Tag Archive | "UM Information Technology"


UMIT’s National Cyber Security Awareness Month Tip: Embrace Mobile Security

Mobile devices such as smartphones and tablets are dominating the IT landscape. As of 2014 there are almost 7 billion mobile subscriptions worldwide. Statistics reveal that 85 percent of consumers use the same device for personal and professional purposes, which has caused organizations to face mounting regulatory compliance mandates and security issues.

Currently, it’s estimated that 113 mobile devices are lost or stolen in the U.S. each minute. Most mobile devices contain substantial amounts of sensitive data—both business and personal. In 2013 companies in the U.S. paid an average of $3.5 million per breach (53 percent business sector, 19 percent government). Thirty-five percent of the breaches, resulting in data leakage, were attributed to lost or stolen mobile devices. Effective ways of avoiding the risk of a security breach include updating your mobile software, implementing data access control, utilizing secure data backup, and using encryption.

So, where should you start?

Keep Your Hardware Up-to-Date
Mobile devices are computers with software that need to be kept up-to-date, just like your PC or laptop. Mobile device manufacturers and application vendors regularly issue updates to fix known security and performance issues. It is important to ensure your devices have the latest versions of these updates, including operating system and/or application patches.

Protect Sensitive Information
Adopt the following practices to protect data on your mobile device(s):

  • Secure your device using a strong passcode to lock your device.
  • Keep your device physically secure while traveling.
  • Avoid keeping sensitive data on your device, and when you do store such data, limit the quantity and time it’s maintained on the mobile device.
  • Always use encryption when backing up your device.
  • Only install applications from trusted sources, and read the privacy policy to be sure you understand what data you’re sharing. Applications from unknown sources can contain spyware or malware, and even trusted applications may gather information you’re not comfortable sharing. Be especially careful with “free” applications.
  • Only keep geo location, Bluetooth, and Wi-Fi features on your mobile devices active when you are using them. Be aware that social networking sites may automatically post your location if you have geo location enabled. Learn how to disable the geotagging feature on your phone at http://icanstalku.com/how.php#disable.
  • Don’t click on links in emails or text messages unless you trust the sender and were expecting to receive a link from them. As with larger computers, malware, spyware, and phishing attacks against mobile devices are often initiated by clicking on links.
  • Be aware of the signs of potential compromise of your mobile device, including decreased device performance, random functions, or calls, texts, or emails to numbers and email addresses you don’t recognize.
  • Report your device lost or stolen as soon as you are aware so that you may leverage the remote wipe capabilities to prevent the unauthorized disclosure of data.

Connect with Care
Use common sense when you connect. If you’re online through an unsecured or unprotected network, be cautious about the sites you visit and the information you release.

  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your phone.
  • Protect your financial information: When banking and shopping, check to be sure the site is security enabled. Look for Web addresses that begin with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. (“Http://” is not secure.)
  • When in doubt, don’t respond. Fraudulent texting, calling, and voicemails are on the rise. Just like email, requests for personal information or for immediate action are almost always a scam.

Protect Others’ Privacy
Adopt the following practices to protect others’ privacy.

  • Avoid taking photographs while within the workplace, especially in a health care setting, unless it’s part of an approved operating procedure.
  • Obtain permission before taking pictures or videos of others with your mobile device.
  • Even with permission to photograph, you may be inadvertently capturing images with sensitive images, text, etc. in the background. Review photographs to ensure potentially sensitive information is not being inadvertently revealed.

For National Cyber Security Awareness Month (NCSAM), the University of Miami Information Technology (UMIT) department will be sharing important information, tips, and resources that focus on different cyber security issues, including cyber crime, mobility, and online safety. This year marks the 11th anniversary of NCSAM, sponsored by the Department of Homeland Security and the National Cyber Security Alliance.

If you have questions or concerns related to this topic, please contact: ciso@miami.edu.

