Archive for ‘Security’

Secure Remote Access—Easy as A, B, C

0 Commentsby   |  07.01.18  |  Security

It is well publicized that today’s attackers are ever vigilant in their attempts to uncover weak points in networks, computers, and mobile devices to establish a foothold and leverage vulnerabilities, thus resulting in the compromise of critical assets or personal information. Areas of concern that can lead to a breach include the lack of physical security controls available at remote locations, the use of unsecured networks, and the connection of infected devices to internal networks. The challenge is especially daunting when:

  1. Staff, faculty, and students are accustomed to using use free public Wi-Fi hotspots, and some will use them to access institutional e-mails and documents.
  2. Some campus employees will e-mail work documents to and from their personal account, despite numerous security problems this creates.
  3. Some campus employees will use free USB charging ports available at airports and other public places. These ports pose the risk of transferring viruses and malware to unsuspecting users.

Planning for Secure Remote Access

  • Assume the worst will occur and plan accordingly. Laptops and other wireless devices are prone to loss or theft. External networks not controlled by an institution are especially susceptible to compromise and data interception. Finally, remote users’ devices may eventually become infected with malware.
  • Develop an appropriate remote access policy. It should define what’s allowable concerning remote access. Data sensitivity is another factor to be considered, as access to confidential or sensitive information should be restricted.
  • Configure remote access servers to enforce policies. Consider the placement of remote access servers at the network perimeter, so it serves as a single point of entry to the network and enforces the security policy before any remote access traffic is permitted into internal networks.
  • Ensure personal devices are secured against common threats. Remote devices should receive the same security applications, software, and devices as those found on campus. They should employ antivirus software and data loss protection capabilities, whenever possible.
  • Employ strong user authentication. Many external security threats will be mitigated through the deployment of multifactor authentication.
  • Create a remote access policy. Users should take every reasonable precaution to ensure their remote access connections are secured from interception, eavesdropping, or misuse. To facilitate this, anyone remotely accessing campus resources for business, maintenance, or upgrade actions should use a virtual private network (VPN) provided by the institution. Also, remind staff and faculty not save or store sensitive or restricted institutional data on any remote host or external computing (access) device.

Additional Requirements for System Administrators and End Users

  • Apply computer and mobile device security software, applications, and operating system patches and updates regularly.
  • Install and use antivirus, antispyware, and VPN software on computers, laptops, and mobile devices, keeping software definitions up-to-date and running regular scans.
  • Install and enable a hardware and/or software firewall.
  • Configure devices so that authentication is required (e.g., password, passphrase, token, or biometric authentication), runs in “least privilege” mode (e.g., the user instead of admin), and times out after a 15-minute period of inactivity.
  • Activate and use a “lock” feature before leaving the computing device unattended.
  • Set the security settings to the highest level on Internet browsers and adjust downward as necessary for Internet use.
  • At no time should a campus employee provide usernames or passwords to anyone, not even family members.

(This content was provided by Educause.)

Beef Up Your Physical Security

0 Commentsby   |  06.05.18  |  Security

Employing good physical security practices does not have to include hiring a detachment of the queen’s guard for your campus (though this might be a nice attraction for prospective students!). Instead, just getting the word out to your community about the importance of a few basic physical security tips can substantially improve your institution’s security risk profile. Below are some tips to share with your community:

