Janet Eaton, ITS Information Assurance

Janet Eaton, ITS Information Assurance

Contact Janet at jmfeaton@umich.edu.

Only store sensitive data in approved services—check the guide!

Do you work with sensitive data? Any time you are thinking about using a storage or collaboration service for sensitive university data—whether in the cloud or at U-M: Check the Sensitive Data Guide first to see which services are approved for your data type. If the service you want to use is not listed in the guide, ask… Read More »

Dissonance Event Series: Catching Fake News, Nov. 27

Make plans to join us on Tuesday, November 27, at 6:15 p.m., in the Rackham Assembly Hall on the UM-Ann Arbor campus (915 E. Washington St.) for an exciting Dissonance event: Catching Fake News. There is no charge for this event and no need to register. A panel of experts will explore, two years after the 2016 election,… Read More »

U-M GDPR journey discussed at forum

If you’re worried about the impact of the General Data Protection Regulation (GDPR) in your unit, take a deep breath and relax. The university has got your back. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, reassured attendees at a July 26 GDPR open forum that—with the help of… Read More »

Duo can remember you for seven days

Now you can get the security benefits of two-factor for Weblogin with fewer login prompts. The Duo Remember Me time was extended from 12 hours to seven days on August 25. Remember to select the checkbox if you want Duo to remember you. You’ll see the Remember Me checkbox when you log in to a U-M site or… Read More »

Chrome extension warns you of malicious websites

You know you need to check the URL before logging in, but wouldn’t it be great if your web browser did some of that checking for you? If you use Chrome and an extension from Information Assurance (IA), it can. The U-M Safe Computing Website Checker extension for Chrome warns you while you are using Chrome: When you… Read More »

Users to be prompted for UMICH account recovery info

Resetting a forgotten UMICH (Level-1) password can be easy—but only if you’ve set up account recovery information ahead of time. When you save your account recovery information—a non-university email account and/or your mobile phone—we then know where to send your password-reset code in case you ever forget your password. To make this process easier, ITS will begin gradually… Read More »

Shared threat intelligence saves the day

A Distributed Denial of Service (DDoS) attack took down a residence hall network switch at the University of Maryland (UMD) over spring break 2018, but it could have been a lot worse without the collaborative threat information sharing partnership of U-M and other universities. 90% of attack traffic blocked “If we hadn’t been using our shared threat intelligence,… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »

Learn about GDPR at July 26 open forum

You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »

Say no to cryptocurrency mining

Cryptocurrency mining is best avoided. Don’t do it yourself, and don’t let attackers use your devices to do it. Cryptocurrency mining is a computationally intensive process of validating digital currency transactions that allows the miner to earn transaction fees and digital currency. Illicit cryptocurrency mining has displaced ransomware as the number one cyber security threat, according to industry… Read More »

U-M preparing for GDPR

A cross-university working group has been working for months to prepare U-M for the General Data Protection Regulation (GDPR), which goes into effect on May 25. To date, these efforts have included developing a risk-based GDPR compliance strategy, making important decisions regarding key requirements of the regulation, developing key GDPR processes and tools, and making recommendations for an… Read More »

Google Chrome verification begins May 7

Beginning Monday, May 7, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser to log in to Google at U-M. The information below explains what to expect with the new Google Chrome verification process. When you log in to your Google at U-M account using the Chrome… Read More »

Units to test prompts to set account recovery info

If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »

Option to get password reset codes by text coming soon

Later this spring, a new option for account recovery will be added to UMICH Account Management. Currently, if you forget your UMICH (Level-1) password, you can receive a password reset code by email (as long as you have provided a non-UMICH email address for that purpose). Information and Technology Services (ITS) is working to give you the option… Read More »

OpenID Connect now available with Shibboleth at U-M

Setting up single sign-on for a new service? The university’s preferred solution, Shibboleth, has a new option that makes it work with additional services. Shibboleth at U-M can now be set up to use either of these two industry standard protocols: Security Assertion Markup Language (SAML). For most services, SAML will be your best choice. Most services that… Read More »

Report phishing to ReportPhish@umich.edu

There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »

U-M preparing GDPR compliance program

The General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will affect organizations worldwide, including universities. The regulation expands personal privacy rights for European Union residents. It will take some time for organizations around the world to sort through, understand, and determine the implications of the GDPR requirements, as well as figure out how best to… Read More »

Reset forgotten UMICH passwords without security questions

Beginning February 24, you will be able to reset your UMICH (Level-1) password yourself without having to remember answers to your security questions. Before you can reset your UMICH password online at UMICH Account Management, your identity must be verified. For several years that has been done through the use of pre-set security questions and answers along with… Read More »