The 3rd Annual Staff & Faculty Appreciation Picnic kicked off today at noon with music, food and prizes! We rounded up a few of the best #pittpicnic posts and videos from Twitter, Instagram and Facebook!







Just a little happy 😊 #pittpicnic

A post shared by Amy Kleebank (@akleebank) on

Big thanks to the Chancellor and all volunteers for another terrific #PittPicnic!

A post shared by Staff Association Council (@sacatpitt) on

Celebrating Pitt! #pittpicnic

A post shared by Pitt Univ Registrar (@pittregistrar) on

Thanks to Chancellor Gallagher for today’s Staff and Faculty Picnic! #PittPicnic #H2P

A post shared by Pitt SHRS (@shrspitt) on

Check out our latest website launch!

The University hosts visitors from academia, private and public sectors, industry, and government to participate in research, educational and other scholarly activities. The Academic & Research Visitors website exists to provide assistance to visitors before and during their stay as well as assistance to University faculty and staff when bringing short and long term visitors to campus.

The new website is maintained by the Office of Export Controls and works closely with associated departments and groups.

visitor-device-view

Our latest project has just been completed!

The Global Operations Support website exists to provide guidance and support to faculty and staff who will be either conducting work outside the United States or are coordinating international work domestically on behalf of the University. You will find information on travel, conducting research, business processes, international payment information and inter-institutional collaborative efforts.

The new Global Operations Support Manager is under the University Center for International Studies and works closely with associated departments and groups.

URL: www.globaloperations.pitt.edu

Global Operations Screenshot

One of the most common methods that cybercriminals use to gain sensitive information is known as ‘phishing’. Phishing occurs when you receive a message requesting personal information (social security number, email address, birthday, etc.) that appears to come from a reputable source (your bank, business, etc.). Phishing attacks come in different types (spear phishing, whaling, clone phishing, etc.), but the general premise remains the same.

While most phishers are primarily looking to steal your personal information, phishing is also a method used by hackers to install malware onto your computer.

Phishing attacks have become very sophisticated, but they are still vulnerable to a watchful eye and a little common sense. Since your personal data and security are at stake, it is extremely important to know how to identify phishing, and to know what steps to take if you think you are the target of a phishing attack.

How to Identify a Phishing Attack

Inconsistent Email Address

Here’s a typical example of what a phishing email might look like. Take a close look at the sender’s information and email address. In the above example, note that the sender is S-tandard Bank. Also, the email domain “alert-std.co.za” does not match the format at the bottom of the message, “standardbank.co.za.”

phishing1

False Sense of Urgency

Note that the email from “Amazon,” states “***DON’T WAIT! The Link Above Expires on 12/28!” Scammers try to create a false sense of urgency to get you to react quickly and emotionally. Always take a couple extra seconds to really examine what you are reading before clicking any links.

Note again how the email address does not end in “amazon.com.”

phishing2

Questionable Information Requests

Phishing attacks will frequently ask for information that they either don’t need or should already have. As a rule, reputable businesses will never ask for your account name, account number, password, Social Security number, etc. There was a recent phishing scam that appeared to come from the IRS, asking for account information from the victim’s financial institutions. If there’s anyone that doesn’t send emails like this, it’s the IRS.

If You Suspect Phishing

There are a number of steps that you can take if you suspect that a message you have received is a phishing attack.

  1. Verify the identity of the sender. For example, if you receive an email that looks like it’s from PNC Bank, call or email their customer support team to confirm. It’s important not to reply to the email itself, as any links in the message will not point back to a legitimate business entity. If it looks like a friend or coworker sent the message, follow up with them in a separate email (again, do not reply to the original message).
  2. Change any relevant passwords. Changing your password is almost never a bad idea, and having unique passwords for each site/service that you use is a best practice.
  3. Go back to the official source. Try to always directly type the web address of the site you want to access in your browser, instead of clicking on links from emails or social media networks. As mentioned, avoid links in the original message, as they will most likely redirect to a fraudulent site.
  4. Trust your instincts and err on the side of caution. If an email or website doesn’t look or “feel” right, there’s probably a reason.