  • Prevent tailgating. In the physical security world, tailgating is when an unauthorized person follows someone into a restricted space. Be aware of anyone attempting to slip in behind you when entering an area with restricted access.
  • Don’t offer piggyback rides. Like tailgating, piggybacking refers to an unauthorized person attempting to gain access to a restricted area by using social engineering techniques to convince the person with access to let them in. Confront unfamiliar faces! If you’re uncomfortable confronting them, contact campus safety.
  • Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing away. Organizing campus-wide or smaller-scale shred days can be a fun way to motivate your community to properly dispose of paper waste.
  • Be smart about recycling or disposing of old computers and mobile devices. Make sure to properly destroy your computer’s hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
  • Lock your devices. Protecting your mobile devices and computers with a strong password or PIN provides an additional layer of protection to your data in the event of theft. Set your devices to lock after a short period of inactivity; lock your computer whenever you walk away. If possible, take your mobile devices and/or laptop with you. Don’t leave them unattended, even for a minute!
  • Lock those doors and drawers. Stepping out of the room? Make sure you lock any drawers containing sensitive information and/or devices and lock the door behind you.
  • Encrypt sensitive information. Add an additional layer of protection to your files by using the built-in encryption tools included on your computer’s operating system (e.g., BitLocker or FileVault).
  • Back up, back up, back up! Keeping only one copy of important files, especially on a location such as your computer’s hard drive, is a disaster waiting to happen. Make sure your files will still be accessible in case they’re stolen or lost by backing them up on a regular basis to multiple secure storage solutions.
  • Don’t leave sensitive data in plain sight. Keeping sensitive documents or removable storage media on your desk, passwords taped to your monitor, or other sensitive information in visible locations puts the data at risk to be stolen by those who would do you or your institution harm. Keep it securely locked in your drawer when not in use.
  • Put the laptop in your trunk. Need to leave your laptop or other devices in your car? Lock it in your trunk (before arriving at your destination). Don’t invite criminals to break your car windows by leaving it on the seat.
  • Install a remote location tracking app on your mobile device and laptop. If your smartphone, tablet, or laptop is lost or stolen, applications such as Find My iPhone/iPad/Mac or Find My Device (Android) can help you to locate your devices or remotely lock and wipe them.

(This content was provided by Educause.)

Use Strong Passwords and Passphrases to Lock Down Your Login!

0 Commentsby   |  05.01.18  |  Security

Your passwords are the key to a host of information about you, and potentially those close to you. If someone can access your personal information, it can have serious long-term effects—and not just online! Follow these recommendations from the World Password Day website to protect your identity while making the Internet more secure for everyone:

  • Use a passphrase instead of a password. Passphrases are usually 16 characters or more and include a combination of words or short sentence that is easy to remember (e.g., MaryHadALittleLamb!)
  • Use a fingerprint or biometric requirement to sign in when available. This provides an extra layer of protection for devices and apps.
  • Request single-use authentication codes that can be sent to your phone or delivered by an app.
  • Take advantage of whatever multifactor authentication methods are available for your service. Learn more about adding MFA to any account.
  • Use a password manager or password vault software to help keep track of all your passwords and avoid password reuse.

(This content was provided by Educause.)

Spring Cleaning—Be Green, Not Blue

0 Commentsby   |  04.02.18  |  Security

As you upgrade your personal devices to the newest options, do you recycle the old equipment? Being green shouldn’t make you blue. Take steps now to remove anxiety later that forgotten sensitive files on your last laptop could become a source of embarrassment or identity theft. Trying to securely delete data at the time you decommission equipment can turn into a multi-hour chore and a source of stress, but it doesn’t need to be that way.

Make sure saved copies of your tax filings, personal photos, and other sensitive files can’t be retrieved by the next person with access to your computer’s drive by making the drive unreadable to anyone else. Dragging files to the trash or recycle bin doesn’t remove data—it just removes the retrieval path to the file and marks that storage space available for other data to occupy sometime in the future. Your pirate treasure is still buried, but the map is missing. “Secure file deletion” functions go a step further to overwrite the data in those locations with random bits immediately.

The introduction and growth of solid-state drives in consumer electronics, however, make overwriting the data in these spaces less dependable than in the standard hard drives of the past. Today’s “delete/overwrite” protection comes most reliably from full disk encryption (aka whole disk encryption), which encrypts all data on the machine—including the operating system and temporary files you weren’t even aware you created. Follow the motto of a famous infomercial to “set it [full disk encryption] and forget it [the password/key]!” Even if someone removes the drive and puts it into a different machine, the encryption remains in place.

