Safe Computing Update

CCIT Staff, Office of Information Security & Privacy
February 16, 2017

February 16, 2017

Clemson announces two cybersecurity enhancements that will provide greater protections to the University and its faculty, staff and students. Read on to learn more about what to expect with the changes.

Who Is Protected? What is the Security Enhancement? When Does This Happen?
All Clemson users All Clemson users will be required to use a two-factor authentication login process. Two-factor authentication (2FA) requires a secondary confirmation of the user’s identity at login using a physical device (app, text message or phone call). Starting Tuesday, February 21, 2017, users can enroll in Duo Security, the University’s provider of two-factor authentication (2FA). Visit clemson.edu/2fa for more information and refer to the Duo Security (2FA) Campus-wide Enrollment schedule below.

Starting March 7, 2017, beginning with the Virtual Private Network (VPN), campus systems will begin to require two-factor authentication. PeopleSoft HR and additional enterprise systems will follow.

All employees and student workers As an additional security measure, all employees and student workers will be required to use an HR-Personal Identification number (HR-PIN) when they need to access their sensitive employment records. Starting Thursday, February 23, 2017, Clemson will require its employees and student workers to use their unique HR-PIN to access sensitive employment data in CUBS HR. Within the week, all employees and student workers will have HR-PINs mailed to their home addresses. The HR-PIN will replace the current requirement of typing in birthdays and zip codes to access sensitive employment records.

Support for when you need it

Throughout the transition, CCIT will provide hands-on assistance. Users can expect to receive timely emails detailing specific technical support, when it is available and where. Additionally, users will be notified as campus systems begin to require two-factor authentication, beginning with the Virtual Private Network (VPN) on March 7, to be followed by PeopleSoft HR and additional enterprise systems.

Duo Security (2FA) Campus-wide Enrollment Schedule

The Clemson University two-factor authentication timeline

For assistance, contact your local area IT support or contact the CCIT Support Center (IThelp@clemson.edu, 864-656-3494, or Get Help).


February 11, 2017

Be advised the University is receiving another round of phishing emails. Below is a snapshot of the latest one to be received. Past experiences have shown that other messages such as this are likely soon to follow. Please be cautious and review all messages carefully.

If you have any questions, please contact the CCIT Customer Support Center at ITHELP@clemson.edu or call 864-656-3494.

A phishing message purportedly from "info@clemson.edu."


February 9, 2017

As part of Clemson University’s continuing commitment to protecting its community of research, faculty, staff and students, the University will be strengthening the login page for web applications like Canvas, my.Clemson, iROAR and others. A new login page will go into effect on Tuesday, February 14.

How Does This Security Change Affect Me

  • The new page will feature an ADA-accessible new appearance, but you can use the same login process with which you are familiar.
  • After Tuesday’s change, users should no longer trust anything that looks like the traditional orange and white login page.
  • The my.Clemson Android app login appearance will be affected. The my.Clemson iOS app login appearance will not be affected.

For any questions, please contact the CCIT Support Center at ITHELP@clemson.edu or (864) 656-3494.

Your patience is appreciated. Thank you for helping us to protect you and the University.

new-login-linux

This is what the new login page looks like in your web browser (Linux pictured here). Note the green lock in the address bar and the https:// at the beginning of the address.

new-login-mobile

This was what the new login page looks like on a mobile device.

This is the current login page viewed on a web browser, featuring a notice for Tuesday's change.

This was the old login page viewed on a web browser, featuring a notice for Tuesday’s change.

This is the current login page viewed on mobile, featuring a notice for Tuesday's change.

This is the old login page viewed on mobile, featuring a notice for Tuesday’s change.


February 7, 2017

CCIT experts have begun implementing a series of strategic responses to cyber-attacks that have targeted schools throughout the United States. The University has implemented additional features to strengthen the firewall between sensitive employment records and those who engage in criminal activities.

As of February 7, you must be on the Clemson network at a University facility to access the CUBS HR system, including the employee self-service portal (paycheck, W-2, etc.). You are viewing this page because you attempted to log in to view your employee self-service site from outside the campus network.

For assistance, please contact Ask HR, your area consultants or the CCIT Support Center. Your patience is appreciated. Thank you for helping us to protect you and the University.


February 3, 2017

Please be aware that there has been a notable increase in phishing emails over the last few weeks. Some of these messages have been very well put together and tailored specifically for Clemson users. Those messages are intended to lure the recipients into providing their account usernames and passwords, which can then be used by unauthorized individuals to access Clemson resources in order to steal personal information.

When reviewing and responding to emails, please take some extra time to examine messages closely. If for any reason you suspect an email to be malicious, contact the CCIT Helpdesk for guidance. Some general advice for email usage to avoid becoming a victim of phishing:

  • Never provide personal information. This includes accounts, passwords.
  • Never trust links provided in messages unless you can confirm the sender to be legitimate.
  • Any message asking for information, or leads to an external site where you must provide an account and password should be questioned before proceeding.
  • If the message appears to be malicious, it probably is.
  • There are obvious typos and grammar errors.
  • The From email address field does not match who they present themselves to be.
  • Urgent action is required.

Malicious use of email such as this is not limited to Clemson, as many sectors of business and government entities are also being impacted.† Be aware of potential threats when using personal email accounts as well.

Being aware and practicing safe computing habits is the best defense against these attacks.


January 9, 2017

Some members of the Clemson community received a phishing email on Monday, January 9, linking to a site that appeared to be associated with Blackboard (see screenshot). The email was an attempt to exploit your information and was not associated with Clemson or Blackboard. A reminder:†any link given to you from Clemson will ALWAYS be on a URL that pertains to clemson.edu.

A phishing site sent to Clemson users.

If you followed any links in the file or entered your credentials, please reset your password immediately and contact ITHELP@clemson.edu.


December 13, 2016

Attention: If you received the email located in the screenshot below, please do not click on the link or enter your Clemson University credentials. This is a phishing attempt to exploit your information.

Sometimes it is hard to tell if an email is a phishing site or not. Below are some warning signs to look out for when receiving a suspicious email.

inbox__67128_messages__16_unread__1024

Clemson emails will ALWAYS end in @clemson.edu. As you see from the screenshot above, although the user is named “President Clements,” the email is addressed from an @fallriverschools.org.

microsoft_office___share__upload__extract

Another tip to watch out for is the URL the email gives you. Any link given to you from Clemson will ALWAYS be on a URL that pertains to clemson.edu.

If an e-mail contains an attachment, please do not click the attachment. This could contain malware that could compromise your computer.

 Follow @ClemsonIT

The Adobe Creative Jam is coming to campus on March 1. Submit your portfolio by Wednesday at midnight:… twitter.com/…

 Follow @ClemsonIT

The Adobe Creative Jam is coming to campus on March 1. Submit your portfolio by Wednesday at midnight:… twitter.com/…