it-security - The University of Tulsa

it-security

CYBERSECURITY AWARENESS MONTH 2021: CYBERSECURITY WHILE TRAVELING

CYBERSECURITY WHILE TRAVELING

In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you’re traveling— whether domestic or international—it is always important to practice safe online behavior and take proactive steps to secure Internet-enabled devices. The more we travel, the more we are at risk for cyberattacks.

#BeCyberSmart and use these tips to connect with confidence while on the go.

SIMPLE TIPS:

BEFORE YOU GO

  • If You Connect IT, Protect IT. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
  • Back up your information. Back up your contacts, financial data, photos, videos, and other mobile device data to another device or cloud service in case your device is compromised, and you have to reset it to factory settings.
  • Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust.
  • Keep up to date. Keep your software updated to the latest version available. Maintain your security settings to keeping your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.

DURING YOUR TRIP

  • Stop auto connecting. Some devices will automatically seek and connect to available wireless networks or Bluetooth devices. This instant connection opens the door for cyber criminals to remotely access your devices. Disable these features so that you actively choose when to connect to a safe network.
  • Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free WiFi. Only use sites that begin with “https://” when online shopping or banking.
  • Play hard to get with strangers. Cyber criminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender.
  • Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t— at any given time.
  • Guard your mobile devices. To prevent theft and unauthorized access or loss of sensitive information, never leave your equipment—including any USB or external storage devices—unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.

Thanks for reading, and safe travels. #BeCyberSmart!

 

CYBERSECURITY AWARENESS MONTH 2021: IDENTITY THEFT AND INTERNET SCAMS

IDENTITY THEFT AND INTERNET SCAMS

Today’s technology allows us to connect around the world, to bank and shop online, and to control our televisions, homes, and cars from our smartphones. With this added convenience comes an increased risk of identity theft and Internet scams. #BeCyberSmart on the Internet—at home, at school, at work, on mobile devices, and on the go.

DID YOU KNOW?

  • The average cost of a data breach for a US company in 2020 was $8.84 million. That’s an increase from the 2019 figure of $8.64 million.
  • 7-10% of the U.S. population are victims of identity fraud each year, and 21% of those experience multiple incidents of identity fraud.
  • In 2020, 47% of people living in the US experienced identity theft.

COMMON INTERNET SCAMS

As technology continues to evolve, cybercriminals will use more sophisticated techniques to exploit systems, accounts, and devices to steal your identity, personal information, and money. To protect yourself from online threats, you must know what to look for. Some of the most common Internet scams include:

  • COVID-19 SCAMS take the form of emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
  • IMPOSTER SCAMS occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information. For example, an imposter may contact you from the Social Security Administration informing you that your Social Security number (SSN) has been suspended, in hopes you will reveal your SSN or pay to have it reactivated.
  • COVID-19 ECONOMIC PAYMENTS SCAMS target Americans’ stimulus payments. CISA urges all Americans to be on the lookout for criminal fraud related to COVID-19 economic impact payments—particularly fraud using coronavirus lures to steal personal and financial information, as well as the economic impact payments themselves—and for adversaries seeking to disrupt payment efforts.

SIMPLE TIPS

  • DOUBLE YOUR LOGIN PROTECTION. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
  • SHAKE UP YOUR PASSWORD PROTOCOL. According to (National Institute of Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
  • STAY UP TO DATE. Keep your software updated with the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run regular scans

PROTECT YOURSELF FROM ONLINE FRAUD

STAY PROTECTED WHILE CONNECTED: The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you—even in your own home on encrypted Wi-Fi.
Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar—this signifies a secure connection.

  • When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
  • If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
  • Don’t reveal personally identifiable information such as your bank account number, SSN, or date of birth to unknown sources.
  • Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.

RESOURCES AVAILABLE TO YOU

If you discover that you have become a victim of cybercrime, immediately notify authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. The list below outlines the government organizations that you can file a complaint with if you are a victim of cybercrime.

  • FTC.gov: The FTC’s free, one-stop resource, www.identitytheft.gov/can help you report and recover from identity theft. Report fraud to the FTC at ftc.gov/OnGuardOnline or www.ftccomplaintassistant.gov.
  • US-CERT.gov: Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or us-cert.cisa.gov. Forward phishing emails or websites to US-CERT at phishing-report@us-cert.gov.
  • IC3.gov: If you are a victim of online crime, file a complaint with the Internet Crime Complaint Center (IC3) at www.IC3.gov.
  • SSA.gov: If you believe someone is using your SSN, contact the Social Security Administration’s fraud hotline at 1-800-269-0271.

