Center for Information Technology Services posts displayed by tag

SharePoint Will Replace Vibe as Collaboration Software

Vibe, also known as UMVibe, is being replaced by SharePoint. This process began at the end of 2016, and, on May 31, 2018, Vibe will no longer be available for use. SharePoint offers enhanced team collaboration, file storage, and seamless integration with all Office 365 components.

CITS has been in contact with owners of team workspaces to discuss options for data stored in their workspaces. If you have data on Vibe (in a team workspace or a personal workspace) and have not been  contacted concerning this migration, please email etg@umaryland.edu to discuss your options.

Sarah Steinberg Bulletin Board, Collaboration, Technology, University LifeJanuary 24, 20180 comments
Read More

The Need for Multifactor Authentication

Hackers count on people being lazy with their passwords. It’s a problem with organizations of every size and type, including industry giants like Google. People who find it too much of a hassle to toss an aluminum can into the recycling bin right next to the trash bin have no problem recycling the same password across multiple accounts for years.

Reducing risk involves combining authentication processes in such a way as to ensure that only the user can get to their data.

Facebook, Google, and other services do this by having users confirm authentication from their phones every time their account is accessed from an unrecognized device. This requires hackers to have physical access to the account holder’s phone, which is unlikely. The password as a sole form of identity verification is dead, or at least on life support. Multifactor authentication (MFA) is taking over as the new normal.

What is MFA?

MFA requires additional credentials beyond username and password for gaining access to an application, site, or data. There are three basic elements that can be used in multifactor authentication:

• Something the user knows (like a password or PIN).

• Something the user possesses (like a smart card or mobile phone).

• Something the user is (as represented by, say, a fingerprint).

MFA requires the use of different elements. In other words, requiring two different passwords isn’t MFA. A common technique is a website sending an access code to the user’s phone, which the user has to enter in addition to her usual password to gain access.

Benefits of MFA

Social engineering is still a critical technique hackers use to gain access to people’s data, accounts, or financial information. Talking someone out of a password or other identifying information (like a Social Security number) is easier than talking someone out of a password and the special code sent to their phone. More people are suspicious enough to not allow that level of manipulation.

One of the biggest benefits of MFA, however, is that it allows organizations to use advanced security options like single sign-on, which is easier for end users but harder for hackers. With single sign-on, the user performs an initial MFA process. Once that’s done successfully, the end user is admitted to their single sign-on software and can gain access to all of their required apps and data without having to enter passwords or credentials each time. Taking a tiny bit of time up front every day lets end users avoid entering passwords multiple times a day.

Campus Response to MFA

The Center for Information Technology Services (CITS) has been preparing the computing environment for this new technology since last year. CITS also has been coordinating with each school and department to plan the implementation of MFA across the campus. The first phase of this rollout will cover the systems that contain our University’s most sensitive data and the users that can access that data. As each of these systems is integrated with MFA, the impacted users will be contacted individually with relevant timelines and instructions to set up and use MFA in their daily computing operations.

When will MFA be available?

CITS has implemented MFA for a number of groups within Central Administration and many of the schools that use Virtual Private Network (VPN) software. MFA also was implemented with Sunapsis when it was implemented in late 2016. From now through spring 2018, CITS will be integrating MFA with the rest of the systems that contain the University’s most sensitive data and the users that can access those data.

In parallel, CITS is working on making MFA available to all users on an opt-in basis by late 2017/early 2018.

The username-password combination is inadequate and outdated. Despite major headlines recently about data breaches (P.F. Chang, Target, eBay, etc.), organizations continue to use password security and expect it to be sufficient. The campus shift to MFA will allow us to better secure our sensitive systems and the data they contain.

Fred Smith Bulletin Board, Technology, University LifeJanuary 17, 20180 comments
Read More

Tips to Keep Your Online Holiday Shopping Safe and Secure

Shoppers gearing up for the holiday season should be aware of what they’re up against while doing their online shopping. The internet has always been an uncontrolled environment, but it becomes particularly rough during the holiday shopping season.

In preparation for the shopping frenzy, hackers have crafted specific social engineering scams, malspam, and malicious, spoofed websites in efforts to catch people who are expected to spend nearly $4 billion online this year.

