Every day Lawrence faculty, staff and students are exposed to many attempts to compromise their accounts, computers and mobile devices. These attacks are constantly evolving as the cyber criminals adapt to changes in technology, work harder to create “smarter” scams and come up with new methods of making or stealing money.
At Lawrence, we have seen several of these new attacks on campus. A few examples include very targeted spear phishing email messages that appear to come from cabinet members requesting sensitive information via email, email messages that appear to come from coworkers requesting recipients to open infected attachments and computer infections that attempt to encrypt all the data on a computer and network share folders (with the goal of demanding payment to unlock your data).
The most important thing to know about information security is that YOU are the target of the cyber criminals. The easiest way for these criminals to make money is to target individuals and smaller organizations like Lawrence. The two most common methods computers are compromised is by clicking on links or attachments in email messages or by using a search engine such as Google to search for something online and then clicking on compromised links in the search results.
How can you tell if this message is legitimate and if it is safe to click the links below?
- Check the sender and reply to address in the message. If you hit reply does it look like the reply is going to a real Lawrence email address? See the third bullet point below even if it looks right!
- Hover your mouse over the links—does the pop-up link match the link shown and does it make sense? Is it a lawrence.edu site?
- Check the subject of the message. Our email system will flag messages in the subject line with [Warning: Possible Fraud] if they were sent to appear as if they came from on campus but originated from OFF campus. Be very careful with these messages.
- To be extra safe—just retype the link into your browser instead of clicking on it!
In an effort to reduce the risk of security breaches, Lawrence has invested in a security awareness training program to help protect the campus from information security threats. Lawrence has significant amounts of sensitive data about our students, employees, alumni and donors, thus we all must work together to make sure we do everything we can to protect this information. This training is updated each year to include information about these new attacks, so it is important that we all complete it annually.
While this training is very important to protect ourselves and the university, please note that this annual, online training is required for employees in departments that have access to the most sensitive data or credit card information. All staff in Human Resources, Financial Services, Technology Services, Alumni & Development, Registrar’s Office, Admissions, Financial Aid and Research Administration must complete this entire training course. In addition, if you process or handle credit card information in any way, you must complete the training. Please complete the training by the end of October.
You can complete the online security awareness training anytime by going to http://go.lawrence.edu/bhdp. Log in using your network/email username and password. The online security awareness training takes about 45 minutes to complete and consists of a series of videos with questions at the end. Your progress and completion of the training will be automatically recorded. This training is delivered using Moodle, the campus learning management system.
If you have any questions regarding this training, please contact the Helpdesk at 920-832-6570 or reply to this message.
Steve Armstrong
Technology Services
For those that want to know more: Passwords & Password Managers
One topic that comes up frequently is passwords and how to manage them. Here are some key points to remember and a link to additional resources on this topic.
- Do not use the same password (or a version of the same password) for multiple accounts or websites.
- Use as long and complex a password as possible. Strongly consider using passphrases instead of passwords.
- Use a password manager.
Learn more about all of these topics, including a link to a review of five popular password managers, at the Technology Services information security page at http://go.lawrence.edu/infosec.