If you think that your work email has been targeted by a phishing attack, please contact FIS via our Support Portal, or call us at 4-FIS1. If your personal email address has been targeted, please report it to any of the following agencies:

For More Information

For additional background and tips, check out the articles in the FIS Knowledge Base, or read any of the following:

A list of the Worst Passwords of 2015 was published this month by SplashData, a company specializing in password management software.

Password List

If your passwords are among the those listed or similar, it might be time to consider creating and utilizing stronger passwords. FIS has multiple Knowledge Base articles to assist with the creation of secure passwords.

Creating a Strong Password

Avoid dictionary words but consider password phrases, repeated characters, and patterns found on a typical keyboard.

Save the spouse’s, child’s, pet’s names and other personal information for security questions for two-step authentication, but choose the ones that are most unique to you and least guessable. Consider what information regarding such answers can easily be found on your social media profiles.

Be sure to include at least three of the following four character types in your passwords – even if the account in question does not require them and it is possible to include them:

  • Uppercase letters (A through Z)
  • Lowercase letters (a through z)
  • Numerals (0 through 9)
  • Non-alphabetic, special characters (!, $, #,%, and others)

Learn about Accounts & Passwords on the FIS Knowledge Base.

Frequently Asked Questions about Passwords

Browse the Password Security Articles or read through the Password FAQ if you have questions such as:

  • Why does my password expire and why do I have to change it?
  • Why does my password need to be so long?
  • Why shouldn’t I use common words for my password? They are easier for me to remember.
  • Why shouldn’t I use personal names or numbers for my password?

Password Expiration

FIS ensures that our customers change their passwords every 60 days, or approximately 2 months. This is to ensure that if a hacker obtains an encrypted password, there is a chance that it will be changed by the customer before the hacker enters the account.

Not all accounts that require a password require customers to change their passwords after a set amount of time. However, it could be a good habit to bring in the new year to change your passwords every two months or so!

Read more about University Accounts and Password Durations.

Changing Your FIS Password

Questions about changing your FIS Password? Consult the Changing Your FIS Password Article to familiarize yourself with the ways in which you can change you password:

  • The Windows Change Password Screen – a voluntary way to change your password
  • At the initial login message when your password has expired
  • Call FIS Customer Support to reset it

 

 

Our latest project has just been completed! PR Website 2

The Policy Review Committee for Patents, Copyright and Conflict of Interest is charged with reviewing and rewriting the University’s policies on patents, copyright, and conflict of interest to be aligned and supportive of improving the ability of our faculty to work productively with external partners and effectively translate research and scholarship in ways that will support the University’s shared goal of enhancing the beneficial impact of our work on society. The committee is committed to actively engaging the Pitt community in the policy review process and encourages continual feedback and suggestions.

This website functions as a portal for faculty, staff, and students to learn information about these policies, to stay up-to-date with the activities and progress of the committee, and to provide input into these policy changes.

URL: www.policyreview.pitt.edu

 Brought to you by SecuringTheHuman.org, FIS’ Security Awareness Training partner.

Anti-Virus

A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. Anti-virus cannot detect all malware, so even if it is active, your system might still get infected. Anti-virus can also be used at the organizational level. For example, email servers may have anti-virus integrated with it to scan incoming or outgoing email. Sometimes anti-virus tools are called ‘anti-malware’, because these products are designed to defend against various types of malicious software.

Drive-by Download

These attacks exploit vulnerabilities in your browser or its plugins and helper applications when you simply surf to an attacker-controlled website. Some computer attackers set up their own evil websites that are designed to automatically attack and exploit anyone that visits the website. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack.

Exploit

Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or applications.

Firewall

A security program that filters inbound and outbound network connections. In some ways you can think of firewalls as a virtual traffic cop, determining which traffic can go through the firewall. Almost all computers today come with firewall software installed. In addition, firewalls can be implemented as network devices to filter traffic that traverses through them.

Malware – Virus, Worm, Trojan, Spyware

Malware stands for ‘malicious software’. It is any type of code or program cyber attackers use to perform malicious actions. Traditionally there have been different types of malware based on their capabilities and means of propagation, as we have listed below. However these technical distinctions are no longer relevant as modern malware combines the characteristics from each of these in a single program.