Thank you for reading. If you have any questions or concerns, please email us at it-security@utulsa.edu. Be safe, and #BeCyberSmart!

CYBERSECURITY AWARENESS MONTH 2021: FIGHT THE PHISH!

PHISHING & SPOOFING

Phishing attacks use email or malicious websites to infect your machine with malware and viruses to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerabilities for criminals to use to attack. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts.

Spoofing attacks use email addresses, sender names, phone numbers, or website URLs that are disguised as a trusted source. Cybercriminals attempt to deceive users by changing one letter, symbol, or number within the name. This tactic is used to convince users that they are interacting with a familiar source. Cybercriminals want you to believe these spoofed communications are real to lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.

HOW CRIMINALS LURE YOU IN

The following messages from the Federal Trade Commission’s OnGuardOnline are examples of what attackers may email or text when phishing for sensitive information:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

SIMPLE TIPS

  • Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
  • Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
  • Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
  • Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
  • Shake up your password protocol. According to National Institute of Standards and Technology guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts
    and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
  • Install and update anti-virus software. Make sure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.

HOW TO REPORT

To report phishing attempts, spoofing, or to report that you’ve been a victim, please do the following, depending on what account you are referring to:

  • TU account – Forward any suspicious emails to phishing@utulsa.edu or contact it-security@utulsa.edu with any concerns.
  • Personal account – Visit the www.ic3.gov to file a complaint, and use the built-in tools most providers to report emails as malicious.

Thank you for reading. Be safe out there, and #BeCyberSmart!

CYBERSECURITY AWARENESS MONTH 2021: SOCIAL MEDIA CYBERSECURITY

SOCIAL MEDIA CYBERSECURITY

Now more than ever, consumers spend increasing amounts of time on the Internet. With every social media account you sign up for, every picture you post, and status you update, you are sharing information about yourself with the world. How can you be proactive and “Do Your Part. #BeCyberSmart”? Take these simple steps to connect with confidence and safely navigate the social media world.

DID YOU KNOW?

  • In 2021 4.48 billion people are now using social media worldwide. That’s an increase of more than 13% from 2020. Put another way: Almost 57% of the total world population are using social networks.
  • Digital consumers spend nearly 2.5 hours on social networks and social messaging every day.

SIMPLE TIPS

  • If You Connect IT, Protect IT. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
  • Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
  • Speak up if you’re uncomfortable. If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes them uncomfortable. People have different tolerances for how much the world knows about them, and it is important to respect those differences. Don’t hesitate to report any instance of cyberbullying you see.
  • Report suspicious or harassing activity. Work with your social media platform to report and possibly block harassing users. Report an incident if you’ve been a victim of cybercrime. Local and national authorities are ready to help you.
  • Remember, there is no ‘Delete’ button on the Internet. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it.
  • Update your privacy settings. Set the privacy and security settings to your comfort level for information sharing. Disable geotagging, which allows anyone to see where you are—and where you aren’t—at any given time.
  • Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust.

THANKS FOR READING. BE SAFE, AND #BECYBERSMART!

CYBERSECURITY AWARENESS MONTH 2021: CYBER SECURE AT WORK

CYBER SECURE AT WORK

Businesses face significant financial loss when a cyber-attack occurs. In 2020, a sharp increase was reported in cyberattacks that target businesses using stolen logins and passwords. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.

#BeCyberSmart to connect with confidence and support a culture of cybersecurity at your organization.

SIMPLE TIPS

  • Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
  • Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.
  • Stay up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.
  • Social media is part of the fraud tool set. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.
  • It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting or forwarding all phishing attempts to a supervisor, so that any necessary organizational updates, alerts, or changes can be put into place.

IF YOU WORK FROM HOME

  • Only use approved tools. Only use organization-approved software and tools for business, including company provided or approved video conferencing and collaboration tools to initiate and schedule meetings.
  • Secure your meeting. Tailor security precautions to be appropriate for the intended audience. Plan for what to do if a public meeting is disrupted. Take precautions to ensure your meeting is only attended by intended individuals.
  • Secure your information. Tailor your security precautions appropriately to the sensitivity of your data. Only share data necessary to accomplish the goals of your meeting.
  • Secure yourself. Take precautions to avoid unintentionally revealing information. Ensure home networks are secured.

Thank you for reading. If you have any questions or comments, please contact us at it-security@utulsa.edu.

 

Be safe, and #BeCyberSmart!

Cybersecurity awareness month 2021

The University of Tulsa joins the Cybersecurity Awareness Month Campaign.

