Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Why is MFA essential?

Tuesday, November 30th, 2021

Security risks and innovative cyber criminals are nothing new, however, when we work from home, these risks increase expeditiously. The only way we can combat security breaches is by adding extra measures of which multi-factor authentication (MFA) is one. 

Information Technology is currently rolling out MFA. Most staff and students have already registered. If you haven’t, we ask that you urgently do so as all users will require to use MFA to access some services. The first services that will need MFA authentication are the Microsoft365 applications. These include Outlook and Teams.

A guide on how to register is available at the bottom of this article and everything you need to know about MFA at Stellenbosch University can be found on our service catalogue.

WHAT IS MULTI-FACTOR AUTHENTICATION (MFA)?

Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data.  

Specifically, it enhances the security of your UserID by using your phone, tablet or other device to verify your identity when you attempt to access Stellenbosch University’s network and resources.  

It takes two items to access and update your information: “something you know” (e.g. your password) and “something you have” (e.g. your phone). For example, when you visit an ATM, one authentication factor is the ATM card you use to start the transaction – that’s the “something you have.” Next, you enter a PIN, which is the “something you know.” Without both these factors, your authentication will fail.  

WHY DO I NEED TO USE MFA?  

Passwords are becoming increasingly easy to compromise. They can be stolen, guessed and hacked and new technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable. You might not even know who else has your password and is accessing your accounts.  

In addition, experience has shown that people are not as good at recognising malicious email as you might think. Every day, members of the Stellenbosch University community fall prey to cyber scams. Imagine you work on the University’s financial system. You click on what seems to be a legitimate email, typing in your username and password. A criminal now has your login details and can access everything you can access – including, potentially, bank details. In this way HR systems can be accessed and hacked preventing salaries from being paid paid out, etc. The possibilities are endless if someone has usernames and passwords. 

We must take steps to ensure that we are more than just a single click away from having our pay check stolen or becoming a victim of identity theft.  

Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the UserID and password step — MFA never uses or even sees your password. 

HOW DO I REGISTER FOR MFA?

You can register for MFA by following the steps in this guide.

Read more on MFA: 

MFA FAQ’s

Back to basics: Multi-factor authentication (MFA)

What is Multi-factor authentication? And why is it important?

Video on MFA by tech expert Tom Scott.

Phishing scam from compromised university account

Tuesday, November 23rd, 2021

Please keep an eye out for an e-mail from a sun email address with the subject line of FYI_Order/Approval. 

It is a phishing scam with a link to a website that is designed to compromise security and steal details such as banking details, login names and passwords. 

The owner of the affected account has already put an Out-of-office notification on her account telling people to ignore the mail sent from her account, but the account is probably still compromised and under the control of the scammers.

Once in the university domain the scammers will continue to attack the university network to steal more information or to obtain bank account details, etc.

Here is an example of one of the mails:

 

Please report this phishing mail if you receive it from the above mentioned address or any other sun address. Here is how you report it:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115.​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​ Please add the suspicious email as an attachment to the request.

​​~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm and change your password immediately.) Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts. Contact the IT Service Desk if you are still unsure. 

[ARTICLE BY DAVID WILES]

Upgrade to Office 365 and Windows 10

Wednesday, November 3rd, 2021

Microsoft recently sent out a notification that some versions of Office 2013 and Office 2016 may experience connectivity issues due to the retirement of support for these versions. It is therefore imperative that all users who still use  Office 2013 and Office 2016 immediately upgrade their Office software to Office 365. 

Users whose devices are still using Windows XP, Windows 7 and Windows 8 as operating systems are also required to urgently upgrade their devices as this software is no longer supported by Microsoft.

Benefits of upgrading your software

With the challenges we’ve faced over the few months, why do we have to sacrifice valuable time to have my software upgraded?

New malware is released daily, putting your data and the University at risk.  So, apart from gaining new features by updating your software you are also protected from outsider threats as the new software has better security features, is more reliable and has better performance. 

When must I do this?

We recommend that users do this upgrade as soon as possible to ensure that you don’t fall prey to malware and lose valuable data.

Who will help me with the upgrade?

A support ticket can be logged on the ICT Partner Portal.  As soon as the ticket is logged, you will receive a reference number via email after which an IT technician will contact you to arrange an appointment to assess if an upgrade is possible on the device.

[Article by Ronel Reynecke]

­­­­­­­­­­­­­­­­­­­­­­­

Information Security Awareness Training

Tuesday, October 5th, 2021

Part of living in a connected world is understanding that our private information is more vulnerable. ID theft and data breaches are no longer isolated incidents, they happen every single day.

So why would a university be targeted?

Universities hold a great deal of information that could be exploited if it gets into the wrong hands. This information includes personal details and research data.

Consequences and why it matters:

Though not all data security incidents will lead to the loss or theft of information, they will expose information to unwanted risk.

A full data security breach will involve a known disclosure or inappropriate access to information, which is a more serious incident. Any data security incident could potentially be disastrous for both you and the institution.

In an effort to create awareness around some of the typical hacks that we all fall prey to, we have made an Information Security Awareness training programme available. This is a self-study programme with fun quizzes in-between. This is by no means a programme that you will need to have a pass record. This course is strictly informational so that you will have the necessary tools when it comes to Information Security.

To access the course, go to https://learn.sun.ac.za. When the SUNLearn main page opens, click on the “Information Security Awareness Training” link and log in with your network username and password. If you’re successfully logged in, scroll down and click on the “Enrol me” button to enrol yourself for the course and to access the training material.

If you are unable to log on to SUNLearn and you are certain that the network credentials you have entered are correct and active, please log a request via https://learnhelp.sun.ac.za for SUNLearn support.

 

 

 

 

 

Why is cyber security important?

Tuesday, October 5th, 2021

Cyber security is the skill and ability of protecting networks, devices, and data from unlawful access or criminal use and the practice of guaranteeing confidentiality, integrity, and availability of information.

Communication, transportation, shopping, and medicine are just some of the things that rely on computers systems and the Internet now. Much of your personal information is stored either on your computer, smartphone, tablet or possibly on someone else’s system. Knowing how to protect the information that you have stored is of high importance not just for an individual but for an organisation and those in it.

Did you know that:

  • As of 2021, there is a ransomware attack every 11 seconds, up from 39 seconds in 20191,2
  • 43% of cyber-attacks target of small businesses, and they have grown 400 percent since the outbreak began

More tips and resources can be found here

The US government’s Cybersecurity and Infrastructure Security Agency has made a collection of tip sheets available for use. These downloadable PDF documents contain all the information you need to protect yourself from cyber security risks in a convenient, compact format. 

More tips and resources can be found here

[SOURCE:  Cybersecurity and Infrastructure Security Agency, United States Government

 

© 2013-2022 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.