As part of UAB's ongoing efforts to enhance email security, UAB IT will be implementing several security improvements during April.

These enhancements include additional support for data loss prevention (DLP); enabling email encryption; and improving our protection against phishing campaigns. Additional details will be forthcoming when these services are implemented.

Data loss prevention support will include more email policy tips, similar to the credit card number policy tip implemented in March.

Email encryption will give those who use Office 365 email the opportunity to use an extra layer of security when sending emails, if they choose.

Protection against phishing campaigns will include methods to avoid UAB email servers being blacklisted.
A technology upgrade in Heritage Hall classroom 442 is earning rave reviews from those who use the classroom.

All of the technology in the room was upgraded: the computer is an all-in-one touch-enabled Windows 10PC; the AV controls were updated to the new classroom standard, with a new control panel with intuitive icon-driven interface; new, brighter projector; and Blu-ray player controlled by the touch panel.

“The Crestron system that controls the room will eventually be monitored remotely to ensure more efficient maintenance and support,” said Walt Creel, manager of classroom technology.

Academic adviser Raven M. Dials said she appreciated that UAB IT sought feedback from instructors and others on campus before making changes in the classroom.

“I had a guest speaker this past Tuesday, but she used the system and it worked great and looks amazing,” said academic adviser Raven M. Dials. “I was happy to see the upgrade as I was having issues every week with the projector shutting off in the middle of my presentations as well as our guest speakers. Thank you for taking the time to have it set up and asking for feedback!”

Academic adviser Courtney White added, “The new system is great. The old one would shut off about 10 minutes into my class every week and take me about five minutes to get the projector working again. I had absolutely no issues today.”

Learn more about the classrooms UAB IT serves here, and get the status of classroom technology here.
EmailtotheCloud

UAB IT is planning to migrate UAB employee and faculty email to Office 365, a cloud-based system that offers new tools and continuous upgrades to improve the service and environment.

Office 365 offers several advantages for users, and because email is in the cloud, it is not dependent on UAB facilities being available when the user is off-campus. Office 365 is also the email system that students use.

After two successful pilot programs, UAB IT has been migrating the email of customers served by Desktop Services throughout the month of March.

On April 7, UAB IT will begin migrating all campus employees' email to Office 365, with migrations taking place in waves throughout the summer. Employees whose email will be migrated will be notifed by email the week before the migration, with detailed instructions about how to prepare for the change.

There are three main steps that employees can take to prepare for the most successful email migration:
  • Update to Microsoft Office 2016.
  • Ensure your user name is set in the format "BlazerID@uab.edu" on ALL of your devices.
  • Ensure that your email is in what is called "cached mode." 
             To enable cached mode:
                   1. Go to File click the Account Settings button and select Account Settings
                   2. Select the account with Microsoft Exchange as the Type, then click the Change button
                   3. Under Offline Settings, check the box for Use Cached Exchange Mode
                   4. Click Next, Finish.
You can find details about these steps at uab.edu/Office365. Contact your department IT staff or AskIT if you have any questions.

UAB IT will host an online Town Hall meeting about the migration for campus IT professionals on Monday, March 27, at 1 p.m.

Click here to learn more about the migration.
Beginning Apr 15, 2017, access to the Report Viewer application will be limited to UAB Campus and Hospital networks, or for external users via VPN.

A VPN is used to connect a remote user to UAB campus resources that are restricted for reasons of security and/or licensing constraints.

For detailed instructions and downloads, please visit uab.edu/VPN. Anyone who has trouble accessing this resource from off campus should contact AskIT at askit.uab.edu.
With the latest Firefox update (52.0) and subsequent updates, Java, Silverlight, Adobe Acrobat, and other plugins will no longer work.

Use Internet Explorer 11 to access Oracle and any other system that relies on the above applications.

Click here for more information from Mozilla. 
April UAB IT Security Awareness

Identity theft is a real threat; it can happen to anyone, and it can be challenging for victims to deal with the fallout. 

The following tips can help you prevent identity theft.

  • Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
  • Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
  • Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
  • Take advantage of free annual credit reports. In the US, the three major credit reporting agencies provide a free credit report once a year upon request.
  • If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your social security number, password, or account number in a pop-up ad, e-mail, text, or unsolicited phone call.
  • Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
  • Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
  • Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Consider waiting to access online banking information or other sensitive accounts until you are at home.
  • Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.
If you become a victim of identity theft:

  • File a report with the US Federal Trade Commission at IdentityTheft.gov.
  • Use the identity theft report to file a police report. Make sure you keep a copy of both reports in a safe place.
  • Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800-525-6285), Experian (888-397-3742), or TransUnion (800-680-7289).
60 Sec Survey Student Page

UAB IT wants you to take a 60-second survey to tell us your communication and technology preferences.