It’s important to know the warning signs, so here is a guide to safe online shopping during the holiday season.

1. Go directly to a store’s website instead of using search engines to look for deals. If you find a deal using a search engine, try to verify it by searching for the exact name of the deal in quotes. If it’s a scam, it’s likely someone will have already put out a warning.

2. Don’t be fooled by pop-ups and other digital ads. Many pop-ups could contain fake coupons, redirect you to malicious sites, or expose you to cross-site scripting attacks. If a coupon seems to come out of nowhere with a too-good-to-be-true offer, don’t think twice. Just click the “x” and shut it down.

3. Watch out for social media scams, especially on Facebook. Cybercriminals are using fake or compromised Facebook accounts to post links to amazing deals that don’t actually exist. They’re especially prone to dropping links on the walls of open groups dedicated to shopping. During any given holiday period, there will be an excess of fake offers, deals, and supposed freebies. If you’re being asked to share something on Facebook to get something too good to be true, you can bet there’s probably a scam involved.

4. Delete any holiday-related emails with attachments. Emails with attachments, especially zip files, are suspect — it’s likely that they contain malware. Delete them immediately. If you get an email from a store claiming to have a deal, type the store’s URL directly into your browser instead of clicking on the link. If the site doesn’t verify the deal, you know it’s a fake.

5. Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL when you go to check out. If it’s there, that means the information passed between a store’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”

6. Do not use debit cards to shop online. Debit cards give cybercriminals direct access to your bank account, so it is safer to use credit cards or a PayPal account that’s linked to a credit card. While many banks are cracking down on fraudulent withdrawals, you’ll still have to wait for your money while they investigate the charges.

7. Avoid using public Wi-Fi to shop. If you are shopping and entering personal data, it’s safer to do it on your secure Wi-Fi connection at home or to make sure you are using a VPN on your laptop or mobile device in malls or coffee shops.

8. Watch out for malicious QR codes. QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to a phishing or malware site, printing them on stickers, and placing them on top of the legit QR codes.

9. Don’t give out extra info. If a site starts asking for out-of-the-ordinary personal data such as Social Security numbers or password security questions, close out of the site.

10. Tighten up security before you go shopping this holiday season. Make sure all the software on your computer is up-to-date, including your operating system, browser, and other apps. And if you don’t already have it, install an anti-virus program on your desktop or laptop. In addition, since mobile shopping is set to outpace desktop shopping for the first time this year, it’s a smart idea to download an anti-virus program for your phone if available.

Fred Smith Bulletin Board, Technology, University LifeDecember 4, 20170 comments
Read More

What is the Office 365 Portal and Why Use It?

If you are an employee of University of Maryland, Baltimore, you have access to Office 365. Office 365 provides all the standard Office apps (email, calendar, Word, Excel, PowerPoint, and OneDrive) in a cloud environment — which means you can access your data (email, calendar, files, etc.) from anywhere that you have a device and internet access.

But how do you access all of these items from anywhere?

That’s where the Office 365 portal comes in. When you are away from your workstation, the Office 365 portal is the tool that allows you to access email, calendar, and files saved to OneDrive for Business. The portal also offers online versions of Word, Excel, and PowerPoint, which allows for quick and easy viewing and editing of files. If you’re at a meeting across campus, at home, traveling for work — whatever the scenario — use the Office 365 portal to access your email or files.

How Do I Access the Portal?

From any web browser, to go the Microsoft Office 365 home page. You will be prompted to enter your UMB e-mail and password.

If you are off-campus, there is a new security step called Multi-Factor Authentication (MFA). MFA requires another device (smartphone or landline) to authenticate that you are who you say you are by sending what is called a “Push” or a pass code. Once this step is completed, you will be taken to your Office 365 portal home page.

For detailed information on MFA, including on how to enroll, visit the Center for Information Technology Services MFA web page.

For more information on Office 365, visit the CITS Office 365 web page.

