Category Archives: Safe Computing

Visit the SafeComputing site for more information. Report a security incident. Subscribe to the Safe Computing RSS feed.

Equifax data breach: Consumers knew but took little action

By | August 15, 2018

When the Equifax data breach impacting nearly 147 million people occurred just over a year ago most consumers took little to no action to protect themselves despite the risk of identity theft, U-M researchers found. In comprehensive interviews with 24 consumers, a team of researchers at the School of Information led by Yixin Zou and Florian Schaub found… Read More »

Chrome extension warns you of malicious websites

You know you need to check the URL before logging in, but wouldn’t it be great if your web browser did some of that checking for you? If you use Chrome and an extension from Information Assurance (IA), it can. The U-M Safe Computing Website Checker extension for Chrome warns you while you are using Chrome: When you… Read More »

Duo mandatory at Michigan Medicine beginning October 10

Phishing attacks, data breaches, and identity theft have become common issues plaguing organizations the world over, including health systems and universities. The most significant step the Michigan Medicine community can take to protect their data, as well as that of our patients and research participants, is to use Duo with all web-based services that require U-M login. While 26,000… Read More »

HITS implements 30-day network policy

The institutionally owned devices we use to do our work are kept secure by connecting regularly to the internal U-M network. Connecting ensures that our devices receive the patches and anti-virus protection that are typically installed automatically and daily whenever we are logged in. Effective August 16, 2018, Health Information Technology & Services (HITS) will implement a policy… Read More »

Protect your UMICH account with two-factor

You can add protection for additional U-M systems, and for your personal information in Wolverine Access Employee Self-Service, by turning on two-factor for Weblogin. Two-factor provides additional security in case your UMICH (Level-1) password is stolen. The U-M Information Assurance team strongly recommends that you turn on two-factor to better protect your UMICH account and U-M systems and… Read More »

Users to be prompted for UMICH account recovery info

Resetting a forgotten UMICH (Level-1) password can be easy—but only if you’ve set up account recovery information ahead of time. When you save your account recovery information—a non-university email account and/or your mobile phone—we then know where to send your password-reset code in case you ever forget your password. To make this process easier, ITS will begin gradually… Read More »

Shared threat intelligence saves the day

A Distributed Denial of Service (DDoS) attack took down a residence hall network switch at the University of Maryland (UMD) over spring break 2018, but it could have been a lot worse without the collaborative threat information sharing partnership of U-M and other universities. 90% of attack traffic blocked “If we hadn’t been using our shared threat intelligence,… Read More »

Tips for writing emails that don’t look phishy

You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »

Beware of tech support scams

 Have you ever seen a pop-up on your computer or received an unsolicited call urging you to contact “tech support?” Scammers sometimes impersonate IT support staff and claim something is wrong with your computer. They offer to help fix the problem—for a fee—but instead may steal your personal information or infect your computer with malicious software. This… Read More »

Learn about GDPR at July 26 open forum

You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »

Say no to cryptocurrency mining

Cryptocurrency mining is best avoided. Don’t do it yourself, and don’t let attackers use your devices to do it. Cryptocurrency mining is a computationally intensive process of validating digital currency transactions that allows the miner to earn transaction fees and digital currency. Illicit cryptocurrency mining has displaced ransomware as the number one cyber security threat, according to industry… Read More »

Mingyan Liu named 2018 Distinguished University Innovator

Mingyan Liu, professor of electrical engineering and computer science, was awarded the Distinguished University Innovator Award for her work in helping develop a new approach to enhance cybersecurity. She and her colleagues achieved this by using technology that predicts with up to 90 percent accuracy the likelihood that a company will be exploited by cyber criminals within the next… Read More »

U-M preparing for GDPR

A cross-university working group has been working for months to prepare U-M for the General Data Protection Regulation (GDPR), which goes into effect on May 25. To date, these efforts have included developing a risk-based GDPR compliance strategy, making important decisions regarding key requirements of the regulation, developing key GDPR processes and tools, and making recommendations for an… Read More »

Transfer file ownership before people leave

When U-M employees leave the university or transfer from one unit to another, it is important to consider transferring ownership of files and other digital resources needed for university business. See these resources for tips and information: Leaving U-M U-M Termination Checklist (downloadable Excel file from U-M Human Resources) What to do if something is missed In cases… Read More »

Tips for secure passwords

In honor of World Password Day on May 3, School of Information assistant professor Florian Schaub shared these online security tips: Use a password manager Use unique passwords Use two-factor authentication (like Duo!) Whether it’s World Password Day or not, it’s a good idea to update online privacy settings. Watch the video below to learn how. For additional… Read More »

Google Chrome verification begins May 7

Beginning Monday, May 7, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser to log in to Google at U-M. The information below explains what to expect with the new Google Chrome verification process. When you log in to your Google at U-M account using the Chrome… Read More »

Tips for traveling safely with technology

Whether you are planning a vacation or professional trip, you will likely take along a smartphone, tablet, laptop, or other mobile device. Follow these tips to safeguard both your own and the university’s data. Before you travel Consider taking a device you only use for travel. Securely back up data stored on your device(s) or media. Prepare for… Read More »

Units to test prompts to set account recovery info

If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »