You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »
 Have you ever seen a pop-up on your computer or received an unsolicited call urging you to contact “tech support?” Scammers sometimes impersonate IT support staff and claim something is wrong with your computer. They offer to help fix the problem—for a fee—but instead may steal your personal information or infect your computer with malicious software. This… Read More »
You and all members of the U-M community are invited to a General Data Protection Regulation (GDPR) Open Forum to learn more about U-M’s approach to GDPR compliance. Sol Bermann, university privacy officer and interim chief information security officer, and David Grimm, associate general counsel, will share U-M’s approach to GDPR compliance, demonstrate the processes and tools developed… Read More »
Cryptocurrency mining is best avoided. Don’t do it yourself, and don’t let attackers use your devices to do it. Cryptocurrency mining is a computationally intensive process of validating digital currency transactions that allows the miner to earn transaction fees and digital currency. Illicit cryptocurrency mining has displaced ransomware as the number one cyber security threat, according to industry… Read More »
Mingyan Liu, professor of electrical engineering and computer science, was awarded the Distinguished University Innovator Award for her work in helping develop a new approach to enhance cybersecurity. She and her colleagues achieved this by using technology that predicts with up to 90 percent accuracy the likelihood that a company will be exploited by cyber criminals within the next… Read More »
A cross-university working group has been working for months to prepare U-M for the General Data Protection Regulation (GDPR), which goes into effect on May 25. To date, these efforts have included developing a risk-based GDPR compliance strategy, making important decisions regarding key requirements of the regulation, developing key GDPR processes and tools, and making recommendations for an… Read More »
When U-M employees leave the university or transfer from one unit to another, it is important to consider transferring ownership of files and other digital resources needed for university business. See these resources for tips and information: Leaving U-M U-M Termination Checklist (downloadable Excel file from U-M Human Resources) What to do if something is missed In cases… Read More »
You put U-M systems and data at risk if you use your UMICH (Level-1) password for non-university services. If you use your UMICH email address and password to establish a personal account (for example, at LinkedIn), and that information is exposed in a data breach, your UMICH account is now at risk. If you have used your UMICH… Read More »
In honor of World Password Day on May 3, School of Information assistant professor Florian Schaub shared these online security tips: Use a password manager Use unique passwords Use two-factor authentication (like Duo!) Whether it’s World Password Day or not, it’s a good idea to update online privacy settings. Watch the video below to learn how. For additional… Read More »
Beginning Monday, May 7, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser to log in to Google at U-M. The information below explains what to expect with the new Google Chrome verification process. When you log in to your Google at U-M account using the Chrome… Read More »
Whether you are planning a vacation or professional trip, you will likely take along a smartphone, tablet, laptop, or other mobile device. Follow these tips to safeguard both your own and the university’s data. Before you travel Consider taking a device you only use for travel. Securely back up data stored on your device(s) or media. Prepare for… Read More »
If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »
Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »
Later this spring, a new option for account recovery will be added to UMICH Account Management. Currently, if you forget your UMICH (Level-1) password, you can receive a password reset code by email (as long as you have provided a non-UMICH email address for that purpose). Information and Technology Services (ITS) is working to give you the option… Read More »
Setting up single sign-on for a new service? The university’s preferred solution, Shibboleth, has a new option that makes it work with additional services. Shibboleth at U-M can now be set up to use either of these two industry standard protocols: Security Assertion Markup Language (SAML). For most services, SAML will be your best choice. Most services that… Read More »
Following successful pilots within the departments of Pathology and Family Medicine to identify and report simulated phishing emails, Information Assurance (IA) and Health Information Technology & Services (HITS) are gearing up to conduct a phased, anti-phishing educational awareness campaign throughout all of Michigan Medicine. HITS staff will be the initial target group to receive a series of simulated… Read More »
There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »
Are you going on a trip where you’ll need to use two-factor authentication (Duo)? Duo offers multiple options to meet your needs when traveling. You may be able to use your regular Duo two-factor option or need an alternative method depending on your travel destination. If you haven’t yet turned on two-factor for Weblogin to protect your personal… Read More »
Macros are small bits of programming used in Microsoft Office docs to automate tasks. Unfortunately, they can also spread viruses and malware, and anti-virus programs cannot always catch them. Infected Office docs are typically spread through email attachments or download links, or even through cloud services like Office 365. What you can do If you were not expecting… Read More »
For nearly a year, Michigan Medicine has used AirWatch to provide the required encryption and information assurance necessary to safely access secure internal resources on smartphones, tablets, and laptops. The organization’s policy requires staff to enroll personally owned devices in AirWatch if they are used to access the internal wireless network or share sensitive healthcare information. Health Information Technology & Services… Read More »