Sarah Steinberg Technology, University LifeNovember 30, 20170 comments
Read More
Info-Security-900x900

Online Security Awareness: Watch Out for Phishing Attempts

Phishing is a method of obtaining sensitive information, such as usernames and passwords, Social Security numbers, and banking information, for malicious reasons by disguising an electronic communication as coming from a trustworthy person or organization. The malicious person “fishes” for a victim to perform an action by “baiting” the victim with what appears like a legitimate and trustworthy email or instant message. The victim often is directed to enter their information into a fake website that looks identical to a legitimate one. Communications purporting to be from social media websites, auction sites, banks, online payment processors, or information technology administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

The best way to protect yourself, your family, and the University is to make sure everyone is aware of what phishing attempts look like. Generally, phishing attempts implement social engineering and fear tactics  to get you to become a victim. Also, if the offer seems too good to be true, it probably is. You always should thoroughly examine any email asking for confidential information, especially of a financial nature. Many phishing scams have obvious signs of fraud such as poor spelling or grammar. And, lastly, if you are unsure about a message, try calling the sender or visiting its website without clicking on links or attachments in the message by searching for it online or typing its website directly into your browser. Never reply to the phishing attempt, as you would be confirming to the criminal that your email address is valid and you are reading your messages.

If you think an email or instant message on your work computer is a phishing attempt, you should notify Campus Security and Compliance at security-compliance@umaryland.edu and/or your school/departmental IT staff. You may not be the only one to receive the phishing attempt, and sharing with others may stop them from falling victim. Also, you can forward suspected spam emails to DL-CITSReportSpam@umaryland.edu.

If you have become a victim and disclosed your username or password, immediately contact Campus Security and Compliance at security-compliance@umaryland.edu so that we can disable your account to prevent unauthorized account access. Acting quickly could stop the criminals before they have a chance to hijack your account.

Fred Smith Technology, University LifeOctober 19, 20170 comments
Read More

Multi-Factor Authentication Coming for Office 365

Multi-factor authentication (MFA) is being rolled out for Office 365 this fall as a means to provide extra cyber security and guard against phishing attacks.

At UMB, we will be transitioning to an approach that allows you to use a mobile device in addition to your UMID and password to achieve a significantly higher level of security and almost entirely negate the risk associated with phishing and similar attacks.

In the coming weeks, the Center for Information Technology (CITS) will hold a series of demonstrations on how to register your MFA device and how to sign on to and interact with Office 365.

Go to the CITS web page on MFA for a regularly updated schedule of these demonstrations and more information about multi-factor authentication.

Joe Dincau TechnologySeptember 18, 20170 comments
Read More

Want to learn about Office 365 but are short on time?

If you have been unable to attend one of the instructor led Introduction to Office 365 classes but are eager to learn more about Office 365, OneDrive and Skype, you’re in luck! Three short videos have been created that cover the three primary Introduction to Office 365 topics.

The videos cover:

  • Introduction to Office 365 and OneDrive
  • Introduction to the Office 365 Portal
  • Introduction to Skype

These introductory videos are located on the MicroSoft Office 365 site and run approximately seven to nine minutes each. As Office 365 and OneDrive are the future of UMB, we encourage you to either attend a live training session or view these videos to learn more about these great tools!

Sarah Steinberg Collaboration, Education, TechnologyAugust 15, 20170 comments
Read More

SharePoint – What It Is and Why You Want to Use It

SharePoint Online is now here at the University of Maryland, Baltimore. Not sure what it is? Keep reading!

What Is It?

SharePoint is another tool in the Office 365 tool kit that continues to provide flexibility and facilitate collaboration. It enables departments, schools, and project members to securely share and collaborate with other faculty, staff, and students. With SharePoint, you can create collaborative websites that can be used to share files, assign tasks, start blogs, calendars, manage workflows, etc. from anywhere — at the office, at home, or from a mobile device. As with OneDrive, SharePoint is also HIPAA and FERPA compliant and University approved.

What Are the Benefits?

There are many great benefits. SharePoint can help improve communications, collaboration, reduce paperwork and manual processes, and safely store and share information within your department, school, and project. Specific benefits include:

  • Accessibility and flexibility: SharePoint Online is a cloud-based service so it is easily accessible to all UMB users both on and off campus by using a browser and logging into Office 365 or from your mobile device by using an app.
  • Microsoft programs: It is closely integrated with many other Microsoft programs that you use and are familiar with such as Word, Excel, PowerPoint, and Outlook as well as many new programs that will help create and automate business processes and tasks you do regularly.
  • Collaboration: It is a great tool to improve collaboration by sharing documents, creating and assigning tasks, using lists to track requests/information, sharing calendars and timelines, discussing topics, using a discussion board or newsfeeds, creating alerts and notifications, and much more.
  • Security: Content within SharePoint is securely stored using a Microsoft managed cloud environment. It is HIPAA and FERPA compliant. Security and permissions can be set at a site, folder, document, and item level.

