Cybersecurity—the practice of protecting digital information and infrastructure—requires the diligence and attention of the whole Smith community. Approximately 90% of security breaches occur with human error, but individuals who receive regular cybersecurity awareness training are up to five times less likely to click a malicious link than people who do not receive training.
Smith community members will need to take cybersecurity awareness training annually. This training provides an introduction to cybersecurity best practices and concepts, and aims to prepare the Smith community for the challenges and opportunities presented by an ever-changing technology.
This task will be completed in the Workday app called Learning.
Training must be completed within 60 days of receipt.
Community members will receive regular reminders when their training is due.
If you receive an alert from Duo (push notification, text, or phone call), when you are not in the process of logging into a Smith application, DO NOT approve the request. An uninitiated notification indicates that your password has been compromised.
If you did approve a notification but believe it was not initiated by you:
Change your password immediately.
Contact ithelp@smith.edu
If you ignore or deny the notification:
Change your password immediately. If you use the same password for other accounts, change those as well.
If you have selected "Deny", you will be prompted to report the request as fraudulent and will receive a follow up communication from ITS.
How do I report a phishing attempt?
Once a phishing attempt is reported to ITS, we block the messages from being forwarded to other users. This means forwarding a spam message to report an issue may not make it to ithelp@smith.edu. The steps you should take to report phishing are listed here.
After reading a message that you feel is a phishing message, promptly report that message as phishing to Google.
To do this, view the message in Gmail on a computer. In the upper right corner of the message, select More (3 vertical dots) then select Report phishing from the menu.
After reporting a phishing message, immediately delete the message by selecting Delete this message or the Trash Can icon. Do not forward phishing messages with links to other users.
What if I responded to a phishing email?
Take these steps immediately if you provided your Smith username and password in response to a phishing scam, or if you believe your Smith Mail has been compromised for any reason:
Never approve a Duo request that you didn’t initiate, even if the screen looks familiar.
Change your password immediately.
If you have used this same password for any other sites or services–especially financial sites–then change those passwords. (Reminder: do not use your Smith password on any other systems.)
Check your Smith email account and other Smith accounts that you have delegated access to. Check filters and rules to make sure there aren’t any new ones that you didn’t create. Check both Sent and Trash to see if they are messages that you don’t recognize.
Contact ITS User Support to request help and get additional instructions, which often depend on the situation. Include the email message subject line along with the date and time you responded.
Review Google security information. To review Google security settings and recommendations for your account, select the Google Apps grid (9-dot matrix), found in the upper righthand corner of your Gmail screen, then select Account. (Alternatively, go to myaccount.google.com.) From the left menu, select Security and review the information, including any security issues found.
Why do we need to take cybersecurity awareness training?
The training is necessary in order to help prevent cybersecurity breaches and maintain the security of both Smith and personal data. In addition, it is required for Smith’s cyber liability insurance coverage.
How long will it take me to complete the training?
It should take between 15 to 20 minutes to complete the training.
What other security steps does Smith take?
ITS uses a layered approach to cybersecurity at Smith, in accordance with best practices established by security professionals and researchers. This includes:
The use of tools, such as firewalls, to prevent network intrusion
Email filters to prevent inbound phishing and spam messages from reaching Smith users
Identity management tools, such as Duo, to keep accounts secure
Risk management program to identify and mitigate risks to data and its infrastructure
By layering these approaches in tandem with a well-informed, regularly trained user community, Smith can enhance its security posture and drastically reduce the likelihood of a successful attack or breach.
How will Smith know that I have completed my cybersecurity training?
Workday will maintain records related to completion of the training.