Cryptocurrency mining is best avoided. Don’t do it yourself, and don’t let attackers use your devices to do it. Cryptocurrency mining is a computationally intensive process of validating digital currency transactions that allows the miner to earn transaction fees and digital currency. Illicit cryptocurrency mining has displaced ransomware as the number one cyber security threat, according to industry… Read More »
When U-M employees leave the university or transfer from one unit to another, it is important to consider transferring ownership of files and other digital resources needed for university business. See these resources for tips and information: Leaving U-M U-M Termination Checklist (downloadable Excel file from U-M Human Resources) What to do if something is missed In cases… Read More »
In honor of World Password Day on May 3, School of Information assistant professor Florian Schaub shared these online security tips: Use a password manager Use unique passwords Use two-factor authentication (like Duo!) Whether it’s World Password Day or not, it’s a good idea to update online privacy settings. Watch the video below to learn how. For additional… Read More »
Beginning Monday, May 7, Google is rolling out a new security feature that requires users to verify their identity when using the Chrome browser to log in to Google at U-M. The information below explains what to expect with the new Google Chrome verification process. When you log in to your Google at U-M account using the Chrome… Read More »
Whether you are planning a vacation or professional trip, you will likely take along a smartphone, tablet, laptop, or other mobile device. Follow these tips to safeguard both your own and the university’s data. Before you travel Consider taking a device you only use for travel. Securely back up data stored on your device(s) or media. Prepare for… Read More »
Two new standards clearly define responsibilities regarding vulnerability management and vendor security and compliance, and updated and expanded guidance to help you meet those responsibilities is on Safe Computing. Andrew Rosenberg, interim U-M vice president for information technology and Michigan Medicine chief information officer, recently approved these two new standards: Third Party Vendor Security and Compliance (DS-20). When… Read More »
J. Alex Halderman, a professor of computer science and engineering at U-M, helped create a video on the vulnerability of U.S. electronic voting systems called, “I Hacked an Election. So Can the Russians.” The video is part of a series by the New York Times on voting in America, which will run until Election Day in November. Calling the… Read More »
Following successful pilots within the departments of Pathology and Family Medicine to identify and report simulated phishing emails, Information Assurance (IA) and Health Information Technology & Services (HITS) are gearing up to conduct a phased, anti-phishing educational awareness campaign throughout all of Michigan Medicine. HITS staff will be the initial target group to receive a series of simulated… Read More »
There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »
Are you going on a trip where you’ll need to use two-factor authentication (Duo)? Duo offers multiple options to meet your needs when traveling. You may be able to use your regular Duo two-factor option or need an alternative method depending on your travel destination. If you haven’t yet turned on two-factor for Weblogin to protect your personal… Read More »
Macros are small bits of programming used in Microsoft Office docs to automate tasks. Unfortunately, they can also spread viruses and malware, and anti-virus programs cannot always catch them. Infected Office docs are typically spread through email attachments or download links, or even through cloud services like Office 365. What you can do If you were not expecting… Read More »
Michigan Medicine recently achieved a significant goal of ensuring that 100 percent of all devices connecting to its internal network by wire are accounted for, categorized by device type, and secured with the necessary protocols required to protect two-way communication from cyberattacks. A program to enhance network security and identify all electronic equipment connecting to Michigan Medicine internal resources… Read More »
For nearly a year, Michigan Medicine has used AirWatch to provide the required encryption and information assurance necessary to safely access secure internal resources on smartphones, tablets, and laptops. The organization’s policy requires staff to enroll personally owned devices in AirWatch if they are used to access the internal wireless network or share sensitive healthcare information. Health Information Technology & Services… Read More »
The flight is booked, the reservations made. You’re about to embark on your research trip to another country, time zone, continent…maybe all of the above. Understandably, you’ve focused on the logistics, and now you’re focused on the research fun. But, if you want to ensure a crisis-free experience, there’s another travel plan you need to make: the IT… Read More »
If you use a wireless internet connection at home, secure your network so that only those you allow can access it. There are two basic steps to securing your home wireless connections: Update all your Internet-enabled devices with the latest operating systems, web browsers, and security software. This includes any mobile devices that access your wireless network, such as… Read More »
Security is everyone’s responsibility. If you use your personal devices—smartphone, laptop, tablet, and so on—for work, you are responsible for appropriately securing and managing them, as well as for meeting the obligations described in Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33). Your unit may have additional restrictions beyond those found in… Read More »
You can deploy Passwordstate in your unit under a U-M license that covers use by U-M faculty, staff, and students on all U-M campuses. Passwordstate allows teams of people to access and share sensitive password resources and is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.… Read More »
Rolling out what it’s calling a “street view for cyberspace,” Censys—a tech startup based on technology developed at the university—has launched a commercially available version of its internet-wide scanning tool. Based on technology developed in the lab of computer science and engineering professor J. Alex Halderman, Censys continuously scans the internet, analyzing every publicly visible server and device.… Read More »
Beware: Identity thieves can file fraudulent tax returns in your name and steal your tax refund. Last year, criminals filed false returns for people across the nation, including several U-M employees. Information Assurance (IA) offers the following tips to help you protect yourself from identity theft and tax fraud: Turn on two-factor authentication for Weblogin to add extra… Read More »
Before you get rid of any device you have used to work with, store, or access sensitive university data, you must make sure it is securely erased (sanitized). This keeps university data—and your personal information—from falling into the wrong hands. University-owned devices Sanitization and disposal of MiWorkspace devices is handled by MiWorkspace staff. Others who are responsible for… Read More »