Tis the season….to get scammed!

Once again the holiday season is upon us. This is a time where we celebrate family and friends, reach out to those in need and try to make the world a better place one little act of kindness at a time. Unfortunately, it’s also a time where those who don’t share our vision of “Peace on Earth” abuse the generosity and trust of people around the world by lying, stealing and destroying the financial lives of innocent victims. Cyberattacks are on the rise and the Christmas holiday season provides online fraudsters with ample ammunition to target online shoppers and those expecting various communications from mail and parcel delivery services.

In an effort to protect you during the holidays, the Information Management and Security Office would like to remind you of the following guidelines to help you keep your information and your computing devices safe and scam free.

Passwords

You certainly wouldn’t hang your house keys or car keys on your mailbox outside your house. Anyone could walk by, grab the keys and help themselves to your assets. Unfortunately, we don’t treat our passwords with the same kind of respect it seems. Passwords are the key to your online identity and improper usage or storage of them makes it easy for attackers to abuse your credentials and do things that would certainly land them on the naughty list. Some guidelines to remember for keeping passwords safe include:

1. DON’T REUSE PASSWORDS ACROSS WEBSITES. Although it’s tempting since passwords are hard to remember, it is a very poor practice to only have one password for your online identity. Not all sites are created equal so there may be some wiggle room in that directive but generally you need to have distinctly separate passwords on the following sites:

a. Banking
b. Email
c. Ecommerce sites that store your credit card or banking info (PayPal, Amazon, etc).

A password management tool like KeePass or LastPass can help manage your passwords and keep them safe. Many of them are free and will create a vault for you to store these precious assets in.

2. DO NOT ENTER PASSWORDS INTO WEBSITES THAT ASK YOU TO CONFIRM YOUR IDENTITY THROUGH EMAIL. Those emails that promise more space or a deactivation of your account are fraudulent. We refer to them as phishing attacks. These websites are often hosted in questionable locations that don’t have anything to do with the organization who supposedly sent you the email. Always check the address bar of your browser or hover over a link with your mouse to make sure you are where you think you are. For example, a uleth.ca login page will never be hosted on a site that doesn’t end in .uleth.ca (https://login.uleth.ca/cas/login, or https://adfs.uleth.ca )

For a complete training course on phishing, we encourage you to enroll in our online training materials available for all students, staff and faculty. Visit the Information Security webpage  for more information. Enrollment in these courses is easy.

Email Attachments

Part of our overall security strategy at the University is to restrict certain files from coming into your inbox. Certain attachments can be used to spread viruses, malware or ransomware. For example, you cannot receive .zip, .docm, .exe or .com files. All of these could contain potential risks and so we remove them before they ever have a chance to arrive in your email. However, we cannot control your personal email accounts or websites you may visit, which may host these types of files. We encourage you to never open a suspicious file from someone you don’t know or to click on links from non-trusted webpages that encourage you to download these types of files. When downloaded and running, these types of files can silently download malicious software onto your computer which could result in the complete loss of data or usage of your machine.

During the holidays there are some common scams that occur including emails which are attempts to trick users into thinking they are receiving a package or delivery. Because of the time of year we aren’t always thinking about whether or not we are actually expecting something and sometimes click on places we shouldn’t. A few years ago we had a huge spike in these kinds of emails and so we created a webpage that describes the attack in detail and how you can avoid it. Please review that summary here.

Ransomware
A new and very effective attack that is becoming increasingly popular is ransomware. This type of attack will hold your data ransom and demand payment (usually $200 – $400 per machine) in order to restore access. There is no technical solution that can fix ransomware once it has infected your computer and unless you have backups in place, you will be forced to pay or lose your data. Paying ransom can be complicated and doesn’t actually guarantee that you will be able to recover your data so the preference is to never get infected in the first place. Ransomware is typically delivered though malicious email attachments or files downloaded from the internet. Most infections can be easily avoided if you pay attention to what you click on and never allow untrusted applications or website to run programs on your system. Ransomware affects a variety of institutions and organizations. Recently, the University of Calgary and Carleton University in Ottawa had ransomware unleashed in their environment which caused huge interruptions to their research and teaching activities. These types of attacks could have serious implications on the University of Lethbridge and we urge all users to be vigilant in their computing activities to prevent similar incidents from happening here.