Every October, Cybersecurity Awareness Month continues to raise awareness about the importance of cybersecurity across our Nation. Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCSA), Cybersecurity Awareness Month shares messages and weekly themes of the importance of staying safe online. The evergreen theme, “Do Your Part. #BeCyberSmart,” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.

Throughout the past year and a half, our already virtual world depended even more on the Internet. Organizations like TU and individuals like you moved more online than ever before – to socialize, to conduct business, and to simply have fun.

While an increased online presence can be positive, Cybersecurity Awareness Month encourages everyone to take increased ownership of enhanced online activity and the important security practices that come along with it. The virtual safety of our community, and, ultimately, our nation, depends on our personal online safety practices.

Cybersecurity is important to TU and we are committed to helping our community become more resilient.

Throughout October you will learn how to:

  • Be Cyber Smart (Week 1): Take simple actions to keep our digital lives secure.
  • Fight the Phish (Week 2): Highlight the dangers of phishing attempts which can lead to ransomware or other malware attacks, and how to report suspicious emails.
  • Experience. Share (Week 3): Celebrate National Initiative for Cybersecurity Education’s (NICE) Cybersecurity Career Awareness Week and the global cybersecurity workforce and highlight how individuals can learn how to become a cybersecurity professional.
  • Think Cybersecurity First (Week 4): Explore how cybersecurity and staying safe online is increasingly important as our world continues to operate virtually for so much of work and play. WE WILL HAVE OUR FIRST VIRTUAL SCAVENGER HUNT WITH PRIZES!

We should all approach cybersecurity with care in owning, securing, and protecting all our online accounts and information.

 

TU offers these resources that you can utilize to keep yourself safe online:

If you have more questions about how The University of Tulsa is getting involved in this year’s Cybersecurity Awareness Month Campaign, please email it-security@utulsa.edu

Safely working from home

Maintaining a secure working environment at home can be challenging, but with a few simple steps, you can make sure that you are staying safe while working at home.

5 tips to stay safe while working at home

  1. Be careful! Attackers may call you, email, you show up at your door looking to trick you into doing something on your computer. Be extra careful on suspicious requests.
  2. It is important that you only use a University computer to access sensitive data (student data, grades, financial, etc.). If you do not have a University computer/laptop, talk with your system support to enable remote access to your office computer from home.
  3. The University network has many protections that you may not have on your home network, and attackers know this! Make sure that your home wireless router is up to date, has good passwords, and that you know who is connecting to your network.
  4. Make sure your computer is up to date on its patches, is running end-point protection (anti-virus, malware protection, etc.). Some of our automatic computer update processes do not work on “computers at home”, so you may need to manually check your computer for updates.
  5. Do not let other’s use your work computer at home. Access by family members, guests, etc. can be considered a breach of university data.

For more information here are 5 additional steps, recommended by the National Institute of Standards and Technology, to work Securely from home.

Beware Corona Virus Scams

corona virus phishing scamsHope And Fear.

These are the feelings that phishing campaigns prey upon to trick people into giving up information, money, or access.

Right now, multiple campaigns pretending to be from the Center for Disease Control or the World Health Organization are either asking you to click a link for safety instructions, or open an attachment for the same reason. These campaigns are expecting our fear of outbreak and our hope for protection to lower our vigilance in keeping safe and secure internet practices. Both organizations have official pages they communicate from, so if any of us feel that a message may be legitimate, we can check their websites ourselves without needing to click their link or open their attachments.

As always, please forward any suspicious emails to phishing@utulsa.edu.

Thanks, and stay safe out there!

Tax Scams 2020

Hold on to your W-2s and returns because tax season is on the way! As if deductions, exemptions and return distribution wasn’t enough, tax season becomes open season for cybercriminals hunting for sensitive information, credentials and even a direct deposit of your tax returns.

Examples of Tax season phishing scams:

W-2 attachment attack

Attack type: Attachment
Attack objective: Deliver malware
Tax forms – Attachment w/ drive-by link

W-2 phishing attacks come in many shapes and sizes and often strike in January, when employees are waiting to receive their W-2 from their employer. In this phishing email, the attacker baits the victim into clicking a malicious link or downloading a malicious attachment to install malware on their machine.


W-2 business email compromise (BEC) attack

Attack type: BEC
Attack objective: Steal employee or organization information
W-2 Request

example of tax scam email (screenshot)In this W-2 attack, the scammer poses as a manager or executive and targets HR staff to steal the W-2s and personal information of employees. With this BEC attack, the scammer doesn’t need access to a network or business systems. Instead, they only need the victim to reply to the email with the requested information.


