Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Reminder to enrol for MFA

Tuesday, September 8th, 2020

Last month we told you about the planned implementation of MFA (Multi-factor Authentication). Thank you to the 28 671 staff and students who have already enrolled to use MFA..

If you are still unsure what MFA entails, here is some information

Although we have not activated MFA yet, soon all staff and students will be required to use multi factor authentication when using any of the Microsoft 365 applications (Outlook, Sharepoint Online, OneDrive for Business, etc.) to protect their information university’s network. If you haven’t enrolled yet, we strongly advise you do so as soon possible by following these steps.

If you have any questions first consult our FAQs and if this does not answer your question, please log your request on our ICT Partner Portal and a technician will contact you. If you have any questions you would like to add to our FAQs, you’re welcome to send an email to help@sun.ac.za and we’ll add them to the list.

Multi-factor authentication (MFA) FAQs

Thursday, August 6th, 2020

Information Technology recently enabled MFA for our staff and students. From mid-August all staff and students will be required to use multi factor authentication to secure their information and the university’s network. 

FREQUENTLY ASKED QUESTIONS 

What is MFA?  

Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if someone else knows your password. This will mean that, for certain services, you will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or staff member. More about MFA here. 

Why is it so important that I enrol for MFA?  

By enrolling for MFA, you ensure that your account is more secure. 

How do I enrol for MFA? 

By following the steps set out in the .pdf document. 

What must I do if the document does not open? 

If the document does not open, it could be due to a slow internet connection or you do not have a PDF reader (e.g. Adobe Acrobat) installed. Please also clear your browser history or try to open the link in a different browser.  

How can a PDF reader be installed? 

Please raise a request on the ICT Partner Portal that is available at https://servicedesk.sun.ac.za  

What can I do if I have problems to enrol for MFA? 

If you are struggling to enrol for MFA, please log a request on the ICT Partner Portal and a technician will contact you.  

When do I have to enrol for MFA? 

Please enrol for MFA as soon as possible. You have a choice to enrol for 14 days after the email was sent to you from IT communication. After the 14 days have passed you will not have a choice and you will have to enrol for MFA. 

How will I know that I have successfully enrolled for MFA? 

A confirmation message will be displayed on the last screen of the enrolment process. 
You are now enrolled for Multi Factor Authentication via SMS.

What must I do if I don’t see the  screens as indicated on the enrolment document? 

Raise a request on the ICT Partner Portal at https://servicedesk.sun.ac.za  

Will I be charged for the MFA authentication SMS’s? 

No, the SMS’s are at the cost of the University. 

Can I enrol for MFA if I stay in an area without cell phone signal? 

No, you need a cellphone with reception to enrol for MFA.

Which IT services will be activated for MFA? 

Communication will be sent by IT communications to inform staff and students about the services that will be activated for MFA. 

What will happen if a service is activated for MFA? 

Before you can access the service you will be requested to enter the one-time pin number that will be sent to the cell phone number that you have indicated during the enrolment process. 

Enrol for MFA

Monday, July 27th, 2020

We are well aware of the growing risks of working online – whether it’s at our offices or at home as we’ve been doing recently. The downside of working from home is that it opens opportunities for cyber-attacks and security risks are higher.  You can easily fall prey to these security risks when there are more distractions and concerns than usual while working from home.

To protect our staff and students from security attacks in our current situation, as well as when we return to our offices one day, it is important to implement extra security measures. Information Technology has been researching and testing multi factor authentication or MFA over the past few months as an additional measure to protect personal information and data. Read more about MFA here or watch the explanatory video by tech expert Tom Scott.

In short, this will mean that, for certain services, you will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or staff member. 

By mid-August all staff and students will be required to use multi factor authentication to secure their information and the university network. Although MFA is not mandatory at the moment, you can already enrol by​ following these steps.

If you have any questions first consult our FAQs and if this does not answer your question, please log your request on our ICT Partner Portal and a technician will contact you.

Updating your personal information

Monday, June 22nd, 2020

Due to the implementation of stricter laws regarding the protection of data, Information Technology can no longer change passwords on behalf of staff and students. We therefore recommend that you use the online password self-help function. 

However, to successfully use this function, your cell phone number or external email address has to be recorded on the system. Information Technology cannot update this information since our staff are not authorised to work on the HR databases. If you information is incorrect or incomplete, you can update it by doing the following: 

  1. Staff and students can update information by signing on at http://www.sun.ac.za/useradm and updating the various fields on the first page. 
  2. Staff can contact Human Resources by sending an email to sun-e-hr@sun.ac.za or contact them at 021-8082753.
  3. Students can contact Client Services by emailing info@sun.ac.za or contact them at 021-8089111.

More detailed information on the password self-help function.

 

Phishing scam from a forged email

Thursday, May 14th, 2020

We are almost all in lock down and less careful with cyber security. The scammers know this and are launching numerous attacks taking advantage of the “work-from-home” situation we find ourselves in. A number of personnel have reported getting e-mails from “Prof. Jimmy Volmink” asking for assistance and are not spotting the tell-tale signs of a phishing scam.

Here is the mail:

  1. Notice that although it looks like Prof Volmink sent it, the email address is not correct.
  2.  Secondly Prof Jimmy is a very approachable person, but he is always professional in his communication so he would never say “Are you free for now”. Nor would he say something like this: (if you did respond to his mail)
    “I am currently in a meeting and I don’t know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible”.

This is a spear-phishing attack where an institution is directly attacked by impersonating prominent or public figures within the university (like the Dean) to gain access to the university network. This is an especially effective means of attack with everybody at home in lock down, where our guard is down and we are more relaxed. There was a very similar attack in September 2019, using the same tactics.  

Prof Volmink’s account has not been compromised. Phishers are just trying to fool us into thinking that prominent members in our leadership are emailing us asking for assistance, but they are not. It is a scam.

Over the next few days be on the lookout for similar mails that look like they coming from other people within the university.

If you do get mail like this be sure to report it to IT ASAP so they can block the attack and help people who have become victims.

Please immediately report such phishing scams and spam by reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115.​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password  or www.sun.ac.za/useradm ) and change your password immediately. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

 

 

© 2013-2020 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.