The quick 10-question survey will give UAB IT more information about how to communicate with our customers and will let us know what technology services are most valuable and important to you.

UAB IT appreciates the feedback from students, faculty, staff and researchers to help determine technology priorities and communication methods.

Take the survey here.

Emailing Sensitive Information

Sending credit card numbers and personally identifying information via email makes you more vulnerable to identity theft.


Beginning late Friday, March 10, UAB IT will implement policy tip warnings via email if it appears you are trying to send a credit card number via your UAB email account.

These warnings are intended to alert you to potential danger and help you protect yourself.

The popup policy tip will say: "The content of this email appears to conflict with UAB Policy regarding unsecured transmission of credit card or other personally identifiable information. Be safe and review the email content before sending."

With Friday’s introduction of the policy tip, emails will not yet be blocked from being sent. But emails that appear to include credit card information will eventually be blocked — both in incoming and outgoing emails.

“Sending credit card information, Social Security numbers, dates of birth and other personal or financial information is extremely dangerous and could leave you vulnerable to identity theft,” said Brian Rivers, assistant vice president and chief information security officer. “Our goal with these policy tips is to help protect our students, faculty and staff.”

In the future, UAB IT will add more policy tips and preventive measures to protect other sensitive information — including Social Security numbers — from being transmitted via email.
UAB IT will host an open town hall meeting from 10 to 11 a.m. on Monday, March 20.

The focus of the town hall will be campus needs and opportunities for improvement on the AskIT help desk.

The town hall will be held in the Alumni Theater at the Hill Student Center.

Learn more about UAB IT’s efforts to improve service at the AskIT help desk here.
Sending sensitive data via email is dangerous — and UAB IT is implementing new methods to help prevent students, faculty and staff from sending information they might regret.

Beginning March 3, UAB IT will implement a new system to help prevent credit card information from being transmitted via email. In the first phase, UAB IT's information security team will be notified of attempts to send a credit card number from a UAB email account.

During the next phase, you will see a popup policy tip advising you that sending such information violates UAB policy.

The popup policy tip will say: "The content of this email conflicts with UAB Policy regarding unsecured transmission of credit card information. If you do not resolve this conflict, this email may be blocked. Please refer to the UAB payment card policies and handbook."

When UAB IT introduces the policy tip warnings, emails will not be blocked from being sent yet. But emails that appear to include credit card information will eventually be blocked — both in incoming and outgoing emails.

"Our goal is to create a safer environment for UAB students, faculty and staff and to protect their personal and financial information," said Brian Rivers, assistant vice president and chief information security officer.

In the future, UAB IT will add more policy tips and preventive measures to protect sensitive information — including Social Security numbers — from being transmitted via email.

We all like to travel with our mobile devices (smartphones, laptops, or tablets) — whether it’s to the coffee shop around the corner or to a café in Paris. These devices make it easy for us to stay connected while on the go, but they can also store a lot of information — including contacts, photos, videos, location, and other personal and financial data — about ourselves and our friends and family. Following are some ways to protect yourself and others.

Before you go:

  • If possible, do not take your work or personal devices with you on international trips. If you do, remove or encrypt any confidential data.
  • For international travel, consider using temporary devices, such as an inexpensive laptop and a prepaid cell phone purchased specifically for travel. (For business travel, your employer may have specific policies about device use and traveling abroad.)
  • Install a device finder or manager on your mobile device in case it is lost or stolen. Make sure 
    it has remote wipe capabilities and that you know how to do a remote wipe.
  • Ensure that any device with an operating system and software is fully patched and up-to-date with security software.
  • Makes copies of your travel documents and any credit cards you’re taking with you. Leave the copies with a trusted friend, in case the items are lost or stolen.
  • Keep prying eyes out! Use strong passwords, passcodes, or smart-phone touch ID to lock and protect your devices.
  • Avoid posting social media announcements about your travel plans; such announcements make you an easy target for thieves. Wait until you’re home to post your photos or share details about your trip.

