Friday, February 28, 2020

Phishing with Viruses

The word scam in red letters with a fishing hook through the middle and at the bottom a black box with white letters spelling out the word alert

2020 seems to have come in strong by hurdling the Coronavirus (COVID-1) at us pretty quickly!
 Now that we have more information, we can take preventative steps to keep from getting sick. However, cyber criminals are now using the Coronavirus to try and steal your sensitive information and it's just as important to take preventative measures to keep your cyber presence safe as well. 




It has been reported by the World Health Organization (WHO) that they are aware of suspicious emails going out requesting personal information from people under the guise of helping to spread awareness about the Coronavirus. These emails have been identified as “Phishing” scams. Phishing is the practice of cyber criminals sending emails claiming to be from a trusted source with the intent of gaining access to your personal information such as your: usernames and passwords, credit card numbers, birthdate, or social security number.

Luckily, there are ways to prevent this from happening to you! The World Health Organization would like to remind everyone of the following: 

  1. Make sure to verify the sender by checking their email address. If it is coming from the World Health Organization (WHO) the email address should read “person@who.int”. No other email addresses are used by the WHO.  
  2. Make sure the link is correct before clicking on it. The link should only begin with ‘https://www.who.int.’If you are still unsure, do not click the link you received- open up your browser and navigate the WHO website to check if it is valid. 
  3. Be cautious when providing sensitive info. Use extra caution when giving your username and password, and credit card info out. Most of the information on the WHO website is public info and will not require a username and password. 
  4. Don't feel pressured to make any quick decisions. Cyber criminals rely on your panic instincts and will use this to try and get you to give them your personal information. Take a moment to think of whether or not it is appropriate that you are receiving this request. 
  5. If you did give sensitive information out, don't panic. Change the credentials that you gave out, as soon as you can. 
  6. If you suspect something is a scam report. Trust your gut. If you think something is wrong, report it! This will help to spread awareness about the scam and help organizations to block potential scammers. To report a scam to the WHO please follow the instructions here

While these are somewhat specific to the WHO, the preventative steps are still just as relevant to keep in mind for any other phishing scams. Make sure that you are monitoring all your accounts and report any suspicious activity or emails.

 For questions about what to do if you’ve opened a phishing scam email please check out this knowledge base article and alert ITS by emailing its@manhattan.edu or calling (718) 862-7973. 



Thursday, February 27, 2020

Friendly Reminder To Back Up Your Data


Google Drive LogoWith the convenience of the cloud and apps like Google Drive, it’s pretty easy to forget to back up your data. This is just a friendly reminder to do so!

Data on Google Drive:

Make sure that you have all of your data backed up either on your hard drive, a storage device, or a separate cloud storage service.

File Streaming:

If you are using Drive File Stream, it is very important that you are regularly checking drive.google.com to make sure that your data is syncing/saving properly. 

Once you’re logged into your google drive via web browser make sure that any files you worked on using drive file stream are present and up to date. You can access your drive via file stream or web browser on any device

Losing data can be incredibly stressful, but it is preventable! Here are some previously shared tips: 

  • Your critical data should never reside in a single place.
  • The ideal backup strategy will typically include both an online backup service (Google Drive) to ensure your data is secure no matter what happens to your mobile device or computer.
  • Running consistent, automatic backups is a straightforward process that will take a little time to set up and will require even less to maintain.
  • Backups can be configured to run in real time when files on your computer are changed.
  • Routinely test your backup solution to ensure you can recover your data in the event that you do actually need to restore from a backup.
If you have any questions or concerns about this please reference our knowledge base articles or contact the ITS Help Desk for further assistance! 

Monday, February 24, 2020

MFA updated to extend "Remember Me" for most JasperNet Services


ITS is happy to announce that the MFA requirement has been updated to to extend "Remember Me" for most JasperNet services! 🎉


You may now choose to select "Remember Me for 30 Days" for services such as: your MC email account, Banner Self Service, Banner Workflow, and Degreeworks. This means that you will only have to authenticate when logging in once every 30 days! JasperNet services with access to sensitive data such a Banner will be the only services that require you to authenticate with each login.