  • Virus: A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, spread through human interaction, such as opening an infected file or application.
  • Worm: A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks, though they can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today.
  • Trojan: A shortened form of “Trojan Horse”, this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
  • Spyware: A type of malware that is designed to spy on the victim’s activities, capturing sensitive data such as the person’s passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim’s keyboard activity and transmitting the captured information to the remote attacker.

Patch

A patch is an update to a vulnerable program or system. A common practice to keep your computer and mobile devices secure is installing the latest vendor’s patches in a timely fashion. Some vendors release patches on a monthly or quarterly basis. Therefore, having a computer that is unpatched for even a few weeks could leave it vulnerable.

Phishing

Phishing is a social engineering technique where cyber attackers attempt to fool you into taking an action in response to an email. Phishing was a term originally used to describe a specific attack scenario. Attackers would send out emails pretending to be a trusted bank or financial institution, their goal was to fool victims into clicking on a link in the email. Once clicked, victims were taken to a website that pretended to be the bank, but was really created and controlled by the attacker. If the victim attempted to login thinking they were at their bank, their login and password would then be stolen by the attacker. The term has evolved and often means not just attacks designed to steal your password, but emails designed to send you to websites that hack into your browser, or even emails with infected attachments.

Social Engineering

A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.

Spam

Unwanted or unsolicited emails, typically sent to numerous recipients with the hope of enticing people to read the embedded advertisements, click on a link or open an attachment. Spam is often used to convince recipients to purchase illegal or questionable products and services, such as pharmaceuticals from fake companies. Spam is also often used to distribute malware to potential victims.

Spear Phishing

Spear phishing describes a type of phishing attack that target specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling the victims.

Vulnerability

This is any weakness that attackers or their malicious programs may be able to exploit. For example it can be a bug in a computer program or a misconfigured webserver. An attacker or malware may be able to take advantage of the vulnerability to gain unauthorized access to the affected system. However, vulnerabilities can also be a weakness in people or organizational processes.

Shared ResponsibilityMarking its fifth year on October 1, STOP. THINK. CONNECT. is simple, actionable advice that everyone can follow to stay safer and more secure online. National Cyber Security Awareness Month will launch with a focus on making this basic advice a guiding principle so that we can navigate the Internet ‒ and our digital lives ‒ safely and more securely.

STOP: make sure security measures are in place.
THINK: about the consequences of your actions and behaviors online.
CONNECT: and enjoy the Internet.

Below are tips and advice on staying safe, securing your devices and being a good online citizen.

Keep a Clean Machine Keep a Clean Machine

  • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, your smartphones, gaming systems and other web‐enabled devices also need protection from viruses and malware.
  • Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information Protect Your Personal Information

  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals.
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
  • Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

Connect With Care Connect with Care

  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the ways cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark as junk email.
  • Get savvy about Wi‐Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your $$: When banking and shopping, check to be sure the sites is security-enabled. Look for web addresses with “https://,” which means the site takes extra measures to help secure your information. “Http://” is not secure.

 Be Web Wise Be Web Wise            

  • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, share with friends, family and colleagues and encourage them to be web wise.
  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

Be a Good Online CitizenBe a Good Online Citizen

  • Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
  • Post only about others as you have them post about you.
  • Help the authorities fight cybercrime: Report stolen finances, identities and cybercrime to http://www.ic3.gov (the Internet Crime Complaint Center) and http://www.onguardonline.gov/file-complaint (the FTC).

Visit http://www.stopthinkconnect.org for more information.

October is designated as National Cyber Security Awareness Month. cultreofcybersecurity

Throughout the month, we’ll be posting ways to stay safe online. We use the internet more every day than we realize, from banking, shopping and staying in touch with loved ones. Everyone has a role to play in cybersecurity, whether it’s protecting their families from identity theft, protecting their workplaces from cyber attacks, or protecting their communities from cyber predators.

Here are some tips to stay safe online:

  • Set strong passwords and don’t share them with anyone;
  • Keep your operating system, browser, and other critical software optimized by installing updates;
  • Maintain an open dialogue with your family, friends, and community about Internet safety;
  • Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely;
  • Be cautious about what you receive or read online—if it sounds too good to be true, it probably is; and
  • Visit www.DHS.gov/StopThinkConnect to learn more about how you can help strengthen America’s cybersecurity.

 


Archives