Free online access to tax forms

Attack type: Drive by or data entry
Attack objective: Steal employee information or credentials
Tax Form Management Access

Generic offers to access your tax documents are another popular phishing tactic used to redirect victims to a malicious website. These attacks may also redirect the victim to a spoofed login page to steal the victim’s personal information such as their social security number.


Tax preparation software drive by

Attack type: Drive by
Attack objective: Redirect to malicious site
H&R Block – File Your Taxes

example of tax scam email (screenshot)Some scams approach tax season from the opposite direction by impersonating tax preparation software, services or CPAs. These attacks work like most common drive by attacks, but leverage tax season to create urgency with short-term or extravagant offers.


Tax return credential theft

Attack type: Drive by or data entry
Attack objective: Steal employee information or credentials
TurboTax – Return Accepted

In an even more sinister variation to tax preparation scams, some hackers attempt to steal login credentials to access victims’ tax software accounts. Once gaining access, attackers can retrieve personal information and documents or interfere with the victim’s filing process or tax return.


IRS tax notice

Attack type: Attachment, drive by or BEC
Attack objective: Steal employee information or credentials
Tax Notice

example of email tax scam (screenshot)Although the IRS insists it will never contact taxpayers via email, text message or social media, scammers continue to use these tactics to trick victims into clicking malicious links, downloading attachments or even sending payments. Although these attacks peak during tax season, they are frequently used year-round.

Teach Your Kids to #BeCyberSmart and Own Their Cyber Safety

Kids aged eight to 12 currently spend an average of six hours a day online and face issues like identity theft, cyberbullying and cyber predators. By next year, there will be over 31 billion connected Internet of Things (IoT) devices. This means even more toys that connect to Wi-Fi in your house, more multiplayer games your kids play with internet strangers, increased use of tablets at school and phones on the bus and even more serious security and safety threats.

The best way to fight cybercriminals is through education and that can start at any age. As parents, caregivers, teachers and school administrators, we teach our children to learn how to safely cross a road and who to call in case of an emergency. We must also teach our kids proactive digital privacy and online safety behavior and give them the tools to own their own cyber safety.

Read the full post on StaySafeOnline

Most Marketable Skills for Cybersecurity

Technologist Talk covers which skills are most marketable for IT candidates interested in today’s most in-demand market: cybersecurity. Guest expert and CompTIA CEO Todd Thibodeaux make the case that soft business skills—such as researching, writing, teaching, learning and collaborating—are what set candidates apart from the cybersecurity crowd in the eyes of employers.

Technologist Talk

E15: Why Employers Seeking Cybersecurity Talent Look First for Soft Business Skills


“[A talent for teaching matters in a cybersecurity career because] it’s about passing down the knowledge, sharing what you know, the value of analogy, and story, and examples. Being able to teach in a way that you wouldn’t think is teaching, but it is because you’re looking at that other person’s perspective, and you’re not only thinking about what is it that they should know, but how they can best consume it… In cybersecurity, that’s especially true when talking about complex issues and timely and sensitive things. You have to be clear and concise in your communication.”

– Todd Thibodeaux, President and CEO, CompTIA

October is National Cyber Security Awareness Month

October is National Cyber Security Awareness Month, and to celebrate, the IT Security Team has a variety of Cyber Security events planned for each week.

  • Week 1: IT Security will be hosting an online Cyber Security Lunch and Learn about “IT Security: What do we do?” on Friday, October 4, 2019 from 1:00-2:00 p.m.
  • Week 2: Each day of the week, we will post short videos about passwords and password security on the new IT Security Website.
  • Week 3: On Thursday, we will be posting a video of a cyber-attacker targeting the University of Tulsa, where you can watch the steps they do to get into our stuff.
  • Week 4: The campus community is invited to participate in a Cyber Security Awareness Game, where each day participants will act like hackers and find clues spread around the campus.
  • Week 5: On Thursday at 2:00, we will have a Cyber Security Meeting open to all University employees, with a panel of security professionals ready to answer your questions about Cyber Security.

If you would like to participate in the Cyber Security Awareness Month Events, please email us at cyber@utulsa.edu. All employees are welcome and encouraged to participate!

Update iOS to fix an issue that impacts third-party keyboards

Update to iOS 13.1.1 or iPadOS 13.1.1 to fix an issue that impacts third-party keyboards on your iPhone, iPad, or iPod touch.

Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven’t approved this access.

View the issue details and update your device