor provided patches.

Please note: You are safe if your connection has other protection, such as HTTPS or VPN.

For more information or assistance, contact the ITS Help Center at helpcenter@uconn.edu.

10-5-17 Phishing Scam Alert

The following phishing scam from a uconn.edu email address is circulating again (see 9-5-17 post).

We will be Shutting Down your Account due to suspicious Activity and Login from a Different IP with your Account which have made us take this decision to safeguard your Account. To avoid Shutting Down of this Account you will be Required to CLICK THIS LINK now and Submit Details as you have just 24Hrs to confirm your Account.

Regards,
System Administrator.

If you receive this message:

  1. Do not click on any links, and do not provide your information. ITS and other University organizations will not send unsolicited requests for UConn credentials or other personal information.
  2. Forward the message to reportphishing@uconn.edu
  3. Delete it from you inbox.

If you clicked on the links:

  1. Change your NetID password immediately.
  2. Set up or change your “secret questions and answers” for your NetID account.

For more a more in-depth discussion of how you can spot phishing scams and protect yourself, please see “Phishing attacks and how to avoid being scammed”.

Contact the ITS Help Center at 860-486-4357 is you need assistance.

Alert: Increase in Compromises of Direct Deposit

From Multi-State Information Sharing and Analysis Center (MS-ISAC), 12/4/17

“The MS-ISAC has seen an increase in cyber threat actors sending phishing emails to K-12 public education employees for the purposes of obtaining account login information. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.

Historically, the MS-ISAC has seen this attack target the education sector and universities in particular. Though universities are still targeted, the MS-ISAC is currently seeing an increase in K-12 school incidents.”