October 2017

0 Commentsby   |  11.07.17  |  Banner, Security

By The Numbers

Here are Computing Services’ statistics for October 2017:

  • 169 end-user support requests resolved (new record for October)
  • 89 development and administration issues resolved
  • 11 projects-in-progress
  • project completed
  • projects requested
  • 99.99% average uptime

Are You Prepared?

Information Technology provides cybersecurity awareness training for faculty and staff. This training consists of three modules that each take approximately 15 minutes to complete: “Email Security,” “Safe Social Networks,” and “URL Training.” Employees can access the training through the “Cyber Security Training” quicklink in myACU.

 

Banner 9 Project Updates

We are among a small percentage of schools that have made significant progress with the Banner 9 implementation.  Here are highlights of our work in the last month:

  • We installed updates to many of the existing Banner 9 components to address known issues and introduce improvements.
  • We kicked off a project with Ellucian to help us migrate some of our custom forms while our programming team addresses some of this as well.  We will reduce our custom form count by almost 75%.
  • We turned off access to most Banner 8 forms for Human Resources and Position Control.  We will disable most Banner Student 8 forms next week.

Career Paths In Cybersecurity

The cybersecurity field continues to grow along with the need for new workforce talent. In fact, the 2016 EDUCAUSE Center for Analysis and Research’s study on the higher education IT workforce showed that cybersecurity management skillsets are among those most in demand in higher education today.  Here are some ways to spread the word about potential career paths and internship opportunities that can provide vital hands-on experience as these students get ready to join the workforce.

How Higher Ed Can Support Cybersecurity Students

0 Commentsby   |  11.01.17  |  Security

The cybersecurity field continues to grow along with the need for new workforce talent. In fact, the 2016 EDUCAUSE Center for Analysis and Research’s study on the higher education IT workforce showed that cybersecurity management skill sets are among those most in demand in higher education today. Most information security jobs require at least a bachelor’s degree, so the knowledge students acquire through degree programs is critical. At the same time, students should be encouraged to seek additional opportunities for professional development and growth, including the following:

  • Campus internships. Consider hiring student interns to assist in your institution’s information security department. Interns can offer the department additional staffing resources, and department staff can offer interns real-world experiences and the chance to develop mentoring relationships. For suggested qualifications and responsibilities, see the Information Security Intern Job Description Template.
  • Cyber competitions. Institutions with an information assurance or computer security curriculum can participate in regional events hosted by the National Collegiate Cyber Defense Competition. These events give students the chance to hone their practical information security skills, as well as experience working in teams.
  • Scholarships. Full-time students pursuing a bachelor or master’s degree in a formal cybersecurity program at colleges and universities selected by the US Department of Homeland Security (DHS) are eligible to receive scholarship grants. In exchange, scholarship recipients will be placed in an internship; they will also be offered a full-time cybersecurity position after graduation with a federal agency (or other organization approved by the National Science Foundation).
  • Conferences. Students can take advantage of a plethora of information security conferences held each year. Among them is the Women in Cybersecurity conference, which seeks to recruit, retain, and advance women in cybersecurity. This annual conference brings together students and women in cybersecurity from various industries for knowledge sharing, mentoring, and networking.
  • Job fairs. Likewise, students can choose from among numerous job fairs, including the following. DHS hosted its first Cyber and Tech Job Fair in July 2016. The U.S. Department of State maintains a list of job fair websites, including some that require a security clearance. The SANS Institute hosts a CyberTalent Fair — a virtual event for anyone seeking career or job opportunities in cybersecurity. Many campuses also host IT and cybersecurity job fairs, offering advice to students about certifications and connecting graduates or alumni with potential employers.
  • Training courses. The DHS National Initiative for Cybersecurity Careers and Studies (NICCS) Training Catalog includes more than 2,000 cybersecurity training courses offered in the US. A handy interactive map quickly shows viewers the number of courses offered in specific locations. Users can also search for training opportunities by keyword, location, specialty area, provider, proficiency level, and delivery method.
  • Student associations. The National Cybersecurity Student Association requires a small membership fee, but allows students to network with local and state chapters; learn about opportunities for scholarship, internship, and mentoring; and develop technical and leadership skills as they prepare for the cybersecurity workforce.

(This content was provided by Educause.)

