Protecting yourself online also helps protect everyone. Follow these six recommendations to better protect yourself online and make the Internet more secure for everyone:

  • Fortify each online account or device. Enable the strongest authentication tools available. This might include biometrics, security keys, or unique one-time codes sent to your mobile device. Usernames and passwords are not enough to protect key accounts such as e-mail, banking, and social media.
  • Keep a clean machine. Make sure all software on Internet-connected devices — including PCs, laptops, smartphones, and tablets — are updated regularly to reduce the risk of malware infection.
  • Personal information is like money. Value it. Protect it. Information about you, such as purchase history or location, has value — just like money. Be thoughtful about who receives that information and how it is collected by apps or websites.
  • When in doubt, throw it out. Cybercriminals often use links to try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
  • Share with care. Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it could be perceived now and in the future.
  • Own your online presence. Set the privacy and security settings on websites to your comfort level for information sharing. It is okay to limit how and with whom you share information.
student computer

Faculty at UAB have begun using a new automated communications tool in Canvas that allows them to send messages to students who have missed class or who have not logged in to view information about the class.

Instructors across campus have found that the tool not only benefits the students, but also the faculty in the classroom.

Stephen Yoder, assistant professor in the Collat School of Business, said the automated alerts not only helps to remind the students to remain committed, but Yoder has also found that “I am engaged as well.”

The intent of the messaging is to increase student engagement and retention.

Alerts can serve as the guardrail for students who may need a wake-up call to “nudge them back on track,” as Josh May, assistant professor of philosophy, describes it.

“The alerts are especially useful for online classes,” May said, since students are not required to physically attend in-class lectures.

The alerts work for classes big and small, notes Mitzy Erdmann, instructor in the Department of Chemistry.

“The alerts are easy for instructors to set up, and I will definitely use them in the future,” Erdmann said.

Faculty members can use the automated alerts through their faculty profiles in Canvas.
WannaCry header

UAB’s cybersecurity protections have warded off “WannaCry” ransomeware. To date, this malicious software has had little effect at UAB because of security protections put in place by UAB IT. However, the UAB community should remain on guard to protect from future threats.

The ransomware attack using what’s been called WannaCry software has locked computers in more than 150 countries, exploiting vulnerabilities, and has already inspired similar attacks.  In a ransomware attack, malicious software can encrypt and block the data on your computer or device — and hackers can then demand payment in exchange for the return of access to your data. 

The UAB community must be aware of the risks to avoid being tricked into installing malicious software on their computers, which can then also spread to other computers on the network.

This kind of attack is not new — it is a new twist on an old crime — but the rapid worldwide spread of WannaCry heightened media attention.

Over the past year, UAB IT has been putting new protection methods in place that help guard against such cyber attacks.

Among the new defenses:

  • SCCM, or Microsoft System Center Configuration Manager, provides automated patch management to systems across campus. Patch management helps protect against potential malicious intrusion and allows the network to be monitored constantly — that way, immediate action can be taken if a patch has yet to be released when a vulnerability is discovered. Patch operating systems, software and firmware on devices. A centralized patch management system, like UAB’s SCCM, is the best way to manage system patching. SCCM patched many UAB systems against the WannaCry malware more than a month before the outbreak. Anyone who is not using SCCM is encouraged to contact AskIT to work with UAB IT staff to deploy it on their systems.
  • Default-deny is a new firewall posture implemented late last year to better protect against intrusions by external attackers. The posture, which is considered a best practice, means only approved network services are allowed. Everything else is denied to help protect the network — and UAB and employees’ and students’ data. This posture protected UAB’s systems from external WannaCry scans and infections.
  • PhishMe simulated campaigns and PhishMe Reporter tool have helped increase awareness of the dangers of phishing emails among UAB students, faculty and staff.  Phishing scams often take the form of fraudulent emails designed to trick users into revealing sensitive or protected information, such as usernames and passwords or bank information, but posting as a legitimate entity such as your bank, social media sites — or even the university president.
UAB faculty, staff and students are urged to remain vigilant against phishing attacks. To guard against phishing and ransomware attacks:

  • Be aware that you are a target.
  • Scrutinize links contained in emails, and do not open attachments in unsolicited emails.
  • Report any suspected phishing emails.
  • Keep all software on your computer up to date.
Automatic email forwarding to a non-UAB IT account is permissible, but be sure you understand the risks and policies that affect you.

Storage or forwarding of Restricted/PHI data is not permitted in uab.edu email.  However, if you receive an email containing Restricted/PHI information and you have configured your mailbox to forward to a third party; this will lead to a breach of this information.


Also, UAB IT encourages faculty, students and staff not to automatically forward email to non-UAB accounts because of the lack of security oversight of those types of services; data protection concerns around FERPA and HIPAA; and the desire to guarantee the best possible supported user experience on campus.

If you choose to set up email forwarding, please note:

  • Any UAB message, regardless of location, is subject to UAB open records policy.
  • Any phishing remediation resulting from forwarding messages will be charged back to the individual, not the department.
  • Information forwarded to third parties, outside of UAB contracts, could constitute an unauthorized disclosure of restricted information. You are liable for these disclosures.
  • It is a violation of UAB HIPAA policy to forward email containing sensitive information or Protected Health Information to public email systems.
Page 5 of 27