While you’re there:

  • Physically protect yourself, your devices, and any identification documents (especially your passport).
  • Don’t use an ATM unless you have no other option; instead, work with a teller inside the bank. If you must use an ATM, only do so during daylight hours and ask a friend to watch your back. Also check the ATM for any skimming devices, and use your hand to cover the number pad as you enter your PIN.
  • It’s hard to resist sharing photos or telling friends and family about your adventures, but it’s best to wait to post about your trip on social media until you return home.
  • Never use the computers available in public areas, hotel business centers, or cyber cafés since they may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to e-mail or any sensitive accounts.
  • Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected.
  • Disable Wi-Fi and Bluetooth when not in use. Some stores and other locations search for devices with Wi-Fi or Bluetooth enabled to track your movements when you’re within range.
  • Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.

When you return:

  • Change any and all passwords you may have used abroad.
  • Run full antivirus scans on your devices.
  • If you used a credit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
  • If you downloaded any apps specifically for your trip and no longer need them, be sure to delete those apps and the associated data.
  • Post all of your photos on social media and enjoy reliving the experience!

 

Desktop install

A new grant to help prepare the Birmingham area workforce for new IT jobs got a helping hand last month from UAB IT.

Staff members from the department’s Desktop Services helped install computers at Innovation Depot to prepare for the first cohort of future IT professionals to participate in training as part of the Innovate Birmingham program.

The Innovate Birmingham initiative is a result of the Innovate Birmingham Workforce Partnership, a coalition of more than a dozen regional leaders, receiving nearly $6 million from the Department of Labor and Training Administration’s America’s Promise Grant. UAB served as the lead partner and fiscal agent for the consortium. Other partners include the City of Birmingham, TechBirmingham, the Dannon Project and Innovation Depot.

“Assisting with this project is part of our initiative to grow the community of information technology excellence in our community and beyond,” said Dr. Curtis A. Carver Jr., vice president and CIO.

The America’s Promise grant was awarded to community, business, and education leaders who are committed to fostering economic growth for the region and offering better opportunities for young adults. The grant will train nearly 1,000 people aged 17-26 and transition them into high-paying jobs in the IT sector. The partnership has secured support from 27 regional employers. This will establish a sustainable pipeline of talent in Birmingham to fuel inclusive innovation for local employers, meeting IT workforce demand for the region by offering demand-driven education, training and employment opportunities for area youth who are disconnected from the labor market. The training and education program will co-locate job-seekers with job-creators in the heart of the newly formed Innovation District by providing space for training at the Innovation Depot. Grant activities began January 1, 2017 with intent to begin training this spring.

“This award represents the commitment and collaboration of Birmingham’s top leaders in government, industry and academia to form the partnerships that enable our young people to obtain the skills they need to land good jobs in the city,” said Josh Carpenter, director of external affairs for UAB.
Protecting UAB data — from personal health and financial information to top-notch research — is one of the most important responsibilities at the University.

UAB’s Data Protection Rule establishes roles and responsibilities for those individuals and groups who will safeguard and use UAB data.

UAB IT and UAB Health System officials worked together to develop the Data Classification Rule, which has three levels of data: public, sensitive and restricted/PHI (personal health information).

The accompanying Data Protection Rule establishes six specific roles for those protecting institutional data.

“While the people with the most accountability for securing University data are in leadership and information technology, all of us at UAB have a responsibility to safeguard our data according to the proposed classification standard,” said Brian Rivers, assistant vice president and chief information officer. “That responsibility protects the university and the individuals who work here and attend school here.”

Data stewards

Data stewards have administrative control and are officially accountable for a specific information set. Examples include the vice president of Financial Affairs and Administration; the vice president for Research and Economic Development; deans and department chairmen overseeing data from their respective academic areas; and hospital managers or directors and vice presidents overseeing data from their respective clinic areas.

Data custodians

Data custodians safeguard the data on behalf of the data steward. While data stewards are ultimately responsible for the security of data, data custodians ensure the security controls are in place. UAB’s central Information Technology units (UAB IT) will be responsible for protecting all institutional data maintained and stored in the institutional information systems. UAB Health Services Information Services (HSIS) will be responsible for protecting all Health System data maintained and stored in the institutional information systems.

UAB Information Security

Members of the UAB IT and UAB Health System information security teams are responsible for developing and implementing the information security program, as well as the supporting data security and protection policies and procedures.