When in doubt, immediately call the UMIT Service Desk:

o   Coral Gables/Rosenstiel School campuses: 305-284-6565, itsupportcenter@miami.edu
o   Miller School campus: 305-243-5999, help@med.miami.edu



Posted in For Your Benefit, InsideUMComments Off


Learn How to Create Secure Passwords to Stay Safe Online

This week’s National Cyber Security Awareness Month (NCSAM) article focuses on password security. Many people find it annoying or impractical to continuously change their passwords because it is difficult to remember new passwords and to keep track of the many unique passwords for different sites. For this reason, users often resort to creating simpler and far less secure passwords. Yet these simple passwords make it easier for hackers to breach personal information.

To create a secure password that is easy for you to remember, whether in the office or at home, follow these simple steps:

1. Do not use personal information: You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet’s name, and child’s birth date.

2. Do not use real words: There are tools available to help attackers guess your password. With today’s computing power, it doesn’t take long to try every word in the dictionary to find your password, so it is best if you do not use real words for your password.

3. Mix different character types: You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers, and even special characters such as “&” or “%.”

4. Use a passphrase: Rather than trying to remember a password created using various character types, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word. For example, rather than just having a password like “yr$1Hes,” you could take a sentence such as “I like to read the About.com Internet/Network Security web site” and convert it to a password like “il2rtA!nsws.” By substituting the number “2” for the word “to” and using an exclamation point in place of the “i” for “Internet,” you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.

Using the tips above will help you create passwords that are more secure, but you should also adhere to the following tips:

1. Use different passwords:You should use a different username and password for each login or application you are trying to protect. That way, if one gets compromised, the others are still safe. Another approach, which is less secure but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don’t need the extra security, but use unique usernames and more secure passwords on sites that do, such as your bank or credit card companies.

2. Change your passwords: You should change your password at least every 30 to 60 days, and don’t reuse a password for at least a year.

3. Default passwords: Upon receipt of a “default” password, change your password immediately. Default passwords that have not been changed are one of the most common ways of compromising an account and/or system.

For National Cyber Security Awareness Month, the University of Miami Information Technology (UMIT) department is sharing important information, tips, and resources that will focus on different cyber security issues, including cyber crime, mobility, and online safety. This year marks the 11th anniversary of NCSAM, sponsored by the Department of Homeland Security and the National Cyber Security Alliance.

If you have questions or concerns related to this topic, please contact: ciso@miami.edu.

When in doubt, immediately call the UMIT Service Desk:

o   Coral Gables/Rosenstiel campuses: 305-284-6565, itsupportcenter@miami.edu
o   Medical campus: 305-243-5999, help@med.miami.edu


Posted in For Your Benefit, InsideUMComments Off


National Cybersecurity Awareness Month: How to Protect Yourself from Phishing Email Scams

National Cybersecurity Awareness Month (NCSAM) is an opportunity to engage and inform the community about cybersecurity in order to create a safer, more secure, and more resilient cyber environment. This year marks the 11th anniversary of NCSAM, sponsored by the Department of Homeland Security and the National Cyber Security Alliance.

During the month of October, the University of Miami Information Technology (UMIT) department will be sharing important information, tips, and resources that will focus on different cybersecurity issues, including cyber crime, mobility, and online safety.

This week, UMIT focuses on phishing email scams. At times, these malicious emails appear to look official—as if they are coming from a University source—while at other times, they contain completely generic content. Phishing emails are effectively created to elicit curiosity and encourage individuals to click on Web links hosted at malicious sites. A best practice would be to never click on Web links embedded in the body of an email when you are unsure of the sender’s identity.

What are “phishing” emails?
The most common forms of phishing are emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks you to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask you to verify your information because they suspect you may be a victim of identity theft. In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.

Here’s what you should do to protect yourself from email phishing:

• Never click on links within emails
Fraudsters use these links to lure people to phony websites that look just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the website, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its website (use a search engine to find it).

• Beware of “pharming”
In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate website, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.

• Never enter your personal information in a pop-up screen
Sometimes a phisher will direct you to a real company, organization, or agency’s website, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies, and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.

• Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date
A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer—which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure. If in doubt, contact your system administrators to confirm your workstation is equipped with appropriate safeguards.

 Open email attachments only if you’re expecting them and know what they contain
Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

• Know that phishing can also happen by phone
You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.