What can you do?
The Information Security program at the University of Lethbridge has created a variety of training and education opportunities to help you understand how best to protect your information. All University staff, faculty and students should be engage in these online and in person training opportunities. Any questions or concerns should be sent to ITS who will be happy to assist you.

Current training courses include:

1. Security Awareness (A general overview of good IT Security practices)
2. Phishing Awareness (A focused review of Phishing attacks and how to avoid them)
3. Data Encryption (How to encrypt and protect sensitive data in the event of loss or theft)
4. Data Storage Standard (All staff and faculty should take this every 2 years to determine where and how to store various types of data)

To schedule some in person training for your department, please reach out to Kevin Vadnais, 403-332-4056 or kevin.vadnais@uleth.ca, who will arrange a time to address the topics that affect your teams the most.

Hacker typing on a laptop

2016 ULSU Food Bank Challenge!

For the past few years Financial Services and IT Services have been in a challenge to collect the most number of food items and largest amount of cash for the ULSU Food Bank. This year is no itfooddrive2016different! And once again we are opening the challenge up to ALL DEPARTMENTS on campus to join us!

Did you know that last year the ULSU Food Bank handed out almost 300 hampers and usage is up from last year? They also hand out $25 gift certificates so students can purchase some fresh food. The struggling economy has made it very difficult for some students and their families. The kindness and generosity of the campus community will make a huge difference for many.

Shelly Tuff, Food Bank Coordinator and Health Plan Administrator for students, says that breakfast foods are in high demand (oatmeal, cereal, peanut butter and jam etc). Other items that would be great to stock the shelves with are juice, canned fruit and vegetables, canned meat, pasta and pasta sauces and snacks such as granola bars, microwave popcorn, nuts, etc. The food bank has an abundance of soup and beans but welcome all donations.

There are a few options to donate if your department doesn’t want to take up the challenge. IT Services will personally pick up any donations and ensure each gets credit. Let us know if you want to participate and we can drop off a donation box in your area. As well, donations can also be dropped off in the new centrally located Solutions Center in TH218 of Turcotte Hall and in D570 in University Hall. Cash donations are very welcome and the amount is factored into the challenge.

The challenge will come to an end on December 16th and Food Bank helpers will be collecting donations on December 19th. If your department isn’t able to participate, we encourage individuals to donate items to other departments who are participating. Updates will appear in UWeekly.

For the record, the prize is bragging rights and IT Services plans on taking this
one home.

For more information regarding the food bank, please contact Shelley at 403-329-2039 or at food.bank@uleth.ca. If you are interested in participating in the challenge or having a donation box in your area, please contact Cindy at 403-382-7180 or at cindy.mcmanus@uleth.ca.

Cybersecurity Awareness Month

Cybersecurity Awareness Month (the month of October) coincides with Electronic Records Day (October 10 – sponsored by the American Council of State Archivists). Now that the Records Management Program has been combined with the Information Security and Business Intelligence programs, the Information Management and Security Office wanted to celebrate these events collectively and raise awareness about everyone’s role in Information Management.

We would like to give a special thanks to the Faculty of Management who were kind enough to loan us their popcorn machine during many of our events. The aroma of fresh popcorn helped us begin the conversation with many different people.

Information Booths
On the week of October 3 – 7, the Information Security Office set up booths in the UHall Atrium, and attempted to steal the identities of people brave enough to offer up their names to us. On average, we were able to uncover unknown personal information for approximately 75% of the individuals who spoke with us. The volume and type of data varied, from limited information to a complete package that would facilitate identity theft. It was an excellent opportunity to discuss tips and tricks with everyone that stopped by.

We kicked off Electronic Records Week (Oct 10 – 14) by releasing a number of new guides and information sheets to help faculty and staff manage their records. The topics addressed by these guides include: distinguishing between transitory and university records; managing email; electronic file and folder naming conventions; and managing information overload.

