Category Archives: Safe Computing

Visit the SafeComputing site for more information. Report a security incident. Subscribe to the Safe Computing RSS feed.

Tips for traveling safely with technology

Whether you are planning a vacation or professional trip, you will likely take along a smartphone, tablet, laptop, or other mobile device. Follow these tips to safeguard both your own and the university’s data. Before you travel Consider taking a device you only use for travel. Securely back up data stored on your device(s) or media. Prepare for… Read More »

Units to test prompts to set account recovery info

If you forget your UMICH (Level-1) password and want to reset it yourself, you can do so only if you previously saved account recovery information at UMICH Account Management. That’s because the university needs to know where to send you a password-reset code. Most new students and employees now provide account recovery information as part of self-serve uniqname setup, but many of… Read More »

Vulnerability management & vendor compliance standards published

Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »

Option to get password reset codes by text coming soon

Later this spring, a new option for account recovery will be added to UMICH Account Management. Currently, if you forget your UMICH (Level-1) password, you can receive a password reset code by email (as long as you have provided a non-UMICH email address for that purpose). Information and Technology Services (ITS) is working to give you the option… Read More »

OpenID Connect now available with Shibboleth at U-M

Setting up single sign-on for a new service? The university’s preferred solution, Shibboleth, has a new option that makes it work with additional services. Shibboleth at U-M can now be set up to use either of these two industry standard protocols: Security Assertion Markup Language (SAML). For most services, SAML will be your best choice. Most services that… Read More »

Helping you to find the phish

Following successful pilots within the departments of Pathology and Family Medicine to identify and report simulated phishing emails, Information Assurance (IA) and Health Information Technology & Services (HITS) are gearing up to conduct a phased, anti-phishing educational awareness campaign throughout all of Michigan Medicine. HITS staff will be the initial target group to receive a series of simulated… Read More »

Report phishing to ReportPhish@umich.edu

There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »

Need to two-factor while traveling?

Are you going on a trip where you’ll need to use two-factor authentication (Duo)? Duo offers multiple options to meet your needs when traveling. You may be able to use your regular Duo two-factor option or need an alternative method depending on your travel destination. If you haven’t yet turned on two-factor for Weblogin to protect your personal… Read More »

MS Office doc dangers: Macros & enabled content pose risks

Macros are small bits of programming used in Microsoft Office docs to automate tasks. Unfortunately, they can also spread viruses and malware, and anti-virus programs cannot always catch them. Infected Office docs are typically spread through email attachments or download links, or even through cloud services like Office 365. What you can do If you were not expecting… Read More »

Michigan Medicine keeps smartphones smart… and secure

For nearly a year, Michigan Medicine has used AirWatch to provide the required encryption and information assurance necessary to safely access secure internal resources on smartphones, tablets, and laptops. The organization’s policy requires staff to enroll personally owned devices in AirWatch if they are used to access the internal wireless network or share sensitive healthcare information. Health Information Technology & Services… Read More »

Workshop offers IT tips for research travel

The flight is booked, the reservations made. You’re about to embark on your research trip to another country, time zone, continent…maybe all of the above. Understandably, you’ve focused on the logistics, and now you’re focused on the research fun. But, if you want to ensure a crisis-free experience, there’s another travel plan you need to make: the IT… Read More »

First Privacy@Michigan symposium draws over 200 participants

On January 30, the university held its first Privacy@Michigan symposium. Celebrating the 10th anniversary of International Data Privacy Day, the event featured an interdisciplinary group of U-M faculty and researchers who addressed top privacy-related—and threatening—issues in an era when the very notion has gotten complicated. The event was sponsored jointly by the U-M School of Information (UMSI), and… Read More »

U-M preparing GDPR compliance program

The General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will affect organizations worldwide, including universities. The regulation expands personal privacy rights for European Union residents. It will take some time for organizations around the world to sort through, understand, and determine the implications of the GDPR requirements, as well as figure out how best to… Read More »

Protect your privacy on social media

Protect your privacy and stay secure when using social media sites and apps. Before you post, tweet, or share, pay attention to privacy by following some simple guidelines. For example, strive to “undershare” (rather than overshare), avoid sharing your location, and be aware that anonymous doesn’t mean untraceable. These tips and more are on the Social Media Privacy page… Read More »

Secure your home wireless network

If you use a wireless internet connection at home, secure your network so that only those you allow can access it. There are two basic steps to securing your home wireless connections: Update all your Internet-enabled devices with the latest operating systems, web browsers, and security software. This includes any mobile devices that access your wireless network, such as… Read More »

Reset forgotten UMICH passwords without security questions

Beginning February 24, you will be able to reset your UMICH (Level-1) password yourself without having to remember answers to your security questions. Before you can reset your UMICH password online at UMICH Account Management, your identity must be verified. For several years that has been done through the use of pre-set security questions and answers along with… Read More »

Reminder: Secure your devices if you use them for U-M work

Security is everyone’s responsibility. If you use your personal devices—smartphone, laptop, tablet, and so on—for work, you are responsible for appropriately securing and managing them, as well as for meeting the obligations described in Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Your unit may have additional restrictions beyond those found in… Read More »

Units can deploy Passwordstate under U-M license

You can deploy Passwordstate in your unit under a U-M license that covers use by U-M faculty, staff, and students on all U-M campuses. Passwordstate allows teams of people to access and share sensitive password resources and is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.… Read More »

U-M startup offers new approach to cybersecurity

By | February 5, 2018

Rolling out what it’s calling a “street view for cyberspace,” Censys—a tech startup based on technology developed at the university—has launched a commercially available version of its internet-wide scanning tool. Based on technology developed in the lab of computer science and engineering professor J. Alex Halderman, Censys continuously scans the internet, analyzing every publicly visible server and device.… Read More »

Tax fraud prevention tips

Beware: Identity thieves can file fraudulent tax returns in your name and steal your tax refund. Last year, criminals filed false returns for people across the nation, including several U-M employees. Information Assurance (IA) offers the following tips to help you protect yourself from identity theft and tax fraud: Turn on two-factor authentication for Weblogin to add extra… Read More »