September 27, 2021

Upcoming Zoom Change

We hope your academic year is off to a good start. To keep it going smoothly, we would like to let you know of an upcoming change from Zoom.

Beginning November 1, 2021, Zoom will require users to have a version of the Zoom app that is no more than nine months behind the current version at any given time. Zoom releases frequent updates to its applications to resolve issues, improve security, and add functionality. Beginning November 1, 2021, if you are not using a sufficiently recent version of the Zoom app, you will be prompted to update the app before you will be allowed to connect to any meetings.

We suggest that you be proactive and update the Zoom app on your devices prior to the November 1 date set by Zoom. To download the latest version of the Zoom app, visit https://zoom.us/download. From within the Windows or Mac desktop app, you can check for updates using the instructions provided by Digital Learning Support at https://learn.umw.edu/guides/updating-your-zoom-client/. On your tablet or smart phone, check your app store for updates.

If you have a University-owned device, you may need assistance (administrator credentials) from the Help Desk to update the Zoom app. We urge you to try updating your Zoom app as soon as possible so you have time to seek assistance from the Help Desk if necessary. We don’t want you unable to attend a Zoom meeting because your Zoom app is outdated when the requirement is enforced and all of our technicians are assisting others with updating their Zoom apps.

We also suggest that you maintain a habit of checking for updates to the Zoom app on a somewhat regular basis. This will help ensure that you are not prevented from joining meetings in the future. We recommend checking for updates at least once a month to make sure your Zoom app has the latest security updates and feature enhancements.

If you need assistance updating the Zoom app or if you have any questions, please contact the Help Desk (https://technology.umw.edu/helpdesk/).

Edward Gray
Systems Integration and Support Specialist
Information Technology Support Services
University of Mary Washington
Hurley Convergence Center, Room 112
1301 College Ave
Fredericksburg, VA 22401
Help Desk Phone: 540-654-2255

2021 – Annual Security Awareness Training

The following is a message from Information Technology. 

All,

The Commonwealth of Virginia Security Standard SEC501-11.3 requires all agencies to establish and manage a cybersecurity training program and that all employees, contractors, and account owners complete security training annually. It is time again for UMW’s annual security awareness training.

This year the training will be delivered using a new training platform called Litmos. The training content will be the same as last year but presented through the Litmos service.

You will soon receive an email notification(s) from Litmos regarding your required UMW Annual Cybersecurity training.

NOTE: Some people are required to take additional training courses, depending on the data handled and processed in their department. If this is true for your department, you will see multiple course(s) to complete in the training dashboard.

You can use your UMW NetID and password to log into the training system, and the training should take about an hour to complete. It is not necessary to complete all the training modules at one time. You can save your progress and continue later.

You must complete your training by Sunday, March 28, 2021. If you do not complete the training on time, your UMW NetID account will be disabled.

If your account is disabled, you will have to contact the IT Help Desk during regular business hours to request your account to be re-enabled. You will then have up to a week to complete your training. If you do not complete your training within the allotted time, your account will be disabled again. This process will repeat until you have completed your training.

If you have technical questions or problems when taking the training, contact the IT Help Desk at helpdesk@umw.edu or call at 540-654-2255.

If you have questions about the cybersecurity training policy or process, you can contact me directly.

Thank you.

Mike Townes
Director of Information Technology Security/ISO
University of Mary Washington
(540)-654-2152
mtownes@umw.edu

Zoom Security Recommendations

The following message is from the Office of Information Technologies.

Tips for Securing Zoom and IT  

In recent days, there has been a surge in the news regarding Zoom privacy and security. To maximize the security of all users and minimize the possibility for disruption, Zoom recently enabled some additional precautions to help prevent unwanted participants from joining meetings.

With more people using Zoom than ever before, the video-conferencing platform has become a target for unwanted attendees to try to interrupt meetings in a number of disruptive capacities. This gatecrashing, or “Zoom-bombing,” has been reported nationally, and has occurred at many other universities.