To get the word out, Records Management staff spent much of the week out and about at information booths across campus. We connected with faculty, staff, and students and offered advice for better managing both personal and university records. We used the opportunity to soft launch our Designated Records Officer (DRO) program when chatting with managers and executive directors. We were also promoting A Nightmare on Shred Street, which was held on October 31.

Life Balance Fair
On October 26, 2016, our Wellness Committee hosted the 10th Annual Life Balance Fair. This event aims to increase employee’s and students’ awareness of the importance of workplace and school health in order to optimize personal and organizational performance. We think that effective records management and information security best practices contribute to workplace health and attended as exhibitors to share this message with University staff. We continued to try to steal identities, distribute our new guides, recruit DROs, and promote A Nightmare on Shred Street.

During the month of October, we signed up about 20 people for records management training, including 15 DROs. We distributed over 50 paper copies of each of our new guides, even though we were directing faculty and staff to the electronic versions posted on our website.

A Nightmare on Shred Street
On October 31, 2016, the entire Information Technology Services department teamed up with Lethbridge Mobile Shredding to host A Nightmare on Shred Street. This event offered free shredding of personal documents (paper and non-paper), hard-drive and other storage media degaussing and e-waste recycling. While the the cold (~2°C) and driving rain put quite a damper on the event (pun intended), we collected two cubic metres of e-waste, about two dozen hard drives for degaussing and almost 15 large (96 gallon) shredding bins of personal papers. In the process we raised $170 and about two 121L garbage cans full of food donations for the campus food bank!

Next Year
If anyone has ideas on how we can make this annual celebration of Information Management and Security better for next year’s event, please reach out to our offices; we would be happy to hear your ideas. Until next year…

Information Management and Security Office Staff:
Ashley Haughton – Records and Information Manager
Vicki Lund-Tulloch – Business Intelligence Administrator
Darin McGee – Information Security Analyst
Cheryl Read – Records Technician
Kevin Vadnais – Manager, Information Management and Security Office

ITS Solution Centre is Moving

movingThe ITS Solution Centre is moving to Turcotte Hall TH218 effective Monday, November 14, 2016 and our current location in U-Hall E610 will be closed effective Thursday, November 10, 2016 at 2PM.

This move will put the Solutions Centre in a more central location, providing more convenient access to our walk-in services such as id card creation/replacement, inquiries, dropping off computers & laptops for repair, exam scanning,  etc.

If you have any questions regarding the move, please contact Tammy Gow, ITS Client Services Manager, at 403-329-5161 or tammy.gow@uleth.ca.

Microsoft Support for Older Versions of Internet Explorer Ended

ielogo1Microsoft will no longer be supporting any version of Internet Explorer other than the most current version (version 11).

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. For more information, go to Microsoft’s announcement.

Any University computer system running Windows 7, Windows 8.1, or Windows 10 that is joined to the domain (you sign-in to the computer using your U of L username/password) has already been updated to Internet Explorer 11. Any Windows 7 or 8.1 computer not joined to the university domain or professional supplement devices may not have the latest version of Internet Explorer installed and action will be required on your part. Windows 10 computers running Edge or Internet Explorer browsers will already have the most updated version.

What should you do? To check the version you are currently running, open Internet Explorer and click on the gear icon gear_icon in the top right corner of the page and select “About Internet Explorer”. If your version is anything other than Internet Explorer 11, you will want to install the latest version.

To install the latest version, go to Windows Update windows_updatelocated in the Control Panel and select “Check for Update”. Internet Explorer will be one of the programs available to update. Select it and click “Install Updates”.

Why should you update? Without critical web browser updates, your PC may become vulnerable to harmful viruses, spyware and other malicious software which can steal or damage you data and information. Also many software vendors and websites, such as Office 365, no longer support older versions of Internet Explorer.

Please contact the ITS Solution Centre at help@uleth.ca or 403-329-2490 if you require additional information or assistance.

