Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Updating your personal information

Monday, June 22nd, 2020

Due to the implementation of stricter laws regarding the protection of data, Information Technology can no longer change passwords on behalf of staff and students. We therefore recommend that you use the online password self-help function. 

However, to successfully use this function, your cell phone number or external email address has to be recorded on the system. Information Technology cannot update this information since our staff are not authorised to work on the HR databases. If you information is incorrect or incomplete, you can update it by doing the following: 

  1. Staff and students can update information by signing on at http://www.sun.ac.za/useradm and updating the various fields on the first page. 
  2. Staff can contact Human Resources by sending an email to sun-e-hr@sun.ac.za or contact them at 021-8082753.
  3. Students can contact Client Services by emailing info@sun.ac.za or contact them at 021-8089111.

More detailed information on the password self-help function.

 

Phishing scam from a forged email

Thursday, May 14th, 2020

We are almost all in lock down and less careful with cyber security. The scammers know this and are launching numerous attacks taking advantage of the “work-from-home” situation we find ourselves in. A number of personnel have reported getting e-mails from “Prof. Jimmy Volmink” asking for assistance and are not spotting the tell-tale signs of a phishing scam.

Here is the mail:

  1. Notice that although it looks like Prof Volmink sent it, the email address is not correct.
  2.  Secondly Prof Jimmy is a very approachable person, but he is always professional in his communication so he would never say “Are you free for now”. Nor would he say something like this: (if you did respond to his mail)
    “I am currently in a meeting and I don’t know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible”.

This is a spear-phishing attack where an institution is directly attacked by impersonating prominent or public figures within the university (like the Dean) to gain access to the university network. This is an especially effective means of attack with everybody at home in lock down, where our guard is down and we are more relaxed. There was a very similar attack in September 2019, using the same tactics.  

Prof Volmink’s account has not been compromised. Phishers are just trying to fool us into thinking that prominent members in our leadership are emailing us asking for assistance, but they are not. It is a scam.

Over the next few days be on the lookout for similar mails that look like they coming from other people within the university.

If you do get mail like this be sure to report it to IT ASAP so they can block the attack and help people who have become victims.

Please immediately report such phishing scams and spam by reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115.​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password  or www.sun.ac.za/useradm ) and change your password immediately. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

 

Sun email for personal purposes

Tuesday, May 12th, 2020

Recently some staff have been caught off-guard by emails from cyber criminals trying to exploit them by threatening to release sensitive video material. The sender of this email does not have any video material, but tries to be psychologically manipulative and convince the receiver that he does. Unfortunately he also refers to the email receiver’s sun email address and a password they used at some stage.

This is not because the university’s network has been compromised. It happens because staff and students also use their sun address in a personal capacity. We highly discourage you to do this. In this case someone used their sun address on a website, for example Ster Kinekor, whose database was, at some stage, compromised. Subsequently cyber criminals gained access to the username and password. This gave them access to the person’s Ster Kinekor’s (or whichever site it was) information, but also – and this is more dangerous – to the person’s potential information everywhere he reused the email address and specific password. This includes Stellenbosch University sites and applications, including the financial and HR system. Of course, it the password has been changed over time, it will be useless. However, this remains an enormous risk.

Please note the following: 

  1. Never use your sun email address for anything except for University applications. If you need to send personal emails, rather consider getting a free email account, for example, Gmail. Separating your business and personal activities is better security practice in the long run and will protect you and the University network.
  2. Keep in mind that according to the Electronic Communication Policy which all staff and students agree to when they register their usernames each year, you’re not allowed to use your sun address for personal communication and that the University owns any communication sent via email. If needed, University management has the right to access any material in your email or on your computer.  
  3. If you receive an email as mentioned above, for safety sake, go and change your login details and passwords on any sites where you are registered with your @sun address.

Illegal software on SU devices

Tuesday, May 12th, 2020

Stellenbosch University devices are equipped with the necessary software for our staff to perform their work effectively. This includes the latest operating system; all the Microsoft applications (Office 365, including Word, Excel, PowerPoint, etc.), Adobe Acrobat Professional, TeraTerm and the necessary Antivirus software. Licenses for specialist software can also be purchased through the IT department, will fall under the University’s educational license and therefore be less expensive than a license bought in a personal capacity. These include Adobe Creative Cloud; MatLab and Statistica, among others.

Installing and using this software is essential for staff, however some of our staff use their SU devices for their own personal use and subsequently download and install non-supported as well as illegal software on their PCs.  This includes games and illegal series or movies.

Not only does this put the University’s network at a high risk security-wise, it also puts the University at risk legally. Even if Information Technology does not install the software, we are still being held responsible for it if it’s an SU asset and it runs on our network. 

The fight against illegal software and piracy is mainly fought by the BSA. The Business Software Alliance (BSA) confronts companies that use or distribute illegal
software. Read BSA’s statement on illegal software. 

Therefore we kindly request that you ensure that if you install software, it’s safe and legal to use. Otherwise it might have implications for you and the University.

What is MFA?

Tuesday, May 12th, 2020

Security risks and innovative cyber criminals are nothing new, however, when we work from home, these risks increase expeditiously. . The only way we can combat security breaches is by adding extra measures of which Multi-factor authentication (MFA) is one. Within the next few months Information Technology will be implementing MFA for all staff and students. This will be done in a phased approach. But first, let’s explain what MFA is.

WHAT IS MULTI-FACTOR AUTHENTICATION (MFA)?

Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data.  

Specifically, it enhances the security of your UserID by using your phone, tablet or other device to verify your identity when you attempt to access Stellenbosch University’s network and resources.  

It takes two items to access and update your information: “something you know” (e.g. your password) and “something you have” (e.g. your phone). For example, when you visit an ATM, one authentication factor is the ATM card you use to start the transaction – that’s the “something you have.” Next, you enter a PIN, which is the “something you know.” Without both these factors, your authentication will fail.  

WHY DO I NEED TO USE MFA?  

Passwords are becoming increasingly easy to compromise. They can be stolen, guessed and hacked and new technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable. You might not even know who else has your password and is accessing your accounts.  

In addition, experience has shown that people are not as good at recognising malicious email as you might think. Every day, members of the Stellenbosch University community fall prey to cyber scams.  

We must take steps to ensure that we are more than just a single click away from having our pay check stolen or becoming a victim of identity theft.  

Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the UserID and password step — MFA never uses or even sees your password. 

Read more on MFA: 

Back to basics: Multi-factor authentication (MFA)

What is Multi-factor authentication? And why is it important?

 

 

© 2013-2020 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.