October 2014

We've expanded the tips and resources on Safe Computing to help people protect sensitive university data and keep their devices and data safe while traveling. The new Traveling Safely with Technology page has links to resources, which include

• Recommendations for steps you can take before, during, and after your trip to protect sensitive university data and your own personal information.
• Additional precautions you can take when traveling to countries where data is at greater risk, as well as tips to help you deal with limited access to university resources.
• Information about U-M travel resources, access to U-M Google abroad, cellular connectivity, and electrical outlets around the world.
• A two-minute video that summarizes suggestions to help you keep your devices and data safe when traveling.

To help you educate the university community about their responsibilities when using their own devices to work with sensitive university data, there is a new tutorial on Safe Computing:

• Using Your Devices Securely with U-M Data

Some Security Unit Liaisons and others asked for such a tutorial to help them as they implement Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33) in their units.

When IIA first announced plans for a Network Intrusion Prevention System (IPS), we announced that the ITS Virtual Firewall Service would be retired after the IPS was in place. This is no longer the case. The Virtual Firewall Service will remain available for the foreseeable future. As we continue with IPS implementation, ITS will be reaching out to units to better understand their ongoing firewall needs and work with them to develop a firewall service that meets those needs. Check Network IPS Planned for 2015 for updates on the status of IPS implementation at U-M.

When IIA first announced plans for a Network Intrusion Prevention System (IPS), we announced that the ITS Virtual Firewall Service would be retired after the IPS was in place. This is no longer the case. The Virtual Firewall Service will remain available for the foreseeable future. As we continue with IPS implementation, ITS will be reaching out to units to better understand their ongoing firewall needs and work with them to develop a firewall service that meets those needs. Check Network IPS Planned for 2015 for updates on the status of IPS implementation at U-M.
Annual Digital Copyright Compliance Message Sent to Students

Federal law requires us to send an annual message to all U-M students to help them understand their copyright compliance responsibilities and avoid potential legal problems related to copyright infringement. This year's message, sent to students on October 1, noted that copyright compliance enforcement agencies have become increasingly aggressive in pursuing copyright infringers over the past couple of years.

• Annual Copyright Compliance Message to Students (2014)
• Digital Copyright Compliance

These copyright compliance responsibilities apply equally to faculty and staff.

National CyberSecurity Awareness Month is sponsored each October by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). This year's theme is "Our Shared Responsibility."

"No individual, business or government entity is solely responsible for securing the Internet," according to NCSA's website. "Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Individual actions have a collective impact and when we use the Internet safely, we make it more secure for everyone."

IIA is celebrating the month with these activities:

• The Safe Computing home page is highlighting cyber security awareness during October.
• An email message was sent to U-M faculty and staff on October 2 with four important cyber security tips.
• SUMIT 2014, a free half-day conference about cyber security in an ever-changing world, was held October 14 at Rackham Auditorium. Recordings of SUMIT 2014 presentations are available now on Safe Computing.
• The Security 101 online exam for students on the Ann Arbor campus will be available October 27-31, and students will receive an email invitation and reminder to participate.

For more about National CyberSecurity Awareness Month, see these websites:

• Homeland Security: National Cyber Security Month 2014
• NCSA - Stay Safe Online: National Cyber Security Awareness Month
• Stop | Think | Connect - Cyber security awareness tips, resources, and more.

FBI launches a face recognition system, CNNMoney, 9/16/14

CNNMoney reports that Michigan took part in the FBI's Next Generation Identification (NGI) system pilot program. There are concerns that the NGI photo database may be integrated with security cameras.

At U-M, security camera data is considered sensitive institutional data. Access to the data is limited, and recorded images should not be retained for more than 30 days except under specified circumstances. See Proper Use of Security Cameras (SPG 606.01) for details.

Government agencies not securing your data, or your kids, The Lead with Jake Tapper on CNN, 9/15/14

Researchers with Rhino Security labs exploited a vulnerability, patched by Oracle in 2012, and discovered that they were able to access sensitive information such as Social Security numbers, birth dates, driver's license number, and passport numbers stored by some government agencies and two Big Ten schools.

IIA and other ITS staff responded quickly to this report. While the technical details of the vulnerability were not revealed, IIA identified three potential vulnerabilities patched in 2012 that aligned to what was described in this article. After scanning U-M systems, IIA was able to confirm that U-M is not at risk and is not one of the Big Ten schools mentioned in the report.

We Want Privacy, but Can’t Stop Sharing, New York Times, 10/4/14

Knowing that others are aware of your actions can affect your perceptions of freedom and what you feel comfortable doing, as well as increasing anxiety and self-consciousness. There is a psychic toll for disclosing a lot of personal information through social media, even as people feel compelled to share so they aren't left out socially. This article reviews studies of the value of privacy and the psychological impacts of online self-disclosure. It notes signs that some people are becoming more reserved about what they disclose online.

See a list of privacy resources on Safe Computing, as well as some social media tips.

Computer viruses can cause numerous problems both for you and the U-M computing environment. One of the most important ways you can protect your computer is to use anti-virus software.

• MiWorkspace computers already have anti-virus software installed.
• Non-MiWorkspace units can download anti-virus software for university-owned computers at Anti-Virus Protection at U-M.
• For your personal computers, at a minimum, IIA recommends the anti-virus products below. Download links and more information are on the Safe Computing website at Anti-Virus Protection at U-M. These products are available at no charge to the public, so you can share this information with your friends and family.
  • Windows 7 and Vista. Use Microsoft Security Essentials.
  • Windows 8. Use Windows Defender, which is built in to Windows 8.
  • Mac. Use Sophos Anti-Virus for Mac Home Edition.

If you want more extensive protection, there are many freeware and for-fee security software suites available. Several websites provide reviews and comparisons. Here is a sampling:

• The Best Security Suites for 2014 (PC Magazine)
• Internet Security Suites Software Review (Top Ten Reviews)
• Internet Security Software: Expert and User Reviews (Consumer Search reviews the anti-virus review sites)

You might also consider using mobile anti-virus products for smartphones, tablets, and other mobile devices, but understand that these are relatively new on the market and are still maturing.