To prevent this and other privacy and security issues, please follow these recommendations and safety tips when using Zoom (whether a free, shared, or UMW-owned account):

  1. Avoid sharing your meeting link publicly (on social media or a public website). Share the link in a closed environment like Canvas or direct email.
  2. Change your screen sharing settings to “Host-Only.” Note: If you are using a UMW-owned Zoom account, we have edited the settings to make this the default. You will need to change the settings during your meeting if you want to allow other participants to share their screen.
  3. Consider turning on the Waiting Room feature. This will require the host to approve every participant before entry into the meeting. Keep in mind that if a participant is disconnected, you will need to re-approve them for entry, so this option requires keeping an eye on your Zoom notifications during the meeting.
  4. Alternatively, consider locking your meeting (via the “Manage Participants” button in your Zoom tool tray) once all attendees are present. Keep in mind that if a participant loses connection, they will not be able to reenter unless you unlock the meeting.
  5. Keep the camera on your computer covered, and the microphone turned off when not in use.
  6. Don’t use the same password for your Zoom account that you use for other systems.
  7. Zoom has recently released patches to address newly discovered security issues so please update your client as soon as possible. You can use the “Check for updates” feature in your Zoom client.
    1.     Sign in to Zoom desktop client.
    2.     Click your profile picture, then click “Check for Updates” If there is a newer version, Zoom will download and install it.
  1. For more information, we recommend these two articles:

From the Zoom blog: Best Practices for Securing Your Virtual Classroom
From the Electronic Frontier Foundation:  Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls

 

COVID-19 Phishing Awareness Alert

To the campus community:

As we continue to address the rapidly evolving COVID-19 situation, the Information Security Office is alerting the UMW community to beware of phishing campaigns that exploit COVID-19 concerns. Scammers often take advantage of health scares to distribute phishing scams. The COVID-19 pandemic continues to spawn dozens of such campaigns, scaring recipients into clicking on malicious links or attachments in emails, text messages, or social media posts.

Don’t let the pandemic lower your guard. Phishing emails will still persist, even if the theme changes. Be on the lookout for the following:

  • Fabricated notices from health organizations (e.g., the CDC or local/state health departments)
  • Fake updates from an employer about policies or procedures to address the risk
  • Phony websites containing maps and dashboards
  • Information about protecting yourself, your children or your community that contain malicious links or attachments
  • Charitable appeals to help victims of the virus, which generally are not legitimate
  • Fake links to Zoom meetings

If an offer seems too good to be true or an email seems suspicious, feel free to forward the email to abuse@umw.edu.  IT Security will take a look at it for you.

Be safe.

Mike Townes
Director of Information Technology Security/ISO
University of Mary Washington
(540)-654-2152
mtownes@umw.edu

Celebrate the Retirement of John Symonds (a.k.a. Santa Claus), Dec. 13

John Symonds

John Symonds has been playing Santa Claus across the Fredericksburg region and beyond since 1981.

After 19 years at the University of Mary Washington, John Symonds is retiring. Plan to attend a reception for John tomorrow (December 13) at 1 p.m. in the Lee Hall Underground.

In his role as applications database administrator in the Department of Information Technologies, John was a key member of the project team that implemented Banner; over  the years, he has helped countless people achieve their Banner goals and solve their Banner problems. And of course, John will be fondly remembered for playing Santa Claus at many UMW holiday events.

Please join us in thanking John for his years of service and in wishing him well in retirement.

Virginia Ashley Retirement Celebration

After 30+ years at the University of Mary Washington, Virginia Ashley is retiring. Virginia has been a key member of the Information Technology Department for many years and an amazing colleague, adviser, and friend to all who have had the pleasure of working with her.

Please join us at a reception for Virginia, to thank her for her years of service, and wish her well in retirement.

The reception will be held Tuesday, September 24th at 2 p.m. in the Hurley Center Digital Auditorium.

Hall Cheshire: Network News

Hall Cheshire, chief information officer. Photo by Norm Shafer.

Hall Cheshire, chief information officer. Photo by Norm Shafer.

When Hall Cheshire graduated from high school in the 1970s, he set his sights on becoming a jazz guitarist. Though he still dabbles in music today, back then he received some sage advice from his father that made him realize his talents lay in other areas.

“He said, ‘This computer thing seems to be catching on, so maybe you should get into that,’” said Cheshire, who now has over three decades of experience in IT. A desire to work for an organization with a mission he believes in led Cheshire to become the chief information officer for the University of Mary Washington, where he manages not only technology, but also the projects, people and budgets that come with it.