• If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information
Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phonebook, the Internet, or directory assistance, then call to find out if the person is legitimate.

• Job seekers should also be careful
Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.

• Be suspicious if someone contacts you unexpectedly and asks for your personal information
It’s hard to tell whether something is legitimate by looking at an email or a website, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.

• Act immediately if you’ve been hooked by a phisher
If you provided account numbers, PINs, or passwords to a phisher, notify your system administrator immediately. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD (202) 326-2502.

• Report phishing, whether you’re a victim or not
Alert your system administrator or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL’s Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.

Cybersecurity begins with a simple message everyone using the Internet can adopt: Stop, Think, Connect. Take security and safety precautions, understand the consequences of your actions and behaviors online, and enjoy the benefits of the Internet.

To learn more, and for tips on how to protect yourself from phishing, please contact UMIT Security at ciso@miami.edu.

If you suspect you may be a victim of phishing, please contact the UMIT Service Desk immediately:

  • Coral Gables/RSMAS campuses: 305-284-6565, itsupportcenter@miami.edu
  • Miller School of Medicine campus: 305-243-5999, help@med.miami.edu


Posted in For Your Benefit, InsideUMComments Off


UMIT Security Alert: Beware the Heartbleed Bug

Dear Colleagues,
As many of you are aware, a serious security vulnerability has been exposed that is affecting websites worldwide. This security problem, called the “Heartbleed Bug” (see http://heartbleed.com for technical details) is a way for hackers to potentially see information when you browse a secure website. It can create situations where hackers gain access to passwords, credit card numbers, and other personal information.
UMIT is in the process of assessing our vulnerability throughout the institution. We have focused our attention on our most critical infrastructure. For example, we have confirmed that our central identity management systems are not vulnerable. We are working diligently with IT staff throughout the University as well as our vendors to detect and remediate the vulnerability. While we work to ensure the security of our systems, we have implemented additional protections to limit exposure. 
We are in close communication with our peer institutions and following the guidance of authoritative security experts such as the SANS Institute. We are considering what the best approach may be for future remediation activities. Our guidance at this time is to pay attention to the information you receive from financial institutions, retailers, and other organizations you do business with personally and be sure to follow the instructions they provide. As new information becomes available, we will keep you informed. 
If you are a system administrator or have additional questions regarding Heartbleed, please contact: ciso@miami.edu.
Steve Cawley
Vice President for Information Technology and CIO

Posted in NewsComments Off

Tags: , ,

UM Departments Honored at Miami Heat Game for United Way Success

UW-Heat Ceremony

Pictured from left to right are: UM mascot Sebastian the Ibis; Steve Cawley, vice president and chief information officer for UM Information Technology; Anthony Bonaventure, senior development officer for United Way of Miami-Dade; Nerissa Morris, UM vice president for Human Resoures and TeamUM United Way Campaign Chair; David Lubarsky, Emanuel M. Papper Professor and Chair of the Department of Anesthesiology; and Miami Heat mascot Burnie.

The University of Miami has been a proud supporter of the United Way of Miami-Dade for almost 40 years. Last year’s TeamUM United Way campaign raised more than $1 million, with two departments—Information Technology and Anesthesiology—being the highest-performing units during the annual fundraising drive, raising more than $57,900 and $55,900, respectively.

The two departments were recognized at halftime of the Miami Heat’s final preseason game on October 25 at American Airlines Arena. Accepting the honors for their respective units were Steve Cawley, vice president and chief information officer for UM Information Technology, and David Lubarsky, Emanuel M. Papper Professor and Chair of the Department of Anesthesiology.

The evening featured pregame activities for UM faculty and staff, who were awarded tickets to the game for making United Way pledges.


Posted in Freeze FrameComments Off

  • Features
  • Tags
  • Popular
  • Subscribe
  • Subscribe to the Veritas RSS Feed
    Get updates to all of the latest Veritas posts by clicking the logo at the right.

    You can also subscribe to specific categories by browsing to a particular section on our site and clicking the RSS icon below each section's header.

UM Facebook

UM Twitter