September 2017

0 Commentsby   |  10.04.17  |  Banner, Security, google, tips

By The Numbers

Here are Computing Services’ statistics for September 2017:

  • 226 end-user support requests resolved (new record for September)
  • 93 development and administration issues resolved
  • 15 projects-in-progress
  • project completed
  • 1 projects requested
  • 99.97% average uptime

October is National Cyber Security Awareness Month

For more than a decade, colleges and universities have promoted National Cyber Security Awareness Month (NCSAM) each October as part of a collaborative effort to ensure that everyone has the resources they need to stay safe online.  Here are some practical ways to be involved:

  1. Security Training – Information Technology is offering cyber security awareness training for faculty and staff. This training is comprised of three modules, “Email Security,” “Safe Social Networks,” and “URL Training.” Each module takes around 15 minutes to complete.  Please contact the Helpdesk for the web address.
  2. Security Measures with Google – Did you know that Google provides users with tools to help protect your account?  Do you know what a phishing message looks like and how to handle it?   We are partnering with ACU’s Innovation Foundry to offer a Gmail security session on Thursday, October 19th at 11 am.  Please join us in the Innovation Foundry on the top floor of the ACU Library to learn more.  If you plan to attend, then please visit the events page to RSVP.
  3. Information Security is Our Responsibility – In honor of NCSAM — and because information security is everyone’s responsibility — we offer the following tips to help you remain vigilant with your accounts and devices.

It’s All In My Head

How do you manage information that is critical to your department’s operation?  How do you train and prepare a new hire when they join your team?  Do you know what tools ACU provides for managing your information?  We are offering a knowledge management session on Thursday, October 5th at 11 am in the Innovation Foundry.  Please join us to learn about the tools and methods that will make your department more efficient.  If you plan to attend, then please visit the Innovation Foundry events page to RSVP.

Did You Know?

Do you find it challenging to find a time that works for everyone that needs to be included in a meeting?  Google Calendar provides a Suggested Times feature, which will automatically find times and locations for you.  Suggested Times is an excellent alternative to third-party tools such as Doodle where you have to poll people for availability.  Use of the feature requires that all meeting participants share free/busy access to their calendars at a minimum.

Banner 9 Project Updates

Here are the highlights of a busy month of September as well as upcoming work:

  • We trained 125 users in the basics of Banner 9 during August and September.
  • We are preparing updates to many of the existing Banner 9 components later this month.
  • We are ramping up work to migrate Banner forms customizations to Banner 9.  We will reduce our custom form count by almost 75%. We are partnering with Ellucian to help us migrate some of these custom forms.
  • We are still targeting completion of the Administrative Banner upgrades to version 9 by the end of this year.

Information Security Is Our Responsibility

0 Commentsby   |  10.01.17  |  Security

Did you know? According to a 2016 Raytheon survey, 86 percent of young adults think that keeping the Internet safe and secure is a responsibility we all share — up 4 points from 82 percent in 2015.

As digital citizens, we are getting better about consistently protecting ourselves, our devices, and our family and friends. However, the Internet is always “on,” so we must remain vigilant and continue to connect with care to protect our mobile devices — including laptops, tablets, smartphones, and wearable technology — as well as our personal information.

  • Protect your device. Add a passcode to your cell phone, tablet, or laptop right now!
  • Use strong passwords or passphrases. Especially for online banking and other important accounts.
  • Enable multifactor authentication. Wherever possible, enable multifactor authentication, which helps secure your accounts by requiring hardware or biometrics in addition to your password.
  • Check your social media settings. Review your social media security and privacy settings frequently. Enable two-step verification whenever possible.
  • Educate yourself. Stay informed about the latest technology trends and security issues such as malware and phishing.
  • Get trained. Contact your institution’s IT, information security, or privacy office for additional resources and training opportunities.

(This content was provided by Educause.)

Major Change for Banner General Forms

0 Commentsby   |  09.22.17  |  Banner

Please note these important details regarding changes we are making to some of the old Banner 8 functionality in Administrative Banner:

  • What is changing? We are disabling access to most General forms in Banner 8.  Banner General includes forms with the letter G in the first place of the seven-letter acronym (e.g., GOAMTCH).  This change does not include some custom forms that begin with the letters GZ.  Users who try to access a General form in Banner 8 will see an error.  You must use Banner 9 to access these forms.
  • When will the changes take place? The changes will be in place by the time you arrive to work on Thursday, September 28th.
  • How do I access Banner 9? Please contact the Helpdesk.
  • Where can I find more information about Banner 9? We have answered the most common Banner 9 questions in a frequently asked questions page that is accessible through the “Banner 9 FAQs” quicklink in myACU.
  • What should I do if I experience a problem? Please contact the Helpdesk at helpdesk@acu.edu or (325) 674-4357.

