Information Technology Updates
On June 18th Information Technology will replace the security certificate used to secure connections to Eduroam WiFi on campus. All UNI-owned and managed devices will be automatically reconfigured for the new connection and nothing will be required. However, personally owned laptops, tablets, and smart phones will potentially be asked to accept a new security certificate the first time they connect to Eduroam WiFi on June 17th. These prompts could look something like the screen captures below.
If you have questions or trouble connecting to Eduroaom WiFi on campus, please visit this IT support article. You can also contact your IT support by submitting a "Get IT Help" request from the Service Hub Portal.
Mobile devices, such as tablets, smartphones, and smartwatches, have become one of the primary technologies we use in both our personal and professional lives. What makes these devices so powerful are the thousands of apps we can choose from. These apps enable us to be more productive, communicate and share with others, train and educate, or just have more fun. Here are steps you can take to securely use and make the most of today’s mobile apps. Read them at https://www.sans.org/newsletters/ouch/securely-using-mobile-apps/
Vishing is to your phone as phishing is to your email account. Vishers may use either voice or SMS (text messages) to target you. They do this because there is less protection for your phone than for your UNI email account. Read the SANS OUCH! page at https://www.sans.org/newsletters/ouch/vishing/ for details and advice.
In an announcement earlier this calendar year, Google notified their education customers that they are changing the rules regarding storage for their Google Workspace for Education product line to no longer include unlimited storage space. Although Google has traditionally offered unlimited storage for free to its education customers, this model has become unsustainable with the rapid acceleration in growth of stored data. In July of 2022, Google will shift from unlimited storage to a pooled storage model for Google Workspace for Education customers.
This shift in strategy by Google means that UNI will need to reduce it’s overall storage consumption across Gmail, Google Drive (both My Drive and Shared Drives), and Google Photos in the Uni.edu Google domain prior to the July 2022 deadline. Information Technology (IT) is working closely with Google to ensure we have the tools and resources necessary to help us make this transition as smooth as possible.
IT will be communicating soon with users across campus who are using significantly more storage as compared to the average in our domain to understand their needs and work with them to clean up old and unneeded files and data. IT will continue to share information and answer questions as this project progresses. In the meantime, if you’re interested in seeing how much storage you’re using with your UNI Google account, or to find out how to reduce your overall storage usage, you can review this knowledge base article.
A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said.
According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.
“The email impersonated an automated file-sharing communication from OneDrive, informing victims that they had received a file,” researchers explained in an analysis on Tuesday. “The email was sent from a Hotmail ID and was titled ‘RE: Home Loan,’ followed by a reference number and the date, making it seem like the email was part of an ongoing conversation to lend it more legitimacy.”
To read the complete article see:
The [US] Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. The attacks use tax refund payment baits and mainly focus on universities' staff and students with .edu email addresses.
- The rest of the story: https://www.bleepingcomputer.com/news/security/scammers-target-universities-in-ongoing-irs-phishing-attacks/
- IRS warning: https://www.irs.gov/newsroom/irs-warns-university-students-and-staff-of-impersonation-email-scam
- Researcher's blog: https://abnormalsecurity.com/blog/irs-impersonation/
What is Identity Theft? Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft.
Have I Been Hacked? No matter how secure you are, sooner or later you may have an accident and become "hacked". Below are clues you might have been hacked and if so, what to do. See https://www.sans.org/security-awareness-training/resources/what-do-when-hacked for more information.
To create a secure home network, you need to start by securing your Wi-Fi access point (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi-Fi to create a far more secure home network for you and your family.
- Change the admin password
- Create a network password
- Apply firmware updates
- Activate a guest network
- Use secure DNS filtering
Read the details in the SANS OUCH! newsletter at https://www.sans.org/security-awareness-training/resources/securing-wi-fi-home
On the morning of Tuesday, January 12th, Information Technology will be implementing the Duo Multi-Factor Authentication (MFA) system for UNI's Google suite of tools, known as Google Workspace (formerly G Suite for Education). After this time, you will be required to use your Duo second factor (smart phone app, call to your UNI office phone, SMS text message, etc) to authenticate to UNI's Google Workspace tools.
Some other things to keep in mind:
- This change will only affect those who are already provisioned for Duo MFA. This will include UNI employees, student employees, and any students who need to provide direct deposit information for their financial aid award.
- Currently configured smart phones, tablets, and third-party email clients like Thunderbird should not be affected until the next time you need to enter your CatID username and password (this is typically once a year when it expires and you need to create a new one).
- You should be able to utilize the “remember me” check box at the bottom of any Duo prompt to be remembered for 30 days (this is browser and device specific).
- Google Drive File Stream, an application that might be installed on your UN-owned and managed computer, requires a specific workaround at this time in order to login and be able to get through the Duo MFA prompt. See THIS document for instructions on how to do that.
If you have questions about MFA, or have trouble navigating the Duo MFA prompts, you can visit mfa.uni.edu to find self help resources or submit a ticket using Service Hub by signing in to servicehub.uni.edu.