Why Should I Use SharePoint?

A prime use for SharePoint is file sharing for teams and departments. But it’s more than that –

  • In addition to file storage, SharePoint offers context. It automatically provides version history for every Microsoft file so that you know what was changed, when, and by whom. Using the version history, you have the ability to revert to an older version. There is also the ability to set alerts for specific documents or folders. Anytime a change is made, you can be alerted.
  • New tools – newsfeed, discussion boards, calendars, lists, tasks, etc. – they allow for the team to share and access information and communication whenever and however they want, and ensure that everyone sees the same information.

In essence, every team and department can use their SharePoint site as an intranet – a one-stop shop to share information, calendars, and files. Especially for department/teams who may not all be in one physical location – by using SharePoint, everyone has access real-time to all the same information. It’s NOT just file storage! It’s information storage.

SharePoint enables you to gain so much flexibility and accessibility. To help you, the Enterprise Training Group provides both training opportunities and resources. Please visit the Office 365 website for information.

Sarah Steinberg Collaboration, TechnologyAugust 9, 20171 comment
Read More
OneDrive

What is OneDrive?

OneDrive is our new, secure, and universally accessible storage location for all your work files. OneDrive utilizes both encryption and data loss prevention techniques to protect all data. As such, the University has approved OneDrive to store all data including those with FISMA, HIPAA, or FERPA requirements.

However, OneDrive offers a lot more than just file storage! It’s an integral part of Office 365 and by using OneDrive, you can:

• Access your files securely from anywhere
• Share files with others
• Work on Office documents with others at the same time

OneDrive offers you – FLEXIBILITY!

Once your files are in the OneDrive, you can access them from any computer or mobile device that has internet access. If you’re at a meeting across campus, at home, traveling for work – whatever the scenario – you access your files by using either the Office 365 portal or the mobile app.

OneDrive provides strong data protection so you can be sure that your files are safe and secure no matter where you’re accessing them from.

If you need a colleague to review a file, by using the “Share” feature, they can view and update the file that is in your OneDrive – their changes will automatically appear in your file. No need to email a file back and forth.

You can also be in the same file as your colleague and both make real-time updates!

By using OneDrive to securely store your files, you gain so much flexibility and accessibility! To help you, the Enterprise Training Group provides both training opportunities and resources. Please visit the Office 365 website for information: www.umaryland.edu/office365.

Sarah Steinberg Collaboration, TechnologyJuly 21, 20171 comment
Read More
Quantum Financials

The Voters Have Spoken!

We have a winner! UMB’s new financial system will be known as Quantum Financials. The name was submitted by Chiradeep Mukherjee, enterprise wide application specialist in administration  and finance.

Chiradeep’s entry also included a tag line, which inspired the contest team to create one for the new name as well: Quantum Financials | A leap forward. Transforming systems. Empowering people!

Dawn Rhodes, CFBO and VP, commented that she likes the image of “leaping forward” with the new system. She continued, “Enhancing and improving UMB’s financial tools and reporting capabilities is one of the primary goals of this project. While development details and tactical project plans are still being finalized, one thing is certain. Many of you will be asked to become involved in the project as we further define, configure, test and deliver Quantum Financials.”

Thanks again to the hundreds of you who participated by submitting an entry and by voting for your favorite. We’ll keep you posted here and other places as we announce more ways to stay involved with this initiative.

Robin Reid Contests, TechnologyJuly 20, 20170 comments
Read More

What is Skype?

Skype is an online meeting space that allows for tele/video conferencing, along with screen sharing and instant messaging (IM). Messaging, meetings, and screen sharing all in one app that works with Office. What exactly does this mean?