Banner Users: MFA now REQUIRED to access Banner and related services

As of Monday 2/24, MFA is now REQUIRED when accessing Banner and related services.  All services that require MFA are now identified by an MFA-Lock icon on the Banner main page.
Picture of Banner PROD Links

To enable DUO MFA on your JasperNet account, start by installing the DUO Mobile App and follow the instructions for configuring MFA on your JasperNet Account. 

ITS will be holding a drop-in support session in DLS 309 from 8AM-11AM for Banner users who have not yet enabled MFA on their JasperNet account.

Starting March 1st, a VPN connection will no longer be required to access Banner from off-campus!

Wednesday, February 19, 2020

DUO Users: You can now use DUO MFA with Facebook!

Manhattan College has deployed DUO Multi-Factor Authentication (MFA) to protect the JasperNet account of users who access sensitive data.  The same DUO Mobile App can now be used to protect your Facebook account as well!


To enable DUO MFA on your Facebook account, start by installing the DUO Mobile App and configuring MFA on your JasperNet Account

Once your JasperNet account has been configured to use the DUO App, follow the instructions for Facebook.


Wednesday, February 12, 2020

Access DUO MFA with your Apple Watch

Users who have enabled DUO MFA on their JasperNet Account may now use their Apple Watch to respond to Multi-Factor Authentication requests!  Contact ITS to learn more!!


Duo Push

When you receive a push notification, you'll also see the notification on your paired Apple Watch if your phone is locked. Apple Watch’s Taptic Engine is a linear actuator inside the device that produces haptic feedback, meaning it literally taps you on the wrist whenever you receive an alert or notification. That means you’ll also feel a tap whenever a login request is sent via Duo Mobile, letting you quickly log in or deny the request.
You can approve the login or deny the login request without ever touching your phone.
Apple Watch
You'll only see the Duo request on your watch when your phone is locked. Notifications won't go to your Apple Watch when your phone is unlocked.

Passcodes

You can also generate passcodes from the Duo Apple Watch app. Simply launch the app from the watch and tap an account to generate a passcode for that account.
Generate a Passcode on Apple Watch

Tuesday, February 11, 2020

Safer Internet Day: Political Campaigns Enable MFA

Teaming up with Defending Digital Campaigns on election security

Today is Safer Internet Day and [Google is] announcing a new partnership with Defending Digital Campaigns to provide federal campaigns access to free Titan Security Keys, the strongest form of two-factor authentication. Last year, the Federal Elections Commission granted special approval for DDC to offer cybersecurity services to presidential and congressional campaigns


Reposted from Google Safety and Security blog:


G Suite Update: Use Hangout Meets With Safari!

If you're Mac user who prefers to use Safari- We've got good news for you! 

If you prefer to use Safari as your internet browser you can now use Hangouts Meet. With this launch, users with Safari version 13 or higher, can now use the screen sharing function. This will make your meeting experience much simpler in your preferred browser. This is available now for all G Suite customers. 

For more information please reference this Hangout Meets Update.  


COMPLETE: Horan Hall - Brief Network Outage 2/14 at 2pm

COMPLETE: As of about 2:30pm, this generator test has been completed.

Physical Plant will be conducting a generator test in Horan Hall on Friday, February 14th at approximately 2pm.

There will be two brief outages, one while switching to generator power, the other while switching back to main power. Both wired and wireless will be affected during this generator test.

This will not affect the rest of campus.

If you have any questions, please contact ITS at its@manhattan.edu or at extension x-7973. We apologize for this inconvenience.

Monday, February 10, 2020

Multi-Factor Authentication (MFA) with Duo FAQ'S

Have some questions about the new MFA app, Duo?

ITS has created an FAQ article about MFA with Duo. Here you might be able to find some answers about why we are using Duo and how it works. ITS would like to encourage you to read through this article to help ease any MFA concerns. 

For more help, please contact ITS at its@manhattan.edu or 718-862-7973