Category Archives: Safe Computing

Visit the SafeComputing site for more information. Report a security incident. Subscribe to the Safe Computing RSS feed.

Review your MCommunity privacy settings

Your profile Your MCommunity profile shows only information related to your U-M affiliation. For U-M staff members, publicly viewable information includes: name, uniqname, email address, U-M affiliation, title, and U-M work phone number and address. You can choose privacy settings for additional information about yourself, such as your notice or description. You can choose whether the additional information… Read More »

Beware of tech support scams

Have you ever seen a pop-up on your computer or received an unsolicited call urging you to contact “tech support?” Scammers sometimes impersonate IT support staff and claim something is wrong with your computer. They offer to help fix the problem—for a fee—but instead may steal your personal information or infect your computer with malicious software. This can… Read More »

Unhackable: New chip stops attacks before they start

By | May 6, 2019

A new computer processor architecture developed at U-M could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete. Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second—infinitely faster than a human… Read More »

Transfer file ownership before people leave the university

When U-M employees leave the university or transfer from one unit to another, it is important to transfer ownership of files, MCommunity groups, and other digital resources needed for university business. See these resources for tips and information: Leaving U-M U-M Termination Checklist (downloadable Excel file from U-M Human Resources) Plan ahead to avoid disruptions and protect privacy… Read More »

Your role in implementing new info security standards

No matter what your job at U-M, you have a role to play in implementing the new information security standards and the revised Information Security (SPG 601.27) policy. Your responsibilities could include: Participating in data protection training Reporting suspected or actual IT security incidents Learning and using secure coding best practices Configuring ITS systems to meet minimum security… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »

UM-Dearborn implements encryption program

UM-Dearborn ITS has kicked off a new initiative to encrypt users’ endpoint devices (laptop and desktop computers). This effort dramatically improves the way UM-Dearborn secures its endpoints, and the data and services they touch. In addition, it helps bring campus in line with U-M IT security policies and standards. The effort initially rolled out to two departments that… Read More »

New Chinese restriction impacts Duo phone calls; Use other options

May 15, 2019 update: You can once again use the Call Me option to receive Duo phone calls to Chinese (+86) numbers for two-factor authentication. Automated phone calls for Duo two-factor authentication are no longer being blocked to Chinese (+86) numbers. Duo worked with one of its telephony providers and the Chinese government to resolve the issue. China… Read More »

Teams practice IT security incident investigation

U-M staff members, and a number of other IT security pros from Domino’s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 Boss of the SOC (Security Operations Center) event held at U-M and sponsored by the U-M Information Assurance office and Splunk. Working in teams of four to five, participants assumed the… Read More »

IA finds and fixes Shibboleth vulnerability

Imagine not being able to log in to your U-M GMail and Calendar—or Box at U-M, Canvas, and more. That might have been a risk if an attacker had exploited a previously unknown Shibboleth vulnerability. Within minutes, the attacker could have broadly disrupted logins at U-M and across higher education. Thankfully, that didn’t happen. While doing a routine… Read More »

Learn about implementing new info security standards

How do the new information security standards and the revised Information Security (SPG 601.27) policy affect your work? Information Assurance (IA) is hosting working sessions for members of the U-M community interested in learning about implementing the policy and standards. Upcoming sessions: Thursday, April 4 (1:30-3:30 p.m.). This session will cover Security Log Collection, Analysis, and Retention (DS-19)… Read More »

Encrypt your devices and data

Turn on device encryption to help secure personal and institutional data at home and at work. Encryption protects against unauthorized access to data if your device is lost or stolen. Encryption is: Required for any personal device you use to access U-M data classified as High. https://www.safecomputing.umich.edu/protect-the-u/safely-use-sensitive-data/classification-levels Recommended for any device you use to access or store U-M… Read More »

Tips for traveling safely with technology

Whether you are planning a vacation or professional trip, you will likely take along some combination of a smartphone, tablet, laptop, and other mobile devices. Follow these tips to safeguard both your own and the university’s data. Before you travel If you don’t need it, don’t travel with it. Plan which Duo options you will use and enroll… Read More »

Report: Top universities in U.S. targeted by Chinese hackers

By | March 14, 2019

U-M CIO Ravi Pendse was quoted in a recent article about how new cybersecurity intelligence suggests that Chinese hackers are ramping up their efforts to steal military research secrets from U.S. universities. According to a report in “The Wall Street Journal,” Chinese hackers targeted institutions and researchers with expertise in undersea technology as part of a coordinated cybercampaign… Read More »

IoT devices: Balance convenience with privacy & security

Internet of Things (IoT) devices, such as smart home assistants, smart appliances, and gaming systems, can collect a lot of personal data about you—sometimes more than you might realize. Personal data about you and others who use and share such devices may be retained, used, and sold in unexpected ways. IoT devices usually send data to cloud storage… Read More »

Secure your home wireless network

Be smart and secure your home network so that only those you allow can access it. This protects your privacy and networked devices. There are two basic steps to securing your home network: 1. Update all your Internet-enabled devices with the latest operating systems, web browsers, and security software. This includes any devices that access your wireless network.… Read More »

Reminder: Secure your devices if you use them for U-M work

If you use your personal devices—smartphone, laptop, tablet, and so on—for work, you are responsible for appropriately managing and securing them, as well as for meeting the obligations described in Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Your unit may have additional restrictions beyond those found in the SPG. Check with… Read More »