Mark your calendars for SUMIT_2018, U-M’s 14th annual cyber security conference on Thursday, October 25. Learn more and register today! Security at University of Michigan IT (SUMIT) is the university’s flagship event for National Cybersecurity Awareness Month. Held at Rackham Auditorium, SUMIT is an exciting opportunity to hear recognized experts discuss the latest issues, trends, and threats in… Read More »
In the past months you may have noticed pop-up messages from websites informing you of an update in their privacy policy or asking if you understand that the company is using cookies to collect data about you. The increased disclosure is likely the result of a new law in Europe in effect since May 25: the General Data Protection… Read More »
Ever wonder what the people on the other end of a Hangouts session are really looking at on their screens? With a little help from machine learning, you might be able to take a peek over their shoulders. Based on research published by Daniel Genkin, assistant professor of electrical engineering and computer science at the College of Engineering,… Read More »
If you’re worried about the impact of the General Data Protection Regulation (GDPR) in your unit, take a deep breath and relax. The university has got your back. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, reassured attendees at a July 26 GDPR open forum that—with the help of… Read More »
Now you can get the security benefits of two-factor for Weblogin with fewer login prompts. The Duo Remember Me time was extended from 12 hours to seven days on August 25. Remember to select the checkbox if you want Duo to remember you. You’ll see the Remember Me checkbox when you log in to a U-M site or… Read More »
Phishing emails often include links to fake Weblogin pages that look exactly like the real one. If you log in to the fake page, your password is stolen, and your U-M account could be compromised. The only clue it’s a fraudulent login page is the URL. Before entering your UMICH (Level 1) password, check that the page’s web… Read More »
Researchers at U-M were part of a group that discovered a new processor vulnerability that could potentially put secure information at risk in any Intel-based PC manufactured since 2008. It could affect users who rely on a digital lockbox feature known as Intel Software Guard Extensions, or SGX, as well as those who utilize common cloud-based services,… Read More »
Ransomware is malicious software that can infect and encrypt files on your computers and other devices, preventing you from accessing them. Criminals use it to threaten victims with loss of their data unless they pay ransom in return for a “key” to unlock their folders, files, and devices. Ransomware typically gets on devices when people open infected email… Read More »
When the Equifax data breach impacting nearly 147 million people occurred just over a year ago most consumers took little to no action to protect themselves despite the risk of identity theft, U-M researchers found. In comprehensive interviews with 24 consumers, a team of researchers at the School of Information led by Yixin Zou and Florian Schaub found… Read More »
You know you need to check the URL before logging in, but wouldn’t it be great if your web browser did some of that checking for you? If you use Chrome and an extension from Information Assurance (IA), it can. The U-M Safe Computing Website Checker extension for Chrome warns you while you are using Chrome: When you… Read More »
Phishing attacks, data breaches, and identity theft have become common issues plaguing organizations the world over, including health systems and universities. The most significant step the Michigan Medicine community can take to protect their data, as well as that of our patients and research participants, is to use Duo with all web-based services that require U-M login. While 26,000… Read More »
The institutionally owned devices we use to do our work are kept secure by connecting regularly to the internal U-M network. Connecting ensures that our devices receive the patches and anti-virus protection that are typically installed automatically and daily whenever we are logged in. Effective August 16, 2018, Health Information Technology & Services (HITS) will implement a policy… Read More »
You can add protection for additional U-M systems, and for your personal information in Wolverine Access Employee Self-Service, by turning on two-factor for Weblogin. Two-factor provides additional security in case your UMICH (Level-1) password is stolen. The U-M Information Assurance team strongly recommends that you turn on two-factor to better protect your UMICH account and U-M systems and… Read More »
Resetting a forgotten UMICH (Level-1) password can be easy—but only if you’ve set up account recovery information ahead of time. When you save your account recovery information—a non-university email account and/or your mobile phone—we then know where to send your password-reset code in case you ever forget your password. To make this process easier, ITS will begin gradually… Read More »
A Distributed Denial of Service (DDoS) attack took down a residence hall network switch at the University of Maryland (UMD) over spring break 2018, but it could have been a lot worse without the collaborative threat information sharing partnership of U-M and other universities. 90% of attack traffic blocked “If we hadn’t been using our shared threat intelligence,… Read More »
You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »
Have you ever seen a pop-up on your computer or received an unsolicited call urging you to contact “tech support?” Scammers sometimes impersonate IT support staff and claim something is wrong with your computer. They offer to help fix the problem—for a fee—but instead may steal your personal information or infect your computer with malicious software. This… Read More »
You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »
Cryptocurrency mining is best avoided. Don’t do it yourself, and don’t let attackers use your devices to do it. Cryptocurrency mining is a computationally intensive process of validating digital currency transactions that allows the miner to earn transaction fees and digital currency. Illicit cryptocurrency mining has displaced ransomware as the number one cyber security threat, according to industry… Read More »
Mingyan Liu, professor of electrical engineering and computer science, was awarded the Distinguished University Innovator Award for her work in helping develop a new approach to enhance cybersecurity. She and her colleagues achieved this by using technology that predicts with up to 90 percent accuracy the likelihood that a company will be exploited by cyber criminals within the next… Read More »