 

August 2017

0 Commentsby   |  09.04.17  |  Banner, Business Intelligence, Security

August 2017 by the Numbers

  • 247 end-user support requests resolved (new record for month of August and most for single month)
  • 104 development and administration issues resolved (new record for month of August)
  • 13 projects-in-progress
  • project completed
  • 9 projects requested
  • 99.91% average uptime

Reach Out

Please remember to reach out to the Helpdesk with all of your technical inquiries and problems. The Helpdesk can be contacted by phone at 674-HELP (x4357), or at helpdesk@acu.edu. We have added a call-back feature, so you do not have to wait in the phone queue. For technology problems that are disruptive during a class, please call 674-NEED (x6333) for immediate help.

Computer Security Change

At the recommendation of the Board of Trustees, IT worked with a security company to conduct a security and risk assessment. One of the resulting recommendations was that we implement a setting to lock computers after 30 minutes of inactivity to increase safeguards around unattended workstations. This change is implemented for faculty and staff PCs and is in the process of being rolled out for Macs.

Did You Know?

We use tools to monitor availability and performance of critical applications, such as single sign-on and myACU.  Our system status report is available under the Technology tab in myACU or can be accessed directly.

Discoverer Transition

The Business Intelligence office has converted 116 reports, but many still need to be reviewed for accuracy and approved by users.  This Discoverer Transition post outlines the expectations and responsibilities for Discoverer users.  Please contact Will Wyatt, will.wyatt@acu.edu, if you have any questions.

Optimizing and Enhancing Operations

We help the university to optimize and enhance operations by adopting new applications, automating manual work, and creating integration between Banner and third-party applications.  This fall we will complete multiple projects in this realm, including automation of manual processes to change records for students who cancel enrollment and enhanced data integration between Salesforce and Banner.

Avoiding Ransomware Attacks

Phishing attacks — which often contain ransomware — pose a major risk to everyone, leaving people vulnerable to information and privacy losses, identity theft, and extortion.  Learn more about the warning signs of phishing and ransomware, the potential risks of falling prey to an attack, and how you can protect yourself.

Banner 9 Project Updates

Here are the highlights of a busy month of August as well as upcoming work:

  • In preparation for the start of the Fall 2017 term, we installed updates to Accounts Receivable, General and Student.
  • We trained over 100 users in the basics of Banner 9 and have two more sessions scheduled in September.
  • The first Financial Aid 9 update is ready for testing with a go-live to-be-determined.
  • We are preparing updates to existing Banner 9 components during September and October.
  • We are ramping up work to migrate Banner forms customizations to Banner 9.  We will reduce our custom form count by almost 75%.

Avoiding Ransomware Attacks

0 Commentsby   |  09.01.17  |  Security

Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. According to a 2016 Symantec report, the average ransom demand is almost $700 and “consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.”

Similar to a phishing attack, ransomware executes when a user is lured to click on an infected link or email attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • an embedded malicious link in an email offers a cheap airfare ticket (see figure 1);
  • an e-mail that appears to be from Google Chrome or Facebook invites recipients to click on an image to update their web browser (see figure 2); or
  • a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.
Figure 1. Phishing e-mail with ransomware embedded in a link
Figure 1. Phishing e-mail with ransomware embedded in a link
Figure 2. A fake Google Chrome e-mail
Figure 2. A fake Google Chrome e-mail

To avoid becoming a victim of ransomware, users can follow these tips:

  • Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.
  • Avoid clicking on unverified email links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan).
  • Use e-mail filtering options whenever possible. Email or spam filtering can stop a malicious message from reaching your inbox.
  • Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
  • Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimize the likelihood of someone holding your computer or files for ransom.
  • Back up your files. Back up the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files.
Figure 3. An example ransomware e-mail message
Figure 3. An example ransomware e-mail message
(This content was provided by Educause.)

July 2017

0 Commentsby   |  08.07.17  |  Banner, Business Intelligence, Security, Uncategorized

Did You Know?

We increased third-party application integrations by 34% over the last four years, which represents the largest growth in our service portfolio.  This increase follows a national trend where institutions are frequently adopting cloud-based solutions that integrate with core services like Banner and single sign-on.  Some of our most recent integrations include Barnes & Noble for ID card usage in the bookstore, TeamDynamix for IT support ticket management, and What’s Happening on the Hill for Student Life activities.  We have five new integrations scheduled for completion over the next six months.

Discoverer Transition

The Business Intelligence office is on track to transition Discoverer reports to Cognos by December 31, 2017. Discoverer users have been contacted about transition plans. Please visit the Analytics blog for more information about the transition.

