Tech Tip of the Week

Did you spot the phish last week? You may recall receiving a fake phishing attempt last week as part of the DHTS Phish program. Did it get you? 

Congratulations to our DUSON student Brian Douthit, PhD student and MSN '17! He was selected from those who reported the phish to receive a beautiful ISO challenge coin.

Here’s how the School did overall:

• Emails Sent: 484

• Email Opened: 207 (42.8%)

• Clicks: 133 (27.5%)

• Reports - PhishAlarm: 45 (9.2%)

• Resilency Rate (reports/clicks): .34

• Teaching Moment Acknowledgement: 55 (41.3% of clickers)

• Vulnerable plugins (Flash, Acrobat, Java): 9 (6.7% of clickers)

While we can expect a lower resiliency rate after our long hiatus, we have some room for improvement. Our number of clicks was higher than baseline, and the number of DUSON community members who reported this using the "Report Phish" button was unusually low.

Takeaways? Let’s do better. Cybercriminals aren’t letting up. Watch out for phishing emails, and, when in doubt, report it! 

DUSON Options For Your Web Project

Here is an outline of your options as a member of the DUSON community for your web presence. You can request a website or web services by clicking here, then selecting the Media & Website Request button:

** Grant-funded or Research Web Application: Please see below for a detailed look at the requirements for all grant-funded or research web applications.

• The DUSON Website – The DUSON website is managed by the DUSON Marketing & Communications office working in collaboration with each DUSON group. All pages follow a standard template to ensure integration into the main website is seamless and consistent. There is no cost for a DUSON website page, and all pages on the DUSON website require approval.

• Microsites – These are sites not within the structure of the DUSON website. All sites must use a template and must contain the Duke School of Nursing brand, and all requests must have a URL of the form <your site name>.nursing.duke.edu. There is no cost for a DUSON microsite, and all DUSON microsites are created and managed by DUSON Marketing & Communications.

• Student Groups – Student groups formally recognized by the DUSON Office of Student Services can request a web page. These pages follow the same guidelines and polices of other DUSON organizations and are located directly on the DUSON website. 

• Individual and Small Group Sites – For individual and small groups who don’t need a DUSON-branded website, Duke offers Sites@Duke for groups to create their own WordPress site. Click here to see a sample. Tech Tuesday is a Sites@Duke site. It’s the easiest way to get online and is available at no cost. Potential uses include:

  • a site to promote your new book

  • a website to which you can point conference attendees for more information

  • content creation

  • creating your own or your group’s blog.

DUSON Grant Funded or Research Web Projects

If you have a grant-funded or research project that requires a web application, Duke has very clear requirements that must be followed. Failure to follow these guidelines will result in delays and possibly failure to receive approval for your selected web solution.

• Just getting started? Our Duke Health Information Security Office has put together a great set of resources that will help guide you:

  • Duke Web Security Standards – This is a great homepage with an introduction to Duke’s standards.

    • Secure Coding Best Practices – Duke Health requires developers (internal and external to Duke) to follow the Open Web Application Security Project (OWASP) security framework. This document describes these standards.

  • Web Governance Policy – This is the official Duke policy describing requirements for web hosting.

  • Web Security Standards – This is the official Duke policy describing web security requirements.

• Contact SON-IT before you begin working on the technical details of your project. This includes:

  • Vendor Selection – Duke Health has very specific vendor requirements that must be followed.

  • Technology – Before selecting any technology (such as Google Cloud, Drop Box), it needs to be approved.

  • Hosting Solution – Your web hosting agent must meet specific requirements, even for non-sensitive data.

• If you have already selected any of the above without first consulting SON-IT, please catch up with us to get started.

  • This will help eliminate potential delays with getting your application, vendor, hosting solution and technology approved.

All web applications are required to follow these guidelines. Help your project move smoothly through the Duke Health approval process, and work directly with SON-IT before you make your web application decisions. 

Contact

If you have any technical questions or problems, please contact your IT Service Desk at 919-684-9200 or email SONIT-Support@duke.edu. Check out the Tech Tuesday blog for additional IT tips.