OIT News – April 2016

OIT News
Monthly news briefs, information and announcements
Office of Information Technology, NC State University
Issue 102, April 2016

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Follow OIT on Twitter @ncsu_oit
For up-to-the-minute reports on OIT systems, see SysNews
For help with computing problems, contact the NC State Help Desk

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: OIT issues new regulation to define security standards for sensitive data and systems
02: Has your email account been compromised?
03: New Wolfpack Reporting System 2.0 is now available
04: Set expiration dates for Google Drive, Docs, Sheets, and Slides
05: Learn 10 Tips to Make Your WordPress Accessible, OS X Management with Casper, ServiceNow, and more Google Apps features!
06: SAR training scheduled
07: Change your password before you travel abroad

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: OIT issues new regulation to define security standards for sensitive data and systems
As part of ongoing efforts to defend the university network from actors with malicious intent, on March 25, OIT issued a new regulation that defines the security standards required to protect sensitive university data and systems. The new regulation seeks to arm data stewards, data custodians and IT administrators with the information necessary to secure their systems and data in a manner consistent with well-known industry standards. The regulation will also help the stakeholders comply with university policies and state and federal security requirements, such as the:

  • International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 27002
  • National Institute of Standards and Technology (NIST) 800-53
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)

Regulation 08.00.16 – NC State University Security Standards for Sensitive Data and Systems applies to all computer systems and associated infrastructure devices, facilities and people who support the storage, processing or transmission of sensitive data.

The regulation outlines security standards for:

  • Identification and authentication to access systems and data
  • Acceptable technology use
  • Physical security
  • Configuration management
  • Software development lifecycle
  • Media protection
  • Audit and accountability
  • Contingency planning
  • External service providers
  • Wireless usage
  • Encryption
  • Enforcement

System administrators and data stewards, data custodians or their delegates are encouraged to begin implementing controls immediately to ensure compliance with this standard where possible.  However, multiple operational changes, processes and tools need to be identified and implemented to support overall university compliance. As such, OIT Security and Compliance (S&C) will develop an implementation timeline for this standard by Dec. 31, 2016 and communicate to appropriate stakeholders. All credit-card related systems are expected to be fully compliant with the standard by May 2016.

Following the development of the implementation plan, the necessary processes and tools to support university-wide compliance will be identified and implemented accordingly.

If you have any questions or concerns regarding the application of the standard to your environment, please contact S&C at oit_security@ncsu.edu,
S&C also recognizes that the standards may be applied to different environments in different ways. Consequently, an exceptions process has been included in the regulation to address these situations.

For additional information, see the  RUL 08.00.16 – NC State University Security Standards for Sensitive Data and Systems Web page.

Back to top

02: Has your email account been compromised?
It could happen to you.

In March, NC State experienced an unusually high number of phishing attacks, resulting in 136 compromised email accounts that belonged to undergraduate and graduate students, faculty and staff, and former students. Phishing attacks are typically associated with email and are attempts to steal your personal information such as account names, passwords and banking and credit card information.

Many of these phishing emails were purported to come from the NC State Help Desk and included information about an upgrade to the NCSU Gmail account. If you look closely, these phishing attacks (like the example below) were actually sent from the email accounts of campus users who had previously fallen victim to a similar phishing email.

——– EXAMPLE ——–

From: Tom Who <who@ncsu.edu>

Date: Mon, Mar 21, 2016 at 9:47 AM

Subject: NCSU Administrator

To:

Today Monday 21st March, 2016, we are shutting down your present Gmail Account to create space for 2016 New NCSU Google mail with a high visual definition and Space. This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for activation.

CLICK HERE

Follow the procedure and complete information by clicking SUBMIT. A new space will be created within 48 hours.

Thank you for understanding.
North Carolina State University

——– END EXAMPLE ——–

The example above and similar emails are ALL fake and are attempts to steal your login credentials. You already have unlimited storage with your Google Apps @ NC State Account, and there are no options for high-definition visualization space or Gmail/Outlook upgrades.

If you respond to a phishing attack, it can cause problems for you and the entire NC State community. Your account becomes compromised, and suddenly it is sending out hundreds of phishing messages to others within the university domain and beyond. The university’s “Internet reputation” decreases if its ncsu.edu domain is viewed as a spammer.

Don’t become a statistic. Stay aware and remember these tips:

  • NEVER open any email or attachment from someone you don’t know. If you’re not expecting it, don’t open it unless you verify it with the sender.
  • ALWAYS hover over a link to verify its intended location. Never click on suspicious or unrecognized links in emails, including those from NC State.
  • Forward any suspicious email with an ncsu.edu address to phishing@ncsu.edu or call the NC State Help Desk at 515-HELP (4357). Once you’ve clicked on a phishing email, it’s possible you’ve already started a chain of bad events.
  • Activate Google’s 2-Step Verification to add an additional level of security beyond password protection for your accounts and documents.
  • Check SysNews for postings on large-scale phishing attacks as well as information on outages or upgrades that may require some action on your part.
  • Remember that NC State personnel will NEVER ask you to reveal personal information such as passwords or other restricted data by email, phone, text, or other means of communication.

