Kansas State University

search

IT News

Category: Cybersecurity

Protect your online privacy

Posted on by Cathy Rodriguez

""The Internet touches almost all aspects of our daily lives. We can shop, bank, connect with family and friends, and handle our medical records all online. These activities require you to provide personally identifiable information (PII) such as your name, date of birth, account numbers, passwords, and location information. Be diligent when sharing personal information online to reduce the risk of becoming a victim of a cybercrime.

Tips to stay safe online

  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
  • Shake up your password protocol. Use the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each account.
  • Keep up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run regular scans.
  • Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to trick their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks “phishy,” do not respond, and do not click on any links or attachments found in that email. When available, use the “junk” or “block” option to no longer receive messages from a particular sender.
  • Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab a coffee. Many people don’t realize that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
  • Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
  • Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with the appropriate staff to ensure that the network is legitimate. If you use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) requiring passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking.

If you receive a questionable email and prefer to play it safe, you can send it to abuse@ksu.edu. K-State’s IT Security Team will investigate the email and inform you if it is legitimate.

When to use K-State’s VPN

Posted on by Christine Doucette

Are you traveling for work this summer? Remember to use GlobalProtect, K-State’s Virtual Private Network (VPN). When working offsite, the VPN should be used when you need to access protected proprietary and confidential data and campus resources. From off-campus, use the VPN to connect to campus resources securely.

To use the VPN software, you must be a K-State student or employee with an active K-State eID and internet connection.

Continue reading “When to use K-State’s VPN”

Increased phishing scams expected in July

Posted on by Christine Doucette

""The Better Business Bureau is warning of increased phishing scams related to Amazon Prime Day, online, and brick-and-mortar stores with special sales during July. Phishing is a way cybercriminals try to trick you into sharing personal information, such as passwords, credit card numbers, social security numbers, or bank account numbers, by sending you fraudulent emails or directing you to a fake website.

In addition to the regular phishing scam attempts this month, cybercriminals are sending phishing emails urging people to “click on a link to confirm their order” or “click on a link to confirm their mailing address.” DO NOT click on those links. If you are concerned about an order, you can always sign in to your Amazon or other online accounts to check your order status. Remember, legitimate businesses will NEVER ask for your account, personal, or financial information by email. Continue reading “Increased phishing scams expected in July”

Cybersecurity: Stay safe while traveling

Posted on by Cathy Rodriguez

""It’s that time of year when many are going on vacation or planning to do so. It’s important to prioritize cybersecurity, even when you’re on vacation.

By taking a few simple precautions, you can enjoy your vacation without compromising your online security. Follow some simple practices to keep you safe from cybercriminals.

Continue reading “Cybersecurity: Stay safe while traveling”

North Korea using social engineering to hack universities

Posted on by Christine Doucette

""In light of recent developments in the cybersecurity landscape, the Division of Information Technology (IT) feels it is imperative to communicate the evolving threats to our community. One such concern involves a North Korean group known as Kimsuky, a state-sponsored cyber threat actor notorious for their sophisticated spear-phishing attempts. Spear-phishing is a targeted form of phishing where the attacker impersonates a known or trusted entity to deceive individuals into revealing sensitive information. Continue reading “North Korea using social engineering to hack universities”

Increased SMS text phishing attempts

Posted on by Christine Doucette

""In collaboration with the Office of Private Sector (OPS), the FBI San Francisco Field Office has recently issued a report highlighting a surge in “smishing” attempts. Smishing (or SMS text phishing) is a fraudulent practice where text messages trick individuals into divulging sensitive information. This can range from personal and financial information to company-specific data and employee credentials.

These threat actors often pose as fellow employees or company leaders to persuade recipients to share sensitive data. This information can then be used for various criminal activities, including financial gain, further breaches at a company, or even targeting other employees. Continue reading “Increased SMS text phishing attempts”

K-State will begin using geolocation for increased security on June 12

Posted on by Christine Doucette

""

K-State will begin using geolocation to assist in safeguarding accounts from being compromised by utilizing IP information on computers and mobile devices on Monday, June 12. With geolocation, users will be alerted of suspicious attempts to access K-State accounts. If suspicious activity is recognized, the user will receive an email notification of the activity with recommendations on the next steps, which could include updating account passwords.

Continue reading “K-State will begin using geolocation for increased security on June 12”

Duo student spring enrollment was a success

Posted on by Christine Doucette

During the spring semester, K-State began enrolling students in Duo two-factor authentication. Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords.

The Division of Information Technology would like to thank faculty and staff for educating students about the importance of two-factor authentication and reminding them to enroll in Duo. Continue reading “Duo student spring enrollment was a success”

Beware of phishing scams

Posted on by Cathy Rodriguez

""Phishing is a way cybercriminals try to trick you into sharing personal information, such as passwords, credit card numbers, social security numbers, or bank account numbers, by sending you fraudulent emails or directing you to a fake website.

K-State is frequently targeted for phishing scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of “false emergency” emails, including:

  • Fake job advertisements
  • Upgrade your webmail account
  • Your mailbox storage limit is full
  • Your data, photos, etc. will be lost

These are all scams. K-State will NEVER ask for your password in an email. Do not reply to these scam emails, or click a link in an email and fill out a form with your eID and password.

Abide by one simple rule, and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email!  Continue reading “Beware of phishing scams”

Records and Information Management month: email records management

Posted on by Christine Doucette

As part of Records and Information Management Month, the Division of Information Technology and K-State Libraries share information about various records and information management topics. This week’s focus is on email records.

Every K-State employee is individually responsible for handling and maintaining records (including University email and other electronic records) under University policy and requirements. Emails are records that may contain evidence of official University actions, decisions, approvals, or transactions. Email is subject to statutes of the State of Kansas, KSA 45-401 through 45-414, which applies to preserving and destroying records.

Email Records Frequently Asked FAQs provide guidance for creating, managing, archiving, and deleting emails. In addition, retention periods are listed on the Records Retention Schedule.

Continue reading “Records and Information Management month: email records management”