  • Plan A: Encrypt the full disk now using built-in functionality. Create a strong passphrase or password, since this becomes the decryption key! Everything will be encrypted, including the operating system so you will have to “unlock” the encrypted drive with your personal passphrase every time you start or boot up your computer. Save the generated recovery key somewhere secure (like a password manager or printout stored in a secure office), in case you forget your password and need to access the data on that machine. Here are instructions for some of the most common built-in encryption functions:
  • Plan B: If full disk encryption wasn’t a built-in option, find a free or fee version of full disk encryption software that works with your operating system and personal capability. Check your favorite review sites or try Slant for recommendations.
  • Failsafe: Hammer time! Remove and destroy the drive (Geek Squad offers a three-minute tutorial on hard drive disposal). Most retail stores that accept computer donations for safe recycling will remove the drive and give it to you for secure destruction—just ask them to do that. Smash it, drill it, or hold onto the drive until there’s a secure shredding event at work or in your community.

(This content was provided by Educause.)

February 2018

0 Commentsby   |  03.07.18  |  Security

February 2018, By The Numbers

Here are Computing Services’ statistics for February 2018:

  • 110 end-user support requests resolved
  • 65 development and administration issues resolved
  • 18 projects-in-progress
  • projects completed
  • projects requested
  • 99.74% average uptime

Improving Financial Aid Services

In cooperation with Computing Services, Student Financial Services (SFS) recently implemented and continues to roll out CampusLogic to streamline processes and workflows related to financial aid forms and award letters.  The new platform is an interactive and intuitive way to allow students to complete required documents electronically without the additional hassle and fraud risk of sending paper documents.  The new award letter platform enables students and parents to receive their award letters through email and text messages that link directly to their letter.  Having the award letters in this format allows SFS to provide crucial financial resources through links to videos, checklists and printable PDF files, which answer common financial aid related questions.

Project Success With A Small Team

The last few springs we have had the opportunity to meet with Dr. Brad Crisp’s Systems Analysis and Design class to share our project management processes and tools.  Here are a few of our keys to success that we shared with students last month:

  • Prioritize so that the university’s most important needs are addressed first.
  • Hold daily standup meetings for brief, regular communication.
  • Use an iterative process to deliver more quickly.
  • Regularly identify enhancements to processes for continuous improvement.

Protect Yourself While Traveling

Traveling today is so much easier with technology. You can you stay productive, entertained, and in touch. For many, having a cell phone or other electronic device is a critical part of having a great travel experience and an integral part of daily life. Unfortunately, traveling with devices can mean increased risks for keeping your personal data private as well as the potential for device theft. Experts often suggest leaving your device at home or using a loaner device when traveling, but this isn’t always a viable option. Here are some tips to protect your data and devices while traveling.

How to Protect Your Data and Devices While Traveling with Tech

0 Commentsby   |  03.01.18  |  Security

Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.

Good to know:

  • While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
  • Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.

Protect your tech and data when traveling:

  • Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can’t search what you don’t have.
  • Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
  • Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
  • Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.

Get your device travel ready:

  • Change your passwords or passphrases before you go. Consider using a password manager if you don’t use one already.
  • Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
  • Delete apps you no longer use.
  • Update any software, including antivirus protection, to make sure you are running the most secure version available.
  • Turn off Wi-Fi and Bluetooth to avoid automatic connections.
  • Turn on “Find My [Device Name]” tracking and/or remote wiping options in case it is lost or stolen.
  • Charge your devices before you go.
  • Stay informed of TSA regulations and be sure to check with the State Department’s website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
  • Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
  • Don’t overlook low-tech solutions:
    • Tape over the camera of your laptop or mobile device for privacy.
    • Use a privacy screen on your laptop to avoid people “shoulder surfing” for personal information.
    • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
    • Label all devices in case they get left behind!

These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.

(This content was provided by Educause.)

January 2018

0 Commentsby   |  02.08.18  |  Banner, Security

January 2018, By The Numbers

Here are Computing Services’ statistics for January 2018:

  • 204 end-user support requests resolved
  • 89 development and administration issues resolved (ties previous January record)
  • 15 projects-in-progress
  • projects completed
  • projects requested
  • 99.99% average uptime

Can We Make Things Better?

