The new UAB IT connects to AskIT, TechConnect and the IT News feed to give you quick access to technical help, tech purchases and IT news.
The new UAB mobile app gives students, employees and guests access to the campus map and directory, as well as integrations for Canvas and BlazerNET. You can also find out what’s happening on campus, hours for the Hill Student Center, menus for campus dining and more.
With seven IT strategic imperatives and a new IT Strategic Plan as a guide, UAB IT has much to accomplish in the new year.
“Our goal is always to empower the students, faculty, researchers and employees at UAB to greatness,” said Vice President and CIO Dr. Curtis A. Carver Jr. “Last year we sought input across campus for the IT Strategic Plan, and this year we are excited to continue implementing the improvements you want and need.”
Establishing a security operations center, continuing an active phishing program and re-examining and reconstructing university security policies are among the top priorities in 2017.
UAB IT also plans to establish business goals and principles for IT governance, and design an IT technology roadmap for infrastructure services.
UAB IT began a renewed focus on its help desk last year, and that effort will continue as the department looks to deliver world-class IT service.
A new system status page has debuted, and a new IT web site will also debut in 2017. UAB IT is also expanding its training opportunities for employees, investing in their success as the department also reorganizes to maximize our impact on campus.
As part of its imperative to increase business value, UAB IT will also look to renegotiate contracts and rationalize core systems, while also building on the success of the TechConnect store at the Hill Student Center.
Furthering academic and research partnerships, UAB IT will continue to help implement the new UAB app with integrations that make sense for campus, including eBeacon technology, and implement the Science DMZ, among other goals.
Following are specific steps you can take to protect your online information, identity, and privacy.
- Use a unique password for each site. Hackers often use previously compromised information to access other sites. Choosing unique passwords keeps that risk to a minimum.
- Use a password manager. Using an encrypted password manager to store your passwords makes it easy to access and use a unique password for each site.
- Know what you are sharing. Check the privacy settings on all your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
- Guard your date of birth and telephone number. These are key pieces of information used for verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
- Keep your work and personal presences separate. Your employer has the right to access your e-mail account, so you should use an outside service for private e-mails. This also helps you ensure uninterrupted access to your private e-mail and other services if you switch employers.
- There are no true secrets online. Use the postcard or billboard test: Would you be comfortable with everyone reading a message or post? If not, don't share it.
The email looks similar to the image below:
This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.
If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.
Look at the URL of the website you are visiting.
To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.
Follow these additional tips to avoid being a phishing victim:
- Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
- Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
- Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
- Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
- If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
- Don’t open attachments. They may contain viruses or malware that can infect your computer.
- Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
- Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
At this time, there is no indication of a compromise of your personal information and/or passwords. UAB employee Lynda users who authenticate with BlazerID credentials are not affected by this security issue.
UAB IT will closely monitor this situation and provide updates as needed.
More information concerning the data breach can be found here.
When a user installs the OneClass Chrome extension, the plugin asks for permission to "read and change all your data on websites you visit." If a user grants this permission, the plugin places a button in the user's LMS (Canvas or other) labeled "Invite your classmates to OneClass." If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course vis the LMS message system (for Canvas, that's Conversations). Each message says:
Hey guys, I just found some really helpful notes for the upcoming exams for [school name] courses at [OneClass link]. I highly recommend signing up for an account now. That way, your first download is free!
We strongly recommend that you NOT install or use the OneClass Chrome extension or that you remove the plugin if you have already installed it. The “invite your classmates” message acts as a phishing attempt, and the permission the extension prompts users to grant could result in their information being stolen.
To uninstall a Chrome extension, please follow these instructions from Google Chrome.