Are You Considering A New Software Implementation?

Please include us, even if the IT impact seems minimal so that we can ask questions, provide feedback, and plan ahead before committing.  We compiled some questions on our New Software Inquiry page to help guide those who are exploring a new software or service. You can share this page with a potential vendor so that they can answer the questions directly.

Are You Practicing Safe Social Networking?

Millions of Internet users engage in social networking, and many of them assume they are in a safe, controlled environment. However, social networking presents unique security challenges and risks.  Here are some tips to use social media safely and own your online presence.

Banner 9 Project Update

We are making more progress towards completion of the Administrative Banner updates we have planned for the rest of the year:

  • We will install updates to many existing Banner 9 components over the next two weeks, which will resolve numerous issues and prepare us for the start of the Fall 2017 term.
  • We are providing user training sessions to better prepare folks for Banner 9, with seven sessions scheduled over the next two and a half weeks.
  • The first Accounts Receivable 9 update is tentatively scheduled to go live this month.
  • The first Financial Aid 9 update is ready for testing with a go-live to-be-determined.

July 2017 by the Numbers

  • 164 end-user support requests resolved (new record for month of July)
  • 65 development and administration issues resolved (new record for month of July)
  • 11 projects-in-progress
  • project completed
  • 5 projects requested
  • 99.99% average uptime

Are You Practicing Safe Social Networking?

0 Commentsby   |  08.01.17  |  Security

Who Else Is Online? Social media sites are not well-monitored playgrounds with protectors watching over you to ensure your safety. When you use social media, do you think about who might be using it besides your friends and connections? Following are some of the other users you may encounter.

  • Identity thieves. Cybercriminals need only a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. Cybercrime attacks have moved to social media, because that’s where cybercriminals get their greatest return on investment.
  • Online predators. Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it’s breaking in while you’re gone or attacking you while you’re out.
  • Employers. Most employers investigate applicants and current employees through social networking sites and/or search engines. What you post online could put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or “less than clever.” Think before you post a compromising picture or inflammatory status. (And stay out of online political and religious discussions!)

How Do I Protect My Information? Although there are no guaranteed ways to keep your online information secure, following are some tips to help keep your private information private.

  • Don’t post personal or private information online! The easiest way to keep your information private is to NOT post it. Don’t post your full birthdate, address, or phone numbers online. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either. You can NEVER assume the information you post online is private.
  • Use privacy settings. Most social networking sites provide settings that let you restrict public access to your profile, such as allowing only your friends to view it. (Of course, this works only if you allow people you actually know to see your postings — if you have 10,000 “friends,” your privacy won’t be very well protected.)
  • Review privacy settings regularly. It’s important to review your privacy settings for each social networking site; they change over time, and you may find that you’ve unknowingly exposed information you intended to keep private.
  • Be wary of others. Many social networking sites do not have a rigorous process to verify the identity of their users. Always be cautious when dealing with unfamiliar people online. Also, you might receive a friend request from someone masquerading as a friend. Here’s a cool hint — if you use Google Chrome, right-click on the photo in a LinkedIn profile and choose Google image search. If you find that there are multiple accounts using the same image, all but one is probably spurious.
  • Search for yourself. Do you know what information is readily available about you online? Find out what other people can easily access by doing a search. Also, set up an automatic search alert to notify you when your name appears online. (You may want to set alerts for your nicknames, phone numbers, and addresses as well; you may very well be surprised at what you find.)
  • Understand the role of hashtags. Hashtags (#) are a popular way to provide clever commentary or to tag specific pictures. Many people restrict access to their Instagram accounts so that only their friends can see their pictures. However, when someone applies a hashtag to a picture that is otherwise private, anyone who searches for that hashtag can see it.

My Information Won’t Be Available Forever, Will It? Well, maybe not forever, but it will remain online for a lot longer than you think.

  • Before posting anything online, remember the maxim “what happens on the web, stays on the web.” Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So: be safe and think twice about anything you post online.
  • Share only the information you are comfortable sharing. Don’t supply information that’s not required. Remember: You have to play a role in protecting your information and staying safe online. No one will do it for you.

(This content was provided by Educause.)

G Suite Security Tech Tune-Up

0 Commentsby   |  07.14.17  |  Security, google

Earlier this week, Jeff Brawley (Senior Systems Analyst and G Suite Administrator) provided a Gmail security session that walked attendees through tips to address phishing messages and make use of tools that Google provides to help secure your account.  Please see the Innovation Foundry’s post for information, including a link to the presentation.