Tuesday, 19 July 2016 11:13

Security tip: Stay safe online

Browsing web sites, shopping online, playing Pokemon Go — there are dozens of ways we go online every day. While no browser, app or device can be perfectly secure, learning safe browsing habits and practicing them every day can help you be safer and more secure online.

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. CyberSecurityTip Icon

Also be careful when selecting browser plugins, apps, or other downloadable files since they can introduce new vulnerabilities.

Here are some suggestions to make your day-to-day online browsing more productive, safe, and secure.

  • Keep your browser software up-to-date. Be sure to install antivirus updates and regularly check for and install browser plugin (e.g., Adobe Flash and Java) updates.
  • Be more secure! Make sure a URL includes HTTPS before entering any personal information.
  • When in doubt, ignore. Don't click on pop-up windows or extraneous ads.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. Consider using separate browsers for sensitive logins and general web browsing. UAB IT offers a free password tool, Keeper, to help students, faculty and staff keep their passwords secure.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi. Make sure that on campus you use the UABSecure WiFi network, rather than UABStartHere.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.
Phishing attacks, or attempts to acquire sensitive information such as usernames, passwords or credit card details, pose a major risk to you and the university.

These attacks may come in the form of emails that seem trustworthy, but may convince you to install malicious software or reveal your personal information under false pretences. CyberSecurityTip Icon

Look for indicators such as threats or spelling and grammar errors, and avoid clicking on any links in suspicious emails.

Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

Some more tips to avoid being a phishing victim:

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests or gimmicks.
  • Avoid opening links and attachements. Even if you know the sender, don't click on links that could direct you to a bad web site. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender's email address to make sure it's legitimate. If in doubt, just delete the message.
  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.

To report suspected spam to AskIT, please follow the instructions here.
 
BrianRivers Cropped2Brian Rivers is joining UAB IT July 11 as assistant vice president and chief information security officer.

Rivers has a broad background in information technology and security, with a career spanning 20 years in higher education and Fortune 500 business industries. For the past five years, Rivers has served the University of Georgia as University Information Security Officer.

Rivers holds both a Bachelor of Science in computer science and a Bachelor of Science in mathematics from Georgia College & State University.

“Brian brings leadership and experience to the position and will help us develop a world-class IT organization for UAB,” said Dr. Curt Carver, vice president and CIO.

“I would like to thank the members of the search committee, led by Robert Howard, for their hard work identifying excellent candidates for the position."

Members of the search committee included Robert Howard, associate vice president and deputy CIO; Dr. Franklin Tessler (UAB Medicine); Dr. Julio Rivera (Collat School of Business); and UAB IT’s Cindy Jones.
A phishing email purporting to be from the "IT Service & Support Desk" has hit several email inboxes among faculty and staff at UAB.

The fake email is likely an attempt to steal user information and should be deleted. The subject line may be "Dear Employee/Staff and Student," and it asks recipients to check email access due to a maintenance update. Clicking the email takes users to a non-UAB site called "IT Security Systems Update." A copy of the email is below:

Phishing ITServiceDesk

If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A phone scam targeting college students across the country is spoofing the FBI's phone number, threatening students and parents that they will be arrested if they do not pay thousands of dollars for such alleged debts as tuition, student loans or parking tickets.

The FBI has warned consumers to be on alert for such scams. Similar scams — in which malicious callers pretend to be law enforcement — have targeted UAB students in recent months, even costing them and their parents money.

The FBI will never call private citizens requesting money.

Often, callers in such scams appear to have students' personal information, but it is important to note that there has been no breach of personal information at UAB. Malicious callers often try to solicit more personal information from their victims over the course of the call.

If students or parents receive a call that seems suspicious, they should disconnect immediately and notify law enforcement.

If you receive these calls, do not follow the caller's instructions. Instead, the FBI advises you should:

  • Notify your banking institutions.
  • Contact the three major credit bureaus and request an alert be put on your file.
  • Contact your local law enforcement agencies if you feel you are in immediate danger.
  • File a complaint through the Internet Crime Complaint Center at www.ic3.gov.
April CyberSecuritySign
Planning a vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and CyberSecurityTip Iconguard your privacy.


  • Track that device! Install a device finder or manager on your mobile device in case it's lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
  • Avoid social media announcements about your travel plans. It's tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to "check in" to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you're traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
  • Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.
  • Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for "shoulder surfers" at the ATM.
 
Monday, 29 February 2016 13:33

Security tip: Guard your online privacy

You and your information are everywhere. When you're online you leave a trail of "digital exhaust" in the form of cookies, GPS data, social network posts, and e-mail exchanges, CyberSecurityTip Iconamong others. It is critical to learn how to protect yourself and guard your privacy. Your identity and even your bank account could be at risk!

  • Use long and complex passwords or passphrases. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
  • Take care what you share. Periodically check the privacy settings for social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet usually stays on the Internet.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.
  • Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
  • Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.

Ryan Murphy, a sophomore chemistry and biology major, used his artistic and video skills to create a palatable message about how to “connect with care.”

Murphy’s effort not only won UAB IT’s first student cyber security video contest but also offers good advice about avoiding spam emails, choosing secure web sites and using safe WiFi.

Murphy used tips from the Stop, Think, Connect web site to come up with his video idea, which compares food safety to safe internet use.

Video Check PresentationCIO Dr. Curt Carver presents a check to UAB sophomore Ryan Murphy.“I was trying to put a creative spin on (the cyber security tips),” he said, noting he has seen the trend of “draw my life” videos.

That’s Murphy’s own hand drawing the whiteboard artwork for his winning video.

Murphy, a graduate of Randolph High School in Huntsville, is also a member of UAB's Science and Technology Honors Program and has been using his video skills to help produce videos for that program, including a “This Month in Science” online newscast.

Murphy plans to go to medical school in the future, but said he also hopes to keep using and improving on his video hobby.
dataprivacy

Personal information is like money — you should value it and protect it. That's one of the main messages of Data Privacy Day, an international effort to encourage respecting privacy, safeguarding data and enabling trust online.

Here are some tips to stay privacy aware:

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information. Here's how to report spam to AskIT.

Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access. Sign up for the Identity feature at BlazerID Central so that you can more easily change your BlazerID password and so that you can receive RedFlag alerts if your personal information is changed in the Oracle payroll system.

What you post can last a lifetime: Before posting online, think about how it might be perceived now and in the future and who might see it. 

Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It's OK to limit how and with whom you share information.

Be aware of what's being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when an how you share information about others.

Post only about others as you have them post about you: The golden rule applies online as well.
Thursday, 14 January 2016 11:05

Reminder: Be aware of email phishing attempts

UAB IT reminds the university community to be aware of malicious phishing emails. 


To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:


  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.