August 3, 2020

Zoom Security Recommendations

The following message is from the Office of Information Technologies.

Tips for Securing Zoom and IT  

In recent days, there has been a surge in the news regarding Zoom privacy and security. To maximize the security of all users and minimize the possibility for disruption, Zoom recently enabled some additional precautions to help prevent unwanted participants from joining meetings.

With more people using Zoom than ever before, the video-conferencing platform has become a target for unwanted attendees to try to interrupt meetings in a number of disruptive capacities. This gatecrashing, or “Zoom-bombing,” has been reported nationally, and has occurred at many other universities.

To prevent this and other privacy and security issues, please follow these recommendations and safety tips when using Zoom (whether a free, shared, or UMW-owned account):

  1. Avoid sharing your meeting link publicly (on social media or a public website). Share the link in a closed environment like Canvas or direct email.
  2. Change your screen sharing settings to “Host-Only.” Note: If you are using a UMW-owned Zoom account, we have edited the settings to make this the default. You will need to change the settings during your meeting if you want to allow other participants to share their screen.
  3. Consider turning on the Waiting Room feature. This will require the host to approve every participant before entry into the meeting. Keep in mind that if a participant is disconnected, you will need to re-approve them for entry, so this option requires keeping an eye on your Zoom notifications during the meeting.
  4. Alternatively, consider locking your meeting (via the “Manage Participants” button in your Zoom tool tray) once all attendees are present. Keep in mind that if a participant loses connection, they will not be able to reenter unless you unlock the meeting.
  5. Keep the camera on your computer covered, and the microphone turned off when not in use.
  6. Don’t use the same password for your Zoom account that you use for other systems.
  7. Zoom has recently released patches to address newly discovered security issues so please update your client as soon as possible. You can use the “Check for updates” feature in your Zoom client.
    1.     Sign in to Zoom desktop client.
    2.     Click your profile picture, then click “Check for Updates” If there is a newer version, Zoom will download and install it.
  1. For more information, we recommend these two articles:

From the Zoom blog: Best Practices for Securing Your Virtual Classroom
From the Electronic Frontier Foundation:  Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls

 

COVID-19 Phishing Awareness Alert

To the campus community:

As we continue to address the rapidly evolving COVID-19 situation, the Information Security Office is alerting the UMW community to beware of phishing campaigns that exploit COVID-19 concerns. Scammers often take advantage of health scares to distribute phishing scams. The COVID-19 pandemic continues to spawn dozens of such campaigns, scaring recipients into clicking on malicious links or attachments in emails, text messages, or social media posts.

Don’t let the pandemic lower your guard. Phishing emails will still persist, even if the theme changes. Be on the lookout for the following:

  • Fabricated notices from health organizations (e.g., the CDC or local/state health departments)
  • Fake updates from an employer about policies or procedures to address the risk
  • Phony websites containing maps and dashboards
  • Information about protecting yourself, your children or your community that contain malicious links or attachments
  • Charitable appeals to help victims of the virus, which generally are not legitimate
  • Fake links to Zoom meetings

If an offer seems too good to be true or an email seems suspicious, feel free to forward the email to abuse@umw.edu.  IT Security will take a look at it for you.

Be safe.

Mike Townes
Director of Information Technology Security/ISO
University of Mary Washington
(540)-654-2152
mtownes@umw.edu

Celebrate the Retirement of John Symonds (a.k.a. Santa Claus), Dec. 13

John Symonds

John Symonds has been playing Santa Claus across the Fredericksburg region and beyond since 1981.

After 19 years at the University of Mary Washington, John Symonds is retiring. Plan to attend a reception for John tomorrow (December 13) at 1 p.m. in the Lee Hall Underground.

In his role as applications database administrator in the Department of Information Technologies, John was a key member of the project team that implemented Banner; over  the years, he has helped countless people achieve their Banner goals and solve their Banner problems. And of course, John will be fondly remembered for playing Santa Claus at many UMW holiday events.

Please join us in thanking John for his years of service and in wishing him well in retirement.

Virginia Ashley Retirement Celebration

After 30+ years at the University of Mary Washington, Virginia Ashley is retiring. Virginia has been a key member of the Information Technology Department for many years and an amazing colleague, adviser, and friend to all who have had the pleasure of working with her.

Please join us at a reception for Virginia, to thank her for her years of service, and wish her well in retirement.

The reception will be held Tuesday, September 24th at 2 p.m. in the Hurley Center Digital Auditorium.

Hall Cheshire: Network News

Hall Cheshire, chief information officer. Photo by Norm Shafer.

Hall Cheshire, chief information officer. Photo by Norm Shafer.

When Hall Cheshire graduated from high school in the 1970s, he set his sights on becoming a jazz guitarist. Though he still dabbles in music today, back then he received some sage advice from his father that made him realize his talents lay in other areas.

