|ISU, Do You Yahoo!?
Yesterday, Yahoo! announced that approximately 500 million user account names, email addresses, phone numbers, and security questions were compromised and put on the market for cybercriminals. You may think this hack is bad, and it is (especially if you have a Yahoo account). But there’s another part to this that we want to caution everyone about.
Specifically, Indiana State University users should be very cautious if they receive an email asking them to change Yahoo account information. Think about it: this incident has presented the perfect opportunity for phishing attempts to prey on users, who obviously right now want to do what is necessary to protect their accounts. How should community members of Indiana State University who use Yahoo proceed?
- First of all, if you receive any e-mail about this topic, from Yahoo or anyone else, do not open any of those links. Instead…
- Open your browser and go to Yahoo…Reset your password and make it a strong, complex password or rather a pass-phrase.
- If you were using that same password on multiple websites, you need to stop doing so. Using the same password on multiple sites, while convenient, is too accommodating to hackers. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something non-obvious, as the Yahoo security questions were also compromised.
- To manage these multiple passwords, use a free password manager like Keepass that can generate complex passwords and store them for you.
- Watch out for any phishing emails that relate to Yahoo in any way and that ask for your information. Go directly to Yahoo when you need to, not from any e-mail that references Yahoo
- And finally... faculty, staff, and students should ALWAYS use their @indstate.edu email account for all University related communications.
Tegrity Yuja Communications
Beginning in the Spring 2016 semester OIT collaborated with several Faculty members to evaluate Tegrity Lecture Capture to determine if it is the tool best suited to the needs of ISU. At the end of our evaluation, we concluded that YuJa Active Learning Platform would serve better due to its ease-of-use and expanded feature list.
This semester, Fall 2016, the migration process from Tegrity to Yuja will begin. The process will involve two major components. First, moving videos that are still in use from the Tegrity platform onto Yuja. Second, providing demonstrations and assistance with adapting to Yuja. The migration should be complete in December, 2016.
In order to complete the first component, all faculty who plan to continue using the old recordings from Tegrity will need to submit a request for the file transfer onto Yuja. One of the benefits to Yuja is its central media library. This means you will only need one copy of any particular video, and you will be able to link that video from all your courses. When you submit a request, do not include multiple copies of the same recording. The form is located here: https://indstate.qualtrics.com/SE/?SID=SV_b2XatiRN62lAEst. File transfer requests will be fulfilled as soon as possible, but the time will depend on the number of requests received as well as the file size. Please note that Tegrity will not be available in the Spring 2017 course sites. File transfer requests should be submitted no later than November 1, 2016 to ensure they are completed prior to the Spring 2017 semester. After the migration is complete, Tegrity content will no longer be available from any course site, including development courses.
Demonstrations and training sessions will be offered through the FCTE. Sign-up for a Yuja session at https://indstate.edu/oitworkshop or review all upcoming FCTE programming at http://www2.indstate.edu/fcte/upcoming_events.htm. For faculty who are unable to attend a scheduled workshop, one-on-one or small group sessions are also available by appointment; please contact Nick.Aballi@indstate.edu.
|Campus-Wide Enhanced Security Initiative Deployment
Beginning on July 13, 2016, OIT will use our centralized software distribution capabilities to make a change to the Windows environment for users on campus that currently have administrator rights on their machine. This change is required to improve our environment for data security and workstation stability. Those directly impacted by this change
and have been identified as having a machine on the ISU network that meets this criteria, were sent several communications (link to attached PDF) and will receive another notification the week of this change. The end result of this change is that users will
no longer have generalized administrator rights on their computers. Instead, when you need to make a change (update software, install drivers, etc.), the user will need to contact the Technology Support Center for assistance in making the desired change. Campus-wide
changes, such as approved upgrades to applications like Office, Adobe, etc., will continue to be pushed to your machine via the centralized software distribution, which is already the current practice. Commonly used software that is available through Software
Center will not require administrative access to install.
What do I do if I have concerns, questions, or problems regarding the launch of
- If you have questions regarding how this change will impact you, or concerns
about which of your machines are directly impacted by this change, contact the Technology Support Center (TSC) at x2910 or you may, as always, talk with your departmental IT consultant.
- If you believe this change will significantly impact your ISU-related work because
of specialized software you run that needs administrator rights, please talk with your IT consultant, who can assist you to submit an exception request with the TSC. Exception requests will be reviewed by our IT Security Team to determine approval.
|Gone Whaling - Laser-Sighted Phishing for the Bigger Phish
Cyberscams have become old hat, and everyone has acclimated to the ploys of online criminals and their attempts to steal passwords, personal information, and ultimately money. Now the Phisherman are moving into the water with a more convincing scam. Whaling, also known as Spear-Phishing, is an effort toward catching a 'bigger fish', which could be an executive, payroll employee, or someone similar in an organization who has a specific role dealing with the private sensitive data of a large amount of employees.
In 2016, more than 50 organizations have been successfully targeted by W-2 spear phishing attacks since January. The IRS has reported a 400% increase in these types of incidents specific to tax information this year. Indiana State University employees have been excellent in identifying some seemingly authentic requests thus far, but one of the best tools for preventing a Whaling incident is user awareness.
If you are asked to reveal personal or financial information of Indiana State University students, faculty, of staff via email by an Indiana State University employee or any other individual, you should not respond. Call them, confirm the legitimacy of their request, and discuss a secure method of transmitting this type of data. Also, never hesitate to contact your OIT area consultant, or forward the email message to firstname.lastname@example.org, where OIT personnel can review the authenticity of the email and act accordingly.
Do not just click on links in emails, but instead copy them into your web browser to verify their validity. This includes Indiana State University OIT links in emails too!
No Indiana State University employee will ever ask for a username and password in email or over the phone.
If you think your username and password have been compromised, call the ISU OIT Help Desk at 812-237-2910.
Click here to read the full article.