Yes, we can! One of our primary goals this school year is to optimize and enhance.  Here are a few ways that we are making things better:

  • Decreasing Banner form customizations – The Banner 9 upgrade forced us to evaluate the form customizations created over the last 17 years.  We are excited that this effort has resulted in a 75% decrease as we complete the move to Banner 9 this spring.
  • Streamlining Banner job customizations – We implemented an automated process that improves the management of customizations to Banner jobs, which are impacted by almost every Banner upgrade.  Programmers no longer spend time manually reviewing code to find changes.
  • Removing overlapping and unnecessary services – We recently replaced the old Massmail tool with email lists in Google Groups, which academic departments use for emailing their students.

Open Source Solutions Reduce Costs

We have a long history of utilizing open source software for critical services like single sign-on and myACU.  Though open source solutions can be difficult to maintain, we have reaped tremendous value from well-respected solutions that include comparable features to expensive commercial options.  Open source provides a saving to the university since these solutions require no licensing or maintenance costs in exchange for our relatively low operating costs.

Good Cybercitizens Make the Internet a Safer Place

Digital citizenship is an important part of an individual’s online identity and requires everyone to take steps to make the Internet an enjoyable, safe place for everyone. “The Internet is a powerful and useful tool, but in the same way that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t venture online without taking some basic precautions.”  Here are some tips to keep in mind as we work together to create a better, safer digital world for ourselves and others.

Password Managers Make Life Easier

Do you know what a password manager is?  Do you know how a password manager makes life easier?  We invite you to join us in the Innovation Foundry on Tuesday, March 6th at noon to hear how a solution called LastPass can make your life easier.  We will share how a non-technical employee embraced LastPass as a means of better managing her personal and professional life.

 

Good Cybercitizens Make the Internet a Safer and Better Place

0 Commentsby   |  02.01.18  |  Security

“The Internet is a powerful and useful tool, but in the same way that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t venture online without taking some basic precautions.” This is an important reminder from the National Cyber Security Alliance that cybersecurity is everyone’s responsibility as an individual and a member of our ever-growing online community. Here are some tips to keep in mind as we work together to create a better, safer digital world for ourselves and others.

  • Own your online presence. To keep yourself safe, set privacy and security settings on web services, apps, and devices to your comfort level. You do not have to share everything with everyone. It is your choice to limit what (and with whom) you share personal information.
  • Be a good digital citizen. The things that you would not do in your physical life, do not do in your digital life. If you see crime online, report it the same way that you would in real life. Keep yourself safe and assist in keeping others safe on the Internet.
  • Respect yourself and others. Practice good netiquette, know the law, and do not do things that would cause others harm. The Golden Rule applies online, as well.
  • Practice good communications. Never send an e-mail typed in anger. Put it in your draft folder and wait. Keep in mind that digital communications do not give the reader the same visual or audio cues that speaking in person (or by video or phone) does.
  • Protect yourself and your information. Use complex passwords or passphrases, and don’t reuse the same password or variations of a simple phrase. Better yet, enable two-factor authentication or two-step verification whenever possible.

(This content was provided by Educause.)

December 2017

0 Commentsby   |  01.10.18  |  Banner, Security

2017: A “Banner” Year

Here are noteworthy statistics that tell some of the stories of our exceptional year:

  • 2,127 end-user support requests resolved (209 more than the previous record)
  • 1,089 development and administration issues resolved (139 more than the previous record)
  • 52 projects requested
  • 43 projects completed
  • 7 new services and integrations added
  • services and integrations removed
  • 99.92% average uptime (new record)
  • 286 employees attended Banner 9 information and training sessions
  • 199 Banner updates applied (105 Banner 9 updates)
  • modules live on Banner 9 (two more to come in 2018)
  • presentation proposal accepted for Ellucian 2018 conference in April (“Banner 9: How Green Is The Grass On The Other Side?”)
  • Countless emails, phone calls, meetings, and sidewalk conversations about Banner 9

Are Robots Taking Over the World?

