Page 16 - OIT Progress Report: 2023 Edition
P. 16
Information Security
Testing SMU’s Security Acumen
In May, just after graduation, a social engineer was detected walking various areas across campus. No, it wasn’t part of a cyber-attack. The social engineer was hired by OIT to assess the physical security of SMU’s campus and to better understand the strengths and weaknesses of SMU’s processes. The engineer attempted to gain access to several secure areas across campus and even tried to trick the IT Help Desk into resetting a user’s password using a fake ID and some information he had found on social media. We’re so proud of the IT Help Desk who did not fall for the ruse. Brad Cheves, VP for Development and External Affairs noticed the social engineer in his area and personally contacted authorities, taking pictures of the suspicious person and his automobile as he exited the building. We should all strive to be like Brad, because Security Starts With You.
Duo Security
Since the implementation of Duo in 2016, OIT has continuously strived to enhance our two-factor authentication (2FA) platform. In the past year, we have taken significant steps to bolster security and improve the user experience. As part of these efforts, we extended two-factor authentication to former students, providing them with increased protection against phishing attempts and other threats. Additionally,
we introduced Duo’s trusted browser feature and incorporated “remember me” settings, ensuring a smoother and more convenient authentication process. Keeping up with technology advancements, we discontinued support for older operating systems and rolled out Duo’s newly introduced user interface.
Because Duo is so widely used, we are making every effort to prevent “Duo fatigue” where cybercriminals use a tactic to repeatedly send Duo requests to users who have shared their username and password
to annoy someone into approving the two-factor request. In order to protect individuals in our campus community from letting their guard down, we will
be implementing additional features in October 2023 requiring our users to enter a six-digit code within the app. This will ensure that everyone continues to work in a digitally secure environment.
CYBER WELLNESS PROGRAM HELPS SMU COMMUNITY DISCOVER ITS STRENGTHS
In October, SMU offered employees the option of participating in a pilot of our first-ever Cyber Wellness Program, based on the award-winning book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by SMU’s Chief Security Officer (CSO), George Finney. The program began with participants taking a cyber personality test that helped individuals find their biggest strengths when it comes to cybersecurity. Out of all the organizations that have taken the personality assessment, SMU has a very high percentage of users who had Cybersecurity Literacy as their primary internal strength. Cybersecurity Diligence was also very high compared to the external strengths of other organizations.
14 OIT PROGRESS REPORT 2023