“He said, ‘This computer thing seems to be catching on, so maybe you should get into that,’” said Cheshire, who now has over three decades of experience in IT. A desire to work for an organization with a mission he believes in led Cheshire to become the chief information officer for the University of Mary Washington, where he manages not only technology, but also the projects, people and budgets that come with it.

One of his team’s biggest assignments to date – affecting all areas of the University – is migrating faculty and staff emails and SharePoint sites to Office 365. It’s an enormous undertaking, but Cheshire said that most UMW departments have already successfully adopted the new system, and he expects the project to be completed by the end of the year.

“I’m fortunate to work with very smart and talented people in the IT department,” said Cheshire. “My team did a lot of research and testing to prepare for the project. Thanks to their efforts, everything is going smoothly.”

 

Q: There are lots of bells and whistles with the new system. What’s your favorite?
A: Of all of the applications in the Office 365 ecosystem, I use Planner the most. It’s a basic project management tool that is great for organizing, assigning and managing tasks.

Q: People get possessive about their email and are often resistant to change. What kinds of reactions did you encounter during the migration?
A: Most people just want to know they won’t lose access to their email. We’ve migrated hundreds of email accounts over the past year, and the majority have gone off without a hitch.

Q: What’s the most rewarding part of your profession?
A: Solving problems and adding value. Information technology is an important part of most processes at UMW, and it’s great to be able to contribute to the University’s mission.

Q: What’s the most challenging?
A: Someone once told me that any problem can be solved with enough time, money and people. Unfortunately, I rarely have enough of any of those. It’s a constant challenge to do what needs to be done with limited resources.

Q: What would people be surprised to learn about you?
A: When I was in my 20s, I earned a black belt in a Korean martial art called Hapkido. I haven’t practiced it in decades, but it was a great experience.

Q: What’s your favorite thing in your office?
A: Years ago, I took a watercolor painting class. The only picture I painted that was not a complete disaster is on my desk. It’s a reminder to me that I can occasionally be creative.

 

UMW Opens Digital Auditorium

The University of Mary Washington will mark the opening of its digital auditorium in the Information Technology Convergence Center (ITCC) with a day of presentations, performances and film screenings on Saturday, March 14.   The digital auditorium in the Information Technology Convergence Center. The full day of events will feature an address by UMW President Richard V. Hurley, a complimentary breakfast, film screening and a variety of musical and theatrical performances including:
  • Fall Line Bluegrass Band, 1:15 p.m.
  • BellACapella, 2 p.m.
  • Alter Egos Step Team, 3 p.m.
  • One Note Stand, 4 p.m.
  • Undeniably Adjacent Improv, 5 p.m.
  • Eagle Bhangra, 6 p.m.
  • Save the Arcadian, 10 p.m.
Events begin at 10 a.m. and conclude at midnight. All food and events are free and open to the public. The Digital Auditorium is a two-story space for up to 130 guests used for entertainment, classes, lectures, training and performances. The auditorium includes three screens and a full, theater-style lighting system. The space can also be combined with an adjacent lobby and the Convergence Garden to host distinctive events. For more information about the event, contact Cartland Berge, ITCC building and digital auditorium manager, at reberge@umw.edu or (540) 654-5991.

Heightened Awareness for Phishing Attempts/Spam

On March 31st Epsilon, a company that provides commercial email services, sent notice to their customers that they had experienced a data breach. Their customer list includes over 2500 clients including TIAA CREF, US Bank, JPMorgan Chase, Citibank, American Express and Capital One. The data that was lost includes a list of each organizations client email addresses and their full names.  A full list of companies affected is available here: http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands

As a result, a notable increase of SPAM and phishing email has permeated the Internet. The resulting phishing attempts will be more difficult to spot as they will target only customers of their respective institutions and will be able to personalize the messages.  This is known as spear-phishing.

We want to remind everyone that you should never provide any password or account information to anyone via email. Users should be especially vigilant in the next few weeks. All email should be considered suspect. Users should avoid clicking links within email, instead opening your browser of choice and hand typing the company’s address.

The university blocks thousands of SPAM messages every hour, but due the sheer volume and quality of this round of phishing messages, some may make it through our system.  Additionally other personal mail providers will likely experience similar spikes in unwanted email. We want to ensure that the UMW community is aware of the dangers and repercussions of this recent incident.

There are several steps that you should take to protect your account if you receive a phishing email:

  • Immediately delete any message that you get asking for your credentials or any other personal information.  Do NOT respond to these messages!
  • If you replied to a phishing message or believe that your account has been compromised, change your password immediately.
  • If you need assistance in accessing your account, and / or in correcting a problem with your account, please contact the IT Help Desk at helpdesk@umw.edu or at 540-654-2255.