  • Tele/video conferencing – a basic “Skype call” allows you to have a meeting online. When using a headset, you’ll be hands free and there is no need for speaker phone. The audio is very clear and if you want to use video too- you can!
  • Screen sharing – while in a Skype call, a great feature is the ability to screen share. This can be to share information with everyone in the meeting (perhaps the meeting agenda, or a file containing important data that everyone should see), or it can be to troubleshoot computer problems.
  • Instant Messaging (IM) – allows you to send a quick message to other UMB employees. It’s quicker than e-mail or making a phone call and a Skype pop-up box appears on the recipients computer screen so that they can’t miss it.

We encourage you to access and start using Skype! It can make communicating with your fellow co-workers a lot easier and quicker. To help you, the Enterprise Training Group provides both training opportunities and resources. For more information, please visit the Office 365 website.

Sarah Steinberg Collaboration, TechnologyJuly 6, 20170 comments
Read More
One Drive

What is OneDrive?

At it’s very simplest, OneDrive is our new, secure, and universally accessible storage location for all your work files.

However, OneDrive offers a lot more than just file storage! It’s an integral part of Office 365 and by using OneDrive, it also allows for:

  • Accessing your files from anywhere
  • Sharing files with others
  • Work on Office documents with others at the same time
  • In a word – FLEXIBILITY!

Once your files are in the OneDrive, you can access them from any computer or mobile device that has internet access. If you’re at a meeting across campus, at home, traveling for work – whatever the scenario – if you need to access your files, you can use either the Office 365 portal or the mobile app.

If you need a colleague to review a file, by using the “Share” feature, they can view and update the file in your OneDrive – their changes will automatically appear in the file. No need to email a file back and forth!

You also can be in the same file as your colleague and both make real time updates.

By using OneDrive to store your files, you gain so much flexibility and accessibility. To help you, the Enterprise Training Group provides both training opportunities and resources. Please visit the Office 365 website for information.

Sarah Steinberg Bulletin Board, Collaboration, Education, People, Technology, University AdministrationJune 28, 20170 comments
Read More
Multifactor Authentication

Multifactor Authentication Is Coming

UMB’s computing environment requires a high level of security to ensure the privacy, integrity, and confidentiality of the data that reside in its systems.

The UMID and Password

During the last 10 years, the UMID and password have developed and served as a common credential to gain access to systems and services at the University. This authentication strategy has greatly improved the computing services user experience. However, with the growth of cyber threats and attacks, and the attempts to convince individuals to reveal their credential, known as phishing, the computing industry recognized the need to develop a technology to address this problem.

Multifactor Authentication (MFA)

An approach was devised to leverage multiple verification methods and to no longer rely only on a single credential. The combined strength of these multiple factors of authentication create a confidence or level of assurance that the person accessing the system is the appropriate individual.

At UMB, we will be transitioning to a MFA approach that allows users to use a mobile device in addition to their UMID and password to achieve a significantly higher level of security and almost entirely negate the risk associated with phishing and similar attacks.

Implementation

The Center for Information Technology Services (CITS) has been preparing the computing environment for the implementation of this new technology since last year. CITS also has been coordinating with each school and department to plan the implementation of MFA across the campus.

The first phase of this roll-out will cover the systems that contain the University’s most sensitive data and the users that can access those data. As each of these systems are integrated with MFA, the impacted users will be contacted individually with relevant timelines and instructions for how to set up and use MFA in their daily computing operations.

For more information on this project, check out the CITS site.

Joe Dincau Collaboration, Education, People, Technology, UMB News, University AdministrationJune 21, 20170 comments
Read More

UMB Not Affected by Worldwide Ransomware Attacks

The University of Maryland, Baltimore (UMB) was not affected by the recent widespread global ransomware attack, called WannaCry.

The attack spread to more than 150 countries and affected approximately 300,000 unpatched computers running Microsoft Windows operating systems. For those affected, the attack locked people out of their computers and demanded ransom payments in order to regain access to the files.

We are members of the Research and Education Network-Information Sharing and Analysis Center (REN-ISAC), based at Indiana University, where security threats are shared among universities in real-time. Our first verified communication of this threat came from the REN-ISAC hours before it was known and reported by the news media.

We quickly took action to check the several layers of protection that are in place for the UMB campus. First, the network port (445) that WannaCry was using to get access to any vulnerable Windows machine was blocked. We blocked this network port many years ago because of its vulnerability to these types of attacks.

