To help raise awareness about community efforts to prevent significant security issues, Middlebury Information Security has launched a ‘Security Scout of the Month’ award.
Highlighting the valuable contributions of community security scouts in an @MiddInfoSec blog post and on Middlebury’s Information Security web site is a great way to show how a cautious and thoughtful approach to computing can protect the College community from cyber risks.
As an example, this past month, an attack against Middlebury’s Banner system was avoided thanks to the contributions of an astute member of our community, Justin Allen, who spotted a targeted phishing attack and raised the awareness around this malicious event.
As Justin Allen describes it:
“I received an email that started out dear account owner which usually gets my attention and as I read down thru the email I noticed that it said I had signed up for a paperless W-2 which I did not and it wanted me to logon to view it. After that I noticed a couple of another things that did not make sense for my Middlebury account one was the sender of the email which wasn’t from the college at all and we all have been told time and time again if the address doesn’t end with middlebury.edu it’s not from the college. Below is a copy of what was sent to me.”
This astute awareness is why Justin is this month’s ‘Security Scout of the Month’.
We are excited to celebrate the hard work and security conscious efforts of our community. Please watch for the next ‘Security Scout of the Month’ and help us recognize these efforts.
If you would like to recognize an individual for their information security contributions or would like to raise an information security concern, please contact email@example.com.
Middlebury ITS is preparing to introduce a new email security service. Over the next few weeks, ITS will begin routing Middlebury email messages through Microsoft’s email message security service, Exchange Online Protection. Microsoft’s service will perform spam filtering, anti-virus, and other security checks on inbound and outbound Internet email.
The way you ACCESS email WILL NOT need to CHANGE in order for you to benefit from this service. Outlook and Outlook Web Access, for example, will continue to behave just as they always have.
How you ALLOW or BLOCK email from specific senders WILL CHANGE. With Exchange Online Protection, you will be able to manage blocked and allowed senders right from within Outlook and Outlook Web Access, using the Safe Senders and Junk Mail tools. For tips on how to use Safe Senders and Junk Mail, please see the following Microsoft articles:
With an increasing amount of storage space and institutional connectivity on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you protect against and prepare for the potential loss or theft of a laptop or mobile device.
Don’t leave your device alone, even for a minute. If you’re not using it, lock your device in a cabinet or drawer, use a security cable, or take it with you. Middlebury has seen laptops stolen in the College library and from individual’s cars. Don’t assume your devices are safe because you feel at home with your surroundings.
Report any lost or stolen device promptly. Both institutional and personal devices may contain Middlebury data. Even if you only lose a personal device, work with the College’s Information Security workgroup to ensure that institutional or sensitive data is accounted for. Information Security may also be able to help you recover the device. If a device is lost or stolen contact the helpdesk at x2200 immediately.
Do not store extremely sensitive or internal data. Never store protected or sensitive data on your laptop. Refer to the Data Classification policy for clear definitions of data types. (http://go.middlebury.edu/dcp)
Keep your master and working copy of all data on network storage. Keeping your master and working copies of all of your data on Middlebury Google Drive or other secure network file storage such as Middfiles. This ensures that your data is protected and backed-up if your laptop is stolen or lost. Photos, papers, research, and other files are irreplaceable, and losing them may be worse than losing your device.
Record the serial number. Keep the serial number and asset tag of your device and store it in a safe place. This information can be useful for verifying your device if it’s found. This is especially important when you travel. Airport and police agencies may ask for this information when reporting lost or stolen devices.
Enable device tracking and wiping services. Use tracking and recovery software included with most devices (e.g., the “Find iDevice” feature in iOS) Some software includes remote-wipe capabilities. This feature allows you to log on to an online account and delete all of the information on your laptop. Mobile resources can be found here:
Has an ebook you’ve previously used disappeared from our catalog? Never fear! We’ve had to make some cutbacks at the end of the fiscal year (lots and lots of requests for new material this year), but if you need to regain access to something that no longer appears, we may be able to get you back in. Just email us the title at firstname.lastname@example.org, and if it’s still available to us, we’ll get you back up and running with it.
The Office of Communications & Marketing has reorganized the Student Life portion of the site, ensuring that information for students is front-and-center. The URL of the site has changed from /studentlife to /student-life, which is slightly better for search engine optimization. We have put in place redirects for most of the old paths, changed the links in the global site header on many services, and are working with that office to review our logs for broken links and 404s.
Our WordPress sites now use the GD library to process images, rather than the ImageMagick library. This was already the case on other services we run. We do not anticipate any issues, but please report any trouble manipulating images in WordPress through the Heldpesk.
The amount of funding received for a MiddSTART project is now cached locally if the funding deadline has passed, rather than being read out of Banner for each page load, in an attempt to improve site performance.
Upgraded the ol2 library for Omeka to resolve an issue with Google Maps.
Support for the course list content types on the sites forms.middlebury.edu, forms.miis.edu, davisuwcscholars.org, davisprojectsforpeace.org, and davisfellowsforpeace.org was removed. This feature was not being used on those sites.
The Davis Family Library will be open 24 hours a day starting Sunday morning, May 8th. Regular hours resume for Friday and Saturday, May 13th and 14th, then 24/7 resumes until 8 pm on Tuesday, May 24th. After 11 pm, you will need your ID to access the building.
Armstrong Library will have regular hours, with extended hours Friday and Saturday, May 20th and 21st (closing at midnight and 10 pm, respectively).
A full calendar of the hours can be found at go/hours