We don’t think it will happen soon, but 2017 saw a rise in powerful technologies, services, and applications in many industries (self-driving cars, virtual assistants like Alexa, chatbots for self-service, machine learning for data analytics, etc.).  We spend time each month exploring topics like automation and artificial intelligence to understand technology trends and how they may intersect with higher education.   Some of the most promising applications assist and enhance humans rather than replace the human altogether.  Our explorations have included a lot of reading, listening, discussion, and experimentation.  We will explore exciting areas like this in 2018 as many of these technologies no longer appear to be the stuff of science fiction or short-term fad. 

Privacy Is Our Shared Responsibility

No matter how you define customers, you and your organization collect their information, and it is up to you to respect and keep their information private.  You don’t need to understand the nuances of every privacy regulation currently affecting higher education to tackle data privacy issues on campus. Whether you are working on a data breach response plan, updating institutional policies, collaborating with researchers on a new project, or educating students, faculty, and staff about data privacy, consider teaming up with your institution’s privacy officer(s). Here are some helpful tips to consider that will help you effectively protect the privacy of students, faculty, staff, and alumni.

More Banner 9 in 2018

We did not hit our original target to have all Administrative Banner modules upgraded to Banner 9 by the end of 2017, but we made significant progress.  Here are highlights of our work in December as well as work coming up:

  • Less Banner 8 – Most Banner 8 forms in General, Finance, Human Resources, Position Control and Student have been disabled.  We have a few remaining Banner 8 forms that are still active due to defects in Banner 9 or dependencies in the modules that remain in Banner 8.
  • Custom forms – We are close to completing migrations for most of the remaining custom-created forms that will live on in Banner 9.  We are removing 60 out of the 80 customizations we have in Banner 8.
  • Updates – We will apply multiple updates to the existing Banner 9 modules in the next month or two, which includes updates to Accounts Receivable, Finance, and Student.
  • Last Banner 9 steps – The first Banner 9 upgrades for Advancement and Financial Aid have been scheduled over the next few months.  We anticipate completion of most updates by the end of March.

December 2017, By The Numbers

Here are Computing Services’ statistics for December 2017:

  • 107 end-user support requests resolved
  • 61 development and administration issues resolved
  • 17 projects-in-progress
  • project completed
  • projects requested
  • 99.96% average uptime

Privacy Is Our Shared Responsibility

0 Commentsby   |  01.01.18  |  Security

Everyone in our community is responsible for the protection of our customers’ privacy and their personal information. However, you don’t need to understand the nuances of every privacy regulation currently affecting higher education to tackle data privacy issues on campus. Whether you are working on a data breach response plan, updating institutional policies, collaborating with researchers on a new project, or educating students, faculty, and staff about data privacy, consider teaming up with your institution’s privacy officer(s).

Know and understand your privacy policies.

  • Most institutions have a standard privacy policy, statement, or notice on their website to help visitors understand the practices related to the collection, use, or disclosure of information. Two examples include Indiana University and the University of California, Berkeley.
  • Additional privacy statements or notices may be included in third-party contracts or services offered to students, faculty, and staff (e.g., learning management systems used for classes).
  • Also consider any third-party privacy policies or terms and conditions you may have agreed to as an individual (e.g., Facebook or any other third-party services or apps that aren’t officially hosted by the institution through a signed contract).

Always start with privacy.

  • Include privacy in the planning phase of all new projects.
  • If you don’t need personal information, don’t collect it. You can always ask for more information later.
  • Inform your customers about why you’re collecting their personal information.

Keep and use data securely.

  • Keep personal information confidential and limit access to the data.
  • Make sure you’re only using the data the way you said you’d use it. Ensure you get the customer’s consent before you use it otherwise.
  • Destroy or deidentify private information when you no longer need it.
  • Know your data breach response plan.

(This content was provided by Educause.)