UMB has a sophisticated Intrusion Prevention System (IPS) that automatically blocks malicious attacks on our network. Potential threats are eliminated immediately while at the same time, we have IT security personnel monitoring real-time reports of IPS data. We were able to use information from the REN-ISAC, as well as our monitoring software, to determine that the WannaCry attack was not hitting our IPS.

We have a network monitoring system, called our Nessus Security Center, which allows us to scan the UMB network for any vulnerable server or computer. We run scans monthly, and more often when there is a report of threat activity. We apply security patches to servers and computers on a regular basis, and if there is a security patch released by a vendor to address a critical vulnerability, that patch gets applied immediately.

IT security Information is shared on a daily basis with IT professionals across the UMB campus. The IT Security Collaborative working group, comprised of individuals in UMB schools and departments, FPI, UMMS, and CITS, meets on a monthly basis. These monthly IT security meetings focus on information sharing as well as a discussion of activities and solutions for keeping our systems and data secure.

While this attack was a non-issue for UMB, and a relatively low level threat compared to other attacks that we experience on a regular basis, it is another reminder of the value and importance of having a strong IT security plan and program, the need to continue to support IT security as a priority activity, the need to continue to make appropriate investments in security technologies, and the need to continue to remind and educate the campus community that information security is everyone’s responsibility.

If you have any questions about the WannaCry attack or about UMB IT security, please contact the IT Security and Compliance team: security-compliance@umaryland.edu.

Fred Smith Technology, UMB NewsMay 25, 20170 comments
Read More
Employee of the Month

‘Extraordinary Customer Service’ Earns Jiang May Employee of the Month

Zhewei Jiang, an IT enterprise developer for the Center for Information Technology Services (CITS), made her way up to President’s Office on the afternoon of May 11 expecting to attend a meeting about document management systems. She was joined by Peter J. Murray, PhD, chief information officer and vice president of information technology, and Michael Smith, executive director of administrative apps, for the “meeting.”

When UMB President Jay A. Perman, MD, walked through the conference room doors and introduced himself to Jiang, she was visibly surprised. She politely said it was a pleasure to meet him, to which Perman responded: “It’s more of a pleasure to meet you.” Perman then announced the real reason for the “meeting”: Jiang had been named UMB’s May Employee of the Month.

He detailed positive comments given by other UMB employees about Jiang’s work. That with the help of her supervisor, Jiang has implemented and supported the campus-based ImageNow document management system, which stores over 8 million images. It allows the entire University to digitally scan, route, store, and access important documents while streamlining workflows, enhancing the operational efficiency of multiple schools and departments.

“In addition, your customer service skills are appreciated by your many admirers,” Perman said. “You go out of your way to be helpful, and that is important to me.”

Perman’s positive comments were echoed by others in the nomination form by Jiang’s supervisor, Douglas Bowser, director of enterprise applications.

Jamaica Cosby, assistant director of Human Resource Services (HRS), said, “I cannot thank your team enough for the extraordinary customer service that you have delivered by explaining every step of this process and introducing me to concepts and capabilities that I did not know even existed.” Before ImageNow was implemented, HRS was required to enter every performance evaluation form into a central database manually.

The School of Nursing (SON) also expressed its thanks. “Because of Zhewei, SON has been able to reduce processing time and staff workloads while simultaneously creating an opportunity for SON to provide updates and personalize messages to students and end users,” said Marchelle Payne-Gassaway, MS, director of admissions.

Despite the challenges that ImageNow and other University systems can present, Jiang — who has worked at CITS for five years — enjoys her job. “I’m always working with different schools and different people,” she said. “You’re always learning something new.”

Jiang received a plaque, as well as a $250 addition to her next paycheck as a reward for being Employee of the Month. “This is a great honor. I truly appreciate it,” said Jiang.

Once nearly everyone had left the room, her colleague Smith offered a final salute. “She deserves this. She is very timely and has great customer service skills,” he said.

Jiang was modest in her response. “It’s not just me. I have a great team. Whenever I need support, I can always talk to my team about what I need, and they always respond. We all work together,” she said.

Jacquelyn White People, UMB News, University Administration, University LifeMay 16, 20170 comments
Read More