Departmental security administrators

Each unit or department senior manager will choose one DSA to act as a liaison with the UAB Information Security team. DSAs oversee information security responsibilities for the departments, including security awareness and security incident response.

System administrators

System administrators in UAB IT, HSIS and school/department units who are responsible for day-to-day maintenance of information systems are responsible for following data security protection procedures and practices.

Data users

Data users refers to individuals authorized to access UAB data and who are responsible for protecting information assets on a daily basis through adherence to UAB policies.
uab app spark 690x500

What could be added to the UAB app to make your life on campus easier?

UAB wants to hear your ideas for the new UAB app, which launched last fall and is designed to help students, staff and guests get around campus, get hired and get things done.

A new SPARK campaign seeks ideas from students, faculty and staff about what features to add to the app to make it more functional for everyone on campus.

Just log in to the SPARK campaign, submit your idea, or vote or comment on other ideas.

Those ideas that rise to the top in voting will likely get priority as the development of the app continues.

The UAB app already includes a campus map, directory and news and sports headlines; integrations with Canvas and BlazerNET, and links to IT services, Hill Center hours, campus dining and more.

Future plans include adding integrations for the B-Sync calendar and checking your OneCard balance.

Potential new features include academic adviser scheduling, functionality to move or remove tiles, and making tuition payments, as well as registration for events or classroom attendance.

What would you like to see in the app? Laundry or printer availability? A parking map? Library services?
A proposed data classification system for UAB will make it easier for faculty, staff and researchers to determine how best to keep University data safe.

UAB IT has worked closely with information security officials from UAB Health System to develop the proposed classification system.

Data Classification Levels

The new system proposes three levels of data: public, sensitive and restricted/PHI.

“Much of the University data covered by the sensitive and restricted levels is already regulated by law or contract,” said Brian Rivers, assistant vice president and chief information officer. “This proposed standard should help employees determine the best level of protection for the data they use.”

Public data

Public data is data that can be disclosed to the general public without harm. Examples of public data include phone directory information, course catalogs, public research findings, enrollment figures, public web sites, general benefits data, press releases, newsletters and other similar information.

Sensitive data

Sensitive data is data that should be kept confidential, with access requiring authorization or legitimate need-to-know involvement. Examples of sensitive data include FERPA information, budgetary plans, internal communications, proprietary business plans, patent pending information, export controls information and data protected by law.

Restricted/PHI data

Restricted/PHI data is sensitive data that is highly confidential in nature, and carries significant risk from unauthorized access. Privacy and security controls are typically required by law or contract for this data. Examples include Social Security numbers, credit card numbers (PCI), personally identified information, protected health information, Graham-Leach-Bliley Act (GLBA) data, export controlled data, FISMA regulated data, login credentials, and information protected by non-disclosure agreements.

The proposed policy also establishes roles and responsibilities for protecting institutional data.


UAB’s new supercomputer “worked like magic” as University professor Dr. Hassan Fathallah-Shaykh participated in a world-wide competition to evaluate MRI images of the brain.

Fathallah-Shaykh, a professor in UAB’s Departments of Neurology, Mathematics, Integrative, Developmental and Cell Biology, Biomedical, and Electrical Engineering won the 2016 BRATS Competition in Athens, Greece.

BRATS is short for Multimodal Brain Tumor Image Segmentation Challenge. Dr. Fathallah-Shaykh’s team, along with fellow Blazer biomedical Engineering graduate student Fabio Raman, tied with two other groups to top the field of 19. The use of UAB’s new supercomputer helped to separate Dr. Fathallah-Shaykh from the rest of the field, he said.

Last year, UAB IT installed the fastest supercomputer in the state — and one of the fastest in the Southeast. UAB increased computing speed for researchers from 10 teraflops to 110 teraflops, and increased storage from 0.7 petabytes to nearly 7 petabytes.

“The supercomputer worked like magic, without any glitches. It is evident that I would not have been able to compete without the supercomputer resource,” he said.

The BRATS Challenge consisted of the MRIs of 191 brain tumor patients diagnosed with low and high grade gliomas in different parts of the brain before and after surgery. Teams were tasked with determining the location of the segments of each MRI image that include enhancing tumor, FLAIR signal changes, necrosis, and tumor core, if any.

Dr. Fathallah-Shaykh’s method was the only method that was interactive, semi-automated and did not use statistical learning or neural networks.  It is designed such that the user can easily check the results and easily make modifications, if needed.

