Category Archives: lisblog

What’s an Approval Profile, and Why Does the Library Want to Change Ours?

A brown-bag lunch will be held on May 3 at 12:30 pm, in the Crest Room of the McCullough Student Center, to explore the subject of the library’s approval profile. Douglas Black, the library’s Head of Collections Management, will be presenting, with some sweets and coffee to augment your own lunch. He’ll give some history of the approval program in library acquisitions over the years and lead discussion on its role in the academic library collection of the 21st century.

For context, the library selects, acquires, and provides access to materials in many different ways:

  • upon request by students, faculty, and staff
  • automatic purchase of e-books and streaming media based on usage
  • subscriptions
  • package deals on journal subscriptions and purchased journal archives (“backfiles”)
  • one-time purchases of electronic databases, which often require annual maintenance fees
  • gifts/donations
  • and through automatic purchase via an “approval profile.”

Under the approval model, the library utilizes a library vendor (in our case, YBP Library Services) to purchase automatically books that meet certain criteria (e.g., subject, hardbound only, no workbooks, scholarly publishers only, within a certain price range, etc.).  Middlebury typically purchases about 3,000 volumes/year this way, at an average annual cost of $97,000 in the last few years. We recently conducted a thorough analysis of the program’s effectiveness, finding that print books purchased through the approval profile are used much less than those specifically requested. The library believes some of that money could be spent more effectively and would like to gather input from members of the campus community on reshaping the profile.

Please feel welcome to contact your liaison or Douglas Black (dblack@middlebury.edu or x3635) with any questions (whether or not you can attend the meeting), or comment here in the blog.

Middlebury’s Google Apps for Education – Account status

As we continue to integrate Middlebury services with cloud providers like Google Apps and Microsoft Office 365, we are aware of possible account conflicts that may arise. In particular, on Monday, April 25th, we will begin automatically syncing Middlebury Google Apps accounts for all students, faculty and staff with @middlebury.edu or @miis.edu addresses. This may result in conflicts for those who have been using stand-alone Google services with an account that you set up to use your Middlebury address but was not provisioned by ITS in our Middlebury Google Apps instance.

What if I have registered my @middlebury.edu address for stand-alone Google services?

If you have been using stand-alone (i.e. not Middlebury Google Apps) Google services with your @middlebury.edu address, you have what Google considers to be a “conflicting account”.

How can I tell if the account I’m using now is a personal or institutional account? 

Try logging out and logging in again. If you enter your Google account password at Google’s login page, that’s a personal stand-alone account and the above considerations apply. If instead you enter your Middlebury e-mail and password at our new login page, that’s an institutional account and you’re all set. You can also watch this video.

Do I need to do anything now?

Yes. Watch the video above and follow the steps to determine if you have a conflicting Google account. If so, it will be much easier to download your documents prior to the sync. This provides you with an archival copy of all documents for which you are the owner.   After the sync, you will be able to place desired documents into your Middlebury Google Apps account.

To download the documents you own:

  1. Login to the Google account that uses your Middlebury email address.
  2. In the upper right corner, click on the icon for your account and click on the “My Account” button.
  3. In the “Personal info & privacy” column, click on “Control your content”.
  4. In the Download your data section click on “CREATE ARCHIVE”.
  5. Under the “Select data to include” section, click the “Select none” button to clear all of the selections.
  6. Click the check box for “Drive” and click “Next” at the bottom of the page.
  7. In the window that appears, leave all options as they appear and click the “Create archive” button. You will see a progress window. When the archive is complete, you will receive an email from Google at your Middlebury email address that indicates the completion of the archive process.
  8. In the email, click on the “Download archive” button.
  9. You will be taken to a Google login screen. Login.
  10. You will see the archive. Click on the “Download” button.
  11. Look in your downloaded files location. You will find a folder named “Takeout” which will contain your files.

After the accounts are synced, any Middlebury-related documents (Docs, Sheets, Slides, or files in Google Drive) that you created with your personal account need to be uploaded to your new Middlebury Google Apps account.

The download process removes all sharing and converts the Google documents to Microsoft format: Docs to Word, Sheets to Excel, and Slides to PowerPoint. If you wish to share these as collaborative documents again, you must first upload (drag and drop) the files to your new Google Drive, then click on them and open them in the Google version of the application. You will then be able to share the document with others.

What if I wait until after the sync occurs?

You will still be able to download your files, though it is a more cumbersome process. ITS can provide assistance if you have not done this prior to the sync.

Can I still access Google’s services for my personal use?

You can choose to maintain a separate account for your personal use of any Google services under a non-middlebury.edu address. If you have multiple Google accounts, the username that appears at the upper right corner of most Google services will help you ensure that you’re using the intended account.

What if I have questions about this?

Please email any questions about this change to helpdesk@middlebury.edu.  Or create an helpdesk ticket.


Defining and avoiding conflicting accounts
https://support.google.com/a/answer/185186

Help with your conflicting account:
https://support.google.com/accounts/troubleshooter/1699308?rd=2

Moving your personal data between accounts:
https://support.google.com/accounts/answer/1109839?hl=en&ref_topic=30035


 

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.



 

Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow and Workshop with Middlebury ITS staff on March 30th from 2:00pm to 4:00pm in Davis Family Library 145.

This is an opportunity for you to ask questions and get hands-on help securing your mobile device(s):

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

ITS Staff will be present to help you secure your mobile device, so bring your iOS, Android, and/or Windows Mobile device(s)!

Follow Information Security on Twitter @MiddInfoSec.

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

    • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
    • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
    • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
    • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
    • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
    • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .

 

@MiddInfoSec: Beware of Presidential Election Related Phishing Emails

Every election year we find our senses pounded with propaganda from pundits and candidates trying to sway us to one political camp or another. Computer attackers are leveraging our curiosity, and perhaps desensitization to political messages to launch attacks with purportedly political themes.

Recent phishing attacks that have been reported by security firms such as KnowBe4 include:

  • Trump Withdraws from Presidential Race
  • Sanders Withdraws from Presidential Race
  • Update your voter registration
  • Hillary Clinton Indicted by FBI on Email Scandal

Watch for these and other email phishing attacks. Know how to spot a phish. Learn more at http://go.middlebury.edu/phish.