If you or individuals within your department are interested in learning more about 2-Step Verification or phishing in general, check out Classmate to view OIT’s training courses to keep you aware, safe and informed.

Back to top

03: New Wolfpack Reporting System 2.0 is now available
The Wolfpack Reporting System (WRS) Project Team announces the availability of WRS 2.0 and on-demand video training opportunities. Available via the MyPack Portal, WRS is a one-stop shop for all frequently used financial reports. Since its release on April 11, more than 1,000 campus employees have run the reports over 22,000 times.

The new WRS 2.0 features improved performance and functionality, including:

  • The team combined the best features of the reports, reducing the number of reports from 17 to nine.
  • Reports were redesigned to display relevant information for the funding source.
  • Additional reports are available that allows customers to view information by a range of chartfields such as department ID, account and funding source.
  • A new column has been created to display the vendor’s name on journal transactions when appropriate. This information was previously included in the journal line description only.
  • Journal drill-down capabilities have been greatly enhanced to allow customers to drill into the source transaction directly. For example, you can now click on the journal ID to access the journal in the Financial System. Similar drilldowns exist for vouchers, MarketPlace orders, PCard drilldowns, Fleet Card, project modification requests (PMR’s), bill invoices, and inter-departmental transfers (IDT’s).
  • Campus users can now download their reports to Excel much quicker.

In collaboration with various campus groups, the project team explores the feasibility of WRS enhancements and reports and addresses performance issues related to running reports and using drill downs.

For additional information about WRS 2.0 and on-demand video training opportunities, see the Financial Systems Training Web page.

Back to top

04: Set expiration dates for Google Drive, Docs, Sheets, and Slides
As a Google Apps @ NC State user, you now have the ability to set an expiration date for collaborators to view or to comment on files stored in Google Drive, Docs, Sheets, and Slides.

Once the expiration date is reached, users will no longer have access to your document. Google is rolling out this new feature to increase the security of your information and data. You will not be able to set an expiration date for file owners or collaborators with edit access.

To set an expiration date:

  1. Open Drive, Docs, Sheets, or Slides.
  2. Click on the Share button.
  3. Select the Advanced option.
  4. In the Shared Settings area, click on the drop-down menu next to the name of each collaborator and choose Set expiration.
  5. Under Access expires, select the number of days (e.g., 7 days, 30 days, custom date) in which the document will expire.

gexpiration

To learn more about these enhancements and other new Google features, check out the latest edition of What’s New In Google Apps.

For training tips, follow the NC State Google Services Team on Google+. To view upcoming workshops, visit Classmate.

Back to top

05: Learn 10 Tips to Make Your WordPress Accessible, OS X Management with Casper, ServiceNow, and more Google Apps features!
OIT has scheduled the following training sessions.

  • Gmail: Advanced Productivity will be offered on Tuesday, April 19 and Thursday, May 19 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. Building on Gmail: More than your Inbox, this advanced hands-on workshop takes Gmail to the next level. You will learn more about using labels, filters, canned responses, Google Calendar Events, Hangouts, and Google Drive via Gmail, along with any planned or newly released features. To register, visit Classmate.
  • Using ServiceNow will be offered on Tuesday, April 19 from 2 p.m. to 4 p.m in Room 110 of the Avent Ferry Technology Center. This course is designed to introduce the campus user to the ServiceNow Service Management suite of applications. If you are a transition user of the former Remedy call tracking system, an IT support staff member in a department already using ServiceNow, or someone who is interested in starting to use ServiceNow, this course will help you understand the functional uses of ServiceNow and how you can integrate it better into your workflow. To register, visit Classmate.
  • Google Sheets will be offered on Thursday, April 21 from 2 p.m. to 4 p.m. in Room 110 of the Avent Ferry Technology Center. Come to this two-hour overview of Sheets to learn how it integrates with other apps in Google Drive. Topics will include formatting options, find and replace, notifications, conditional formatting, and more! To register, visit Classmate.
  • Create, Collaborate & Get Organized with Google Drive will be offered on Tuesday, April 26 from 2 p.m. to 4 p.m. in Room 110 of the Avent Ferry Technology Center. In this hands-on workshop, you will learn how to use Drive to manage your resources in a collaborative environment, including organizing files and folders, securing documents through file sharing permissions, editing and collaborating in groups, and using common tools throughout Google Apps. For this workshop, you will need to have an active NC State University Unity account with access to Google Apps at NC State. If you would prefer using your own laptop or other mobile device, feel free to bring it. To register, visit Classmate.
  • Hands-on with Google Drawings will be offered on Wednesday, April 27 from 1 p.m. to 2:30 p.m. in Room 110 of the Avent Ferry Technology Center. Join us for this fun and interactive workshop and find out how easy it is to create your own drawings! See how Google Drawings can be inserted in other Google Apps like Docs, Sheets and Slides and learn how to create and collaborate on charts, diagrams and images. To register, visit Classmate.
  • Google Forms: Data Collection and Analysis will be offered on Thursday, April 28 from 9 a.m. to 11 a.m. in Room 110 of the Avent Ferry Technology Center. Easily build surveys, plan events and gather data with Google Forms. In this workshop, you will learn the basics of creating forms, collaborative editing and viewing data in spreadsheets and charts as well as advanced features such as custom themes, page breaks, question validation, and embedding forms in websites. To register, visit Classmate.
  • 10 Tips to Make Your WordPress Accessible will be offered on Thursday, April 28 from 2 p.m. to 3:30 p.m. in Room 110 of the Avent Ferry Technology Center. Have you recently moved to WordPress or are you thinking about moving to WordPress? Register for this session to learn 10 simple ways to ensure your WordPress site is accessible. To register, visit Classmate.
  • Gmail: More than your Inbox will be offered on Wednesday, May 4 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. There is more to Gmail than just composing, replying to and forwarding messages. This workshop will provide an in-depth overview of Gmail features including an emphasis on labels and search tools, contacts management, chat, tasks, settings, labs, and new features. To register, visit Classmate.
  • OIT-Advanced OS X Management with Casper will be offered on Wednesday, May 18 from 1:30 p.m. to 4:30 p.m. in Room B3 of the Hillsborough Building. Learn advanced techniques and best practices to manage OS X devices with Casper. To register, visit Classmate.
  • Google Calendar: Advanced Productivity will be offered on Tuesday, May 10 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. This workshop will focus on Calendar (e.g., my calendar, other calendars, mini calendar), event details and calendar management. Specific topics will include event attachments, maps and directions, sharing and embedding calendars, labs, quick add, search options, mobile notifications, scheduling Hangouts (video conferencing), and more. To register, visit Classmate.