The method consists of two parts, and Fathallah-Shaykh used UAB’s research computer Cheaha to run first part of this process, which was the segmentation with NMF-LSM (Non-Negative Matrix Factorization and modified Level Set Method). He was granted 265 processors; all calculations were competed in about 12 hours — a process that without the supercomputer would have taken days to perform.

The performance of Dr. Fathallah-Shaykh and his team with the use of the supercomputer is a further sign that UAB’s “investment in research computing is paying off. UAB IT is committed to giving our researchers and faculty world-class technology, so that they can innovate and change the world," said Curt Carver, UAB’s VP of Information Technology.  
AskIT photo

New training techniques and a partnership with a leading technical support vendor are helping UAB IT improve its customer service goals in the AskIT help desk.

UAB IT has made a pledge to the university community to support their mission as a world-class educational and research institution. UAB IT leadership — including Vice President and CIO Dr. Curtis A. Carver Jr. — have been working in the help desk for months to build on improvements.

To make the mission of delivering world-class IT support to UAB faculty staff and students a reality, Jason Johnson, associate director for AskIT, has been put in place concrete steps to achieve this goal.

The first step is training and ensuring the AskIT Help Desk returns to the basics of the customer experience by focusing on training consistency and accuracy.

“Giving the Help Desk basic training for soft skills, customer service and guidance on how to handle tickets will ensure the team is consistent with each customer contact,” Johnson said.

In conjunction with these training plans, AskIT will also develop a standard skill level. They have also partnered with HDI, a renowned leader in the technical support industry, to deliver a blend of customer support, communications and problem solving to AskIT employees.

A constant need for the UAB campus is the dependence on technology and the expectation that issues should be resolved as efficiently as possible. AskIT is working on building up the staff to support the UAB administration, faculty, staff and students in order to handle the 10,000-12,000 requests and issues they receive on a monthly basis. 
UAB IT’s new firewall posture — known as “default-deny” — has significantly reduced potential outside attacks on the UAB network.

The new posture, “default-deny,” is a best practice for enterprise environments protect the campus community and better screen out unwanted or unexpected network activity. 

UAB’s attack surface has now dwindled from about 100,000 IP addresses to a little more than 2,100. Of those, most are publicly accessible web services or applications needed for University business, academic resources, collaboration or research.

This success of the new default-deny project is a result of co-authorship and partnership with IT professionals across campus.

The change does not impact any servers or services located within the UAB Health System network, as HSIS utilizes the default-deny firewall policy for their network segment.

If you have any specific technical questions, feel free to contact the Enterprise Information Security staff at 975-0842 or via email at datasecurity@uab.edu.
When you get what looks like a phishing scam email, you have a quick and easy tool to report it to UAB IT.

PhishMe Reporter allows you to make one click to send the email scam to UAB IT's information technology department to investigate — it's a little bit like sending up a signal flare to report phishing attacks.

Anyone using Microsoft Outlook for campus email should install PhishMe Reporter and use it for reporting phishing emails. Campus faculty and staff who are servced by UAB IT's Desktop Services should already have PhishMe Reporter installed on Outlook.

If you have questions, please contact AskIT at 205-996-5555 or your department's IT personnel. 

For information about phishing — and how to avoid getting caught by a phishing email — visit uab.edu/phishing.
Anatomy of a Phish 04Click the image for a larger view

It was an easy phish to fall for: An email that looked like it came from UAB President Ray Watts, with an “important announcement.”

But while it looked innocent, the email that went to students, faculty and staff across campus came from a malicious attacker trying to gain access to UAB systems — and your personal and financial information.

So how do you spot a phish? Take time to look for the signs. Even an email that seems “official” can have the telltale hallmarks of a phish.

The “Ray Watts” email, for example, didn’t actually come from Dr. Watts’ email, or any UAB address.

If you hover your mouse over the sender’s address, you see an outside email — a clear sign that it could be a malicious attacker.

Mismatched fonts, bad grammar, unsolicited attachments and links are other signs that a seemingly harmless email is actually out to steal your information.

Never click on links or open attachments in unexpected emails. Only enter your credentials — your BlazerID and password — at trusted web sites.

Being vigilant against phishing protects you — and all of UAB.

Visit uab.edu/phishing to learn more about how to avoid phishing attacks and get the latest alerts.

Also, install PhishMe Reporter on Outlook so you have one-click access to report phishing emails to UAB IT's information security division.