Microsoft issues with El Capitan (Mac OS X 10.11) resolved

On October 2, 2015, IT Services posted a notice discouraging Mac users from upgrading to Mac OS X 10.11 (El Capitan), a version that was released by Apple on September 30, 2015.

We are pleased to announce that the issues identified in the notice regarding Microsoft Office 2011 & 2016  have been resolved.El Capitan1

Here are recommendations if you choose to upgrade:

  • If you use SMART Notebook software, please contact SMART Technologies for an update that supports OS X El Capitan.
  • If you are running Microsoft Office 2011, please install the 14.5.6 update for OS X El Capitan compatibility.
  • If you are running Microsoft Office 2016, please install the 15.16 update as well as the OS X El Capitan v10.11.1 update. These updates are available to download through the Microsoft AutoUpdate and Apple Software Update tools respectively.

…for other OS X versions, you may be required to re-install the drivers after you upgrade.

IT Services tested Follow-you printing after upgrading from Yosemite (only) to El Capitan, and the printing drivers appear to be working.  However, for other OS X versions, you may be required to re-install the drivers after you upgrade.  If you have any issues with printing after your upgrade, please contact the Solutions Centre.

We recommend following Apple’s guidance on upgrading OS X.

Please contact the ITS Solutions Centre at help@uleth.ca or 403-329-2490 if you require additional information or require assistance.

Can YOU beat IT Services in the ULSU Food Bank Challenge?

IT Services earned bragging rights last year when the department soundly thrashed Financial Services by collecting the most number of items and largest amount of cash for the ULSU Food Bank! There was a great deal of chest-pounding in all of the ITS offices.Food Bank challenge1

Financial Services has challenged IT Services again this year (to try to redeem themselves we think) – and once again we’re opening the challenge up to ALL DEPARTMENTS on campus to join us.

CIO Mark Humphries says if some departments don’t want to take up the challenge, then IT Services will personally pick up any donations and ensure each get credit. Alternatively, donations can be dropped off in the Solutions Centre in E610 of University hall. Cash donations are very welcome and the amount is factored into the challenge.

Shelley Tuff, who coordinates the Food Bank along with her other duties as Health Plan Administrator for the Students’ Union, says breakfast items are on the top of their wish list. Also greatly appreciated are granola bars, canned fruit, canned vegetables and meats, pasta and pasta sauces. She adds they currently have an overstock of soup but they won’t turn it down. Anything they don’t need can be donated to other food banks.

During these tough economic times, the next few years may be very difficult for students and their families. Your kindness and generosity will make a world of difference for many.

Food bank helpers will be collecting donations December 15th. If your department isn’t able to take the challenge, we encourage individuals to donate items to other departments who are participating. Watch for updates in UWeekly.

And again this year, the prize is bragging rights!

For more information, please contact Shelley at 403-329-2039 or at food.bank@uleth.ca.

U of L wireless network – hurdles and behind-the-scenes efforts

Last year the University committed $20,000 to upgrade the wireless in some of the older residence buildings which dramatically improved coverage for students there, plus another $80,000 to improve the coverage in classroom spaces, says Jeff Oliver, Network Team Lead in IT Services. “Over the next few months, we will be conducting tests across the campus to determine where other gaps exist.”

Wireless surveys have already been completed in University Hall and Markin Hall which has helped us to identify some issues already. IT Services staff need to physically pace off every space with equipment that measures the wireless signals which then provides visual heat maps of how well wireless signals are reaching offices and workstations. “These heat maps help us figure out where new access points will help, and where they won’t,” adds Oliver.

E8 HeatmapWi-Fi coverage in E8 of University Hall: the darker colors represent good Wi-Fi coverage and are generally closest to the access points. The lighter areas show poorer Wi-Fi signals. The green line indicates where a staff member walked the area and the dots on the line represent ‘pings’ to the access points.

Wi-Fi signals do not penetrate solid materials well, particularly steel and concrete, or fluids. A person standing between a device and an access point can interfere and simply absorb the signals. The more obstacles, the weaker the signals.