For other available training sessions, visit Classmate Scheduled Workshops. If you are interested in custom software training, complete the Custom Training Form. Email all training questions to classreg@ncsu.edu.

Back to top

06: SAR training scheduled
Security Access Request (SAR) training for campus requestors and approvers of access to secured university data will be held on Wednesday, April 20 and Wednesday, June 8 from 9:30 a.m. to noon in Room 110 of the Avent Ferry Technology Center. There will be no SAR training scheduled in May.

To register, visit Classmate.

Back to top

07: Change your password before you travel abroad
While it may be simple to reset your password to your university accounts on the campus network or via other secure networks in the United States, doing so abroad can pose a serious dilemma if you travel to an area where there is no access to a secure computing environment.

If you reset a password over unsecured networks, someone could steal it and use it to gain access to your university accounts and personal information. But if you don’t reset it and it expires, you won’t have access to your important data.

So what can you do to ensure a smooth and safe trip? Plan accordingly.

  • Reset passwords for your university accounts BEFORE you travel overseas. Passwords at NC State expire at least once per year. There are certain situations that can cause your password to expire more frequently. Reset your password before you travel to restart the default expiration clock and minimize the chance you will need to change it again. See the Unity Password Change Tool.
  • Use a strong password or code to protect your accounts and mobile devices. Include numbers, uppercase and lowercase letters, characters, and symbols, if permissible, in your password. Make sure it is memorable but not too easy to guess. See the university Password Standard for additional information on choosing strong passwords.
  • Do not allow anyone to gain physical access to your device. A malicious individual can use this opportunity to install malware to crack your password or code to steal your data.
  • Avoid untrusted networks. In general, cellular networks are more secure than public WiFi networks. If you must use a wireless hotspot, never enter credit card or other sensitive information over that wireless connection, and if possible, avoid visiting websites (e.g., your bank, credit card company) that require you to enter a password. Instead, limit your activity to casual Web browsing only (e.g., reading the news, finding a nearby restaurant).
  • Enable 2-Step Verification, if available, on your accounts. 2-Step Verification, also known as 2 Factor Authentication, adds an additional layer of security when you sign into your account. Once you activate this security measure, you will be required to log in with your password and an additional security measure (e.g., a security code that is delivered to your mobile device via text, voice call or mobile app, a USB security key, printed backup codes). To view a list of applications that support 2-Step Verification, see Two Factor Auth (2FA).
  • Change your passwords immediately upon your return. To mitigate the risk of compromised passwords and accounts, be safe and remember to change the password to any accounts you access while travelling overseas.

Following these basic steps will help you stay secure while traveling internationally. If you require any assistance resetting your password, contact the NC State Help Desk at help@ncsu.edu or 919.515.HELP (4357).

Back to top

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Subscribe to OIT News

To subscribe or cancel your subscription online, go to http://go.ncsu.edu/subscribe-oitnews

To subscribe by email, send the following message to mj2@lists.ncsu.edu: subscribe oitnews

To unsubscribe by email, send the following message to mj2@lists.ncsu.edu: unsubscribe oitnews