Since most people have their cell phones just about permanently attached these days, it’s easy to forget that we need to keep them secure.

The February edition of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don’ts for phone and mobile device security.

Dos

• Enable security access.

• ONLY give your number out to people you know and trust.

• Use caller ID to block names and numbers of individuals you do not want to contact you.

• Delete emails that contain confidential or internal use information from your phone.

Don’ts

• Do NOT store confidential information on the phone, such as PIN numbers and credit card numbers.

• Do NOT take pictures or videos of anyone with your phone, or allow them to be taken of you, without permission.

• Never reply to text messages from people you don’t know and avoid in-person meetings with someone you know only through text messaging.

For more dos and don'ts and to see past issues of the bulletin, click here.

An e-mail sent to UAB accounts with the subject line “Your Email Account” appears to be a phishing attempt designed to steal personal information. The body of the e-mail includes the words "Security info replacement."

UAB IT is taking steps to prevent the further dissemination of e-mails from this sender, but reminds UAB employees remain vigilant to potential phishing scams.


The email asks users to click a link and enter their account information. UAB IT will never ask for account information in an e-mail.

spam
To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.




Logging onto a public WiFi network might be convenient, but it can also be dangerous. Learn tips to protect yourself in to the latest issue of the IT Risk Bulletin.

The January issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don'ts for joining a WiFi network.

Among the tips:

Dos
  • Before joining a network, ask an employee the official name of the business' WiFi. Be sure you are connected to the right WiFi spot and not a rogue location.
  • Select a secure WiFi network that requries a password to connect. A secure connection is indicated by an icon that looks like a lock.
  • Stay up-to-date with your antivirus software, applications and your system's security patches, especially before traveling.

Don'ts
  • Do NOT conenct to an unknown WiFi network.
  • Do NOT pay bills, access bank accounts or make purchases over public WiFi.
  • In Windows 7, do NOT select anything other than Public Network when setting a network location. Public Network blocks file and print sharing and turns off network discovery. This can be disabled in Mac OS X.

For more dos and don'ts and to see past issues of the bulletin, click here.
UAB IT will host a special collection to allow the University community to destroy old CDs, floppy disks and other digital media.

University staff and faculty can drop off digital media at the AskIT office at Cudworth Hall (CEC225) by noon on Thursday, Jan. 22.

Shred-It will be on site to dispose of the materials in a secure manner, in accordance with the UAB Records Retention Policy and Destruction of University Records Procedures.

Shred-It will be on site to collect the items after noon on Jan. 22.
An email sent to several UAB accounts purporting to be from Lister Hill Library, with the subject line, “Library Account,” appears to be a phishing attempt designed to steal personal information.

UAB IT is taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.
library phish


To report suspected spam to AskIT, please follow the instructions 
here

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.


Phishing attempts threaten not only employees' personal information but also University resources, according to the latest issue of the IT Risk Bulletin.

The December issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides tips on avoiding getting "phished."

• If you get an email, instant message or phone call in which you are asked for financial or personal information, do not reply or click links within the message.

• Never provide sensitive personal or financial information through email.

• Do not click links in potentially fraudulent email. A link that looks like it points to a valid Web site could be forged or cause your computer to download malware.

For more tips and to see past issues of the bulletin, click here.
UAB IT Provides Critical Guidance to Campus on Appropriate Versions of Internet Explorer, Mac OS, and Java to Mitigate Risks of Exploitation; updates Java recommendation to 1.7.0_72


Windows Systems:


• On Windows 7 Install IE 10 and Java 1.7.0_72

UAB IT has updated the minimum recommendations for versions of Internet Explorer and Java as UAB systems have improved functionality to support newer browsers and the currently secure version of Java. Internet Explorer 10 and Java 1.7.0_72 are recommended for installation on Windows 7/8. UAB IT also recommends using a separate browser with JAVA disabled for Internet use.  Use IE on campus with Java enabled and your choice of Firefox or Chrome for Internet browsing with JAVA disabled (for information on disabling Java click here).

Mac Systems:

• Install OSX 10.9 and Java 1.7.0_72

UAB IT has updated the minimum recommendations for versions of Mac Operating systems and Java as UAB systems have improved functionality that are compatible with the current version of Java. The recommended operating systems for use on Campus are Apple OSX 10.7x and 10.8x. While Apple OSX 10.6x is still supported by Apple, vendors are no longer testing against it for compatibility. Apple operating systems will not run any version lower than Java 1.7.0_51.

UAB IT also recommends using two different browsers — one for surfing the Web and one just for accessing UAB systems. For Internet Web browsing, use one of the following: Firefox Safari, or Chrome, with Java disabled (for information on disabling Java click here). For working with just UAB systems, choose a different browser and enable Java to work in it. If you run into compatibility issues with the local browser and UAB IT systems, use the IT terminal servers to access UAB resources via RDP client (for information on using IT terminal servers on Mac click here).

For more information, contact AskIT (www.uab.edu/askit).

Tweet
A new version of Firefox may impact UAB campus users trying to access certain administrative systems through that browser.

The Firefox 34.0.5 update disables SSLv3 by default.

Users who have updated Firefox this week may receive an error message if they try to access one of UAB’s administrative systems, such as Oracle or eLAS, on Firefox.
FireFox screencapture
Users can simply choose a different browser to access those systems. 

Other web browsers may issue similar updates in coming weeks, but UAB IT is working quickly to resolve the compatability and security issues.
“Your paycheck has been compromised.” That’s the kind of subject line you’ll see in a phishing email that’s trying to trick you into revealing personal information — like your BlazerID and password.

But if you fall for it, your paycheck — and all of your other personal information — truly could be compromised.

UAB has been under attack from scam artists and phishing e-mails. Dozens of individuals have fallen victim to the attacks and have had their e-mail accounts compromised and used for malicious purposes.

Users whose accounts are compromised will have their passwords revoked. The recommended method to reset them is through BlazerID self-service, particularly during the holidays when AskIT will have limited hours. AskIT will be closed on Thursday, Nov. 27, and Friday, Nov. 28, and will reopen at 9 a.m. Saturday.

Scam e-mails typically increase around the holidays, so take steps now to be able to recover your password by registering for BlazerID self-service.

Be extremely cautious about any e-mail message that claims to be from UAB, and NEVER provide your password in response to an e-mail communication.

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.



Social media has changed the way we interact with each other, but while they have made some things easier for us, they have also made it easier for us to be a target for security risks.

The November issue of the IT Risk Bulletin, a joint publication of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, offers some practical tips for staying safe online.

Among them:

• Keep private information private. Do NOT post your Social Security number, banking PIN or other personal information.

• Use the social network’s privacy and security settings to control what you post.

• Only approve friend requests from people you know.

For more tips and to access previous IT Risk Bulletins, click here.