Imagine being in a room with 10 radios that are all tuned to different radio stations…

“Noise, also known as an abundance of radio signals, is also a big problem with wireless. The more noise, the worse the connection. Imagine being in a room with 10 radios that are all tuned to different radio stations – can you listen to them all, or pick out just one? Can you pick out an individual conversation in a room where 100 people are all talking at the same time? In the wireless spectrum the same concepts apply. The more conversations going on at the same time, the more noise overall.”

The number of wireless devices brought on campus is increasing every academic year. With each additional faculty, staff or student come one to three or four additional devices, all requesting network access–many at the same time. This means that every access point must support more and more individual devices, and the access points need to be closer together as each one can only service a limited number of clients.

…there are about 25,000 wireless devices on campus of which more than 10,000 can be active and connecting to the wireless network over the course of a day.

Oliver adds there are about 25,000 wireless devices on campus of which more than 10,000 can be active and connecting to the wireless network over the course of a day. “Our maximum concurrent connections this semester so far has been 7,000, and that number can fluctuate wildly depending on the day.” Early in the semester we were alerted to the fact that some of the network infrastructure supporting the Student@UofL and Guest@UofL networks was running at capacity, which prompted us to replace some equipment with newer technology.

So how much network traffic does this number of devices equate to?

Guest student before new router

The graph above illustrates the amount of Wi-Fi traffic on the network during one week in September: it peaked out at 300MB per second. Once the new router was installed, the higher demand was easily managed as shown in the graph below and no longer has “flat spots.”

Guest student after new router

Network staff have been working to add additional access points in 80 classrooms over the past year, and expect to be finished by December. The largest classroom, PE250, will have six access points. The rest will have roughly double what they originally had, which will greatly increase the number of concurrent connections available in classroom spaces. “We are targeting approximately 40 users per access point.”

It isn’t just a matter of attaching an access point on the ceilings, additional wiring must be installed as well as network infrastructure such as switches and routers to support the increase in the wireless footprint. Much of the work must be done when the rooms are not in use.

The demand is not only on campus. Last spring, outdoor access points were added at the stadium to provide coverage in the bleacher and track areas. “The University’s wireless network is in a perpetual state of upgrade.”

The team is constantly planning and preparing for future changes in technologies. Next year about 250 aging access points are scheduled for replacement to keep up with the changing technology used in mobile devices today.

The next time you use wireless on campus, whether it works immediately or there’s a delay connecting, keep in mind the hurdles and ‘behind-the-scenes’ efforts and costs to provide the service. Oliver reminds people to report any issues to the Solutions Centre (help@uleth.ca) so that steps can be taken to correct them.

Mac users – do not upgrade to Mac OS X El Capitan (10.11)

El Capitan1For those using a Mac, please be aware that we do not recommend upgrading to OS X 10.11 (El Capitan) at this time. Microsoft has posted a notice indicating that Outlook 2011 currently does not work at all with El Capitan when connected to an Exchange email system like the University uses, and Office 2016 users are reporting frequent crashes of Outlook, Word, and Excel when used with El Capitan. These issues are likely to be corrected fairly quickly, but we urge University Mac users not to upgrade to El Capitan in the interim.

We will post updates as they are learned.

Updated Network upgrade schedule

Latest upgrade dates as of November 27, 2015  below.

The upgrade work being done on the University’s network has taken some expected twists and turns, and some not so expected.

As a result, the scheduled dates for each of the buildings and areas have been adjusted.

Below are the current (and somewhat still tentative) dates for the upcoming work:

  • University Hall – Substantially Complete
  • Centre for the Arts – Substantially Complete
  • LINC – Substantially Complete
  • Water Building – Substantially Complete
  • CCBN – Nov 30 – Dec 4
  • Anderson Hall – Dec 7 – Dec 11
  • Turcotte Hall – Dec 14 – Dec 18
  • Students’ Union Building (one room) – Christmas Break
  • Markin Hall – Jan 11- Jan 15
  • PE – Jan 18 – Jan 22
  • Students’ Union Building – Jan 25 – Feb 5

Watch for further updates as the work continues.

Read the full story about the Network upgrade here.