One of his team’s biggest assignments to date – affecting all areas of the University – is migrating faculty and staff emails and SharePoint sites to Office 365. It’s an enormous undertaking, but Cheshire said that most UMW departments have already successfully adopted the new system, and he expects the project to be completed by the end of the year.

“I’m fortunate to work with very smart and talented people in the IT department,” said Cheshire. “My team did a lot of research and testing to prepare for the project. Thanks to their efforts, everything is going smoothly.”

 

Q: There are lots of bells and whistles with the new system. What’s your favorite?
A: Of all of the applications in the Office 365 ecosystem, I use Planner the most. It’s a basic project management tool that is great for organizing, assigning and managing tasks.

Q: People get possessive about their email and are often resistant to change. What kinds of reactions did you encounter during the migration?
A: Most people just want to know they won’t lose access to their email. We’ve migrated hundreds of email accounts over the past year, and the majority have gone off without a hitch.

Q: What’s the most rewarding part of your profession?
A: Solving problems and adding value. Information technology is an important part of most processes at UMW, and it’s great to be able to contribute to the University’s mission.

Q: What’s the most challenging?
A: Someone once told me that any problem can be solved with enough time, money and people. Unfortunately, I rarely have enough of any of those. It’s a constant challenge to do what needs to be done with limited resources.

Q: What would people be surprised to learn about you?
A: When I was in my 20s, I earned a black belt in a Korean martial art called Hapkido. I haven’t practiced it in decades, but it was a great experience.

Q: What’s your favorite thing in your office?
A: Years ago, I took a watercolor painting class. The only picture I painted that was not a complete disaster is on my desk. It’s a reminder to me that I can occasionally be creative.

 

UMW Opens Digital Auditorium

The University of Mary Washington will mark the opening of its digital auditorium in the Information Technology Convergence Center (ITCC) with a day of presentations, performances and film screenings on Saturday, March 14.   The digital auditorium in the Information Technology Convergence Center. The full day of events will feature an address by UMW President Richard V. Hurley, a complimentary breakfast, film screening and a variety of musical and theatrical performances including:
  • Fall Line Bluegrass Band, 1:15 p.m.
  • BellACapella, 2 p.m.
  • Alter Egos Step Team, 3 p.m.
  • One Note Stand, 4 p.m.
  • Undeniably Adjacent Improv, 5 p.m.
  • Eagle Bhangra, 6 p.m.
  • Save the Arcadian, 10 p.m.
Events begin at 10 a.m. and conclude at midnight. All food and events are free and open to the public. The Digital Auditorium is a two-story space for up to 130 guests used for entertainment, classes, lectures, training and performances. The auditorium includes three screens and a full, theater-style lighting system. The space can also be combined with an adjacent lobby and the Convergence Garden to host distinctive events. For more information about the event, contact Cartland Berge, ITCC building and digital auditorium manager, at reberge@umw.edu or (540) 654-5991.

Heightened Awareness for Phishing Attempts/Spam

On March 31st Epsilon, a company that provides commercial email services, sent notice to their customers that they had experienced a data breach. Their customer list includes over 2500 clients including TIAA CREF, US Bank, JPMorgan Chase, Citibank, American Express and Capital One. The data that was lost includes a list of each organizations client email addresses and their full names.  A full list of companies affected is available here: http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands

As a result, a notable increase of SPAM and phishing email has permeated the Internet. The resulting phishing attempts will be more difficult to spot as they will target only customers of their respective institutions and will be able to personalize the messages.  This is known as spear-phishing.

We want to remind everyone that you should never provide any password or account information to anyone via email. Users should be especially vigilant in the next few weeks. All email should be considered suspect. Users should avoid clicking links within email, instead opening your browser of choice and hand typing the company’s address.

The university blocks thousands of SPAM messages every hour, but due the sheer volume and quality of this round of phishing messages, some may make it through our system.  Additionally other personal mail providers will likely experience similar spikes in unwanted email. We want to ensure that the UMW community is aware of the dangers and repercussions of this recent incident.

There are several steps that you should take to protect your account if you receive a phishing email:

  • Immediately delete any message that you get asking for your credentials or any other personal information.  Do NOT respond to these messages!
  • If you replied to a phishing message or believe that your account has been compromised, change your password immediately.
  • If you need assistance in accessing your account, and / or in correcting a problem with your account, please contact the IT Help Desk at helpdesk@umw.edu or at 540-654-2255.