OIT News – May 2016

OIT News
Monthly news briefs, information and announcements
Office of Information Technology, NC State University
Issue 103, May 2016

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Follow OIT on Twitter @NCStateOIT
For up-to-the-minute reports on OIT systems, see SysNews
For help with computing problems, contact the NC State Help Desk

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: OIT Software Licensing Management to review software applications and renewals
02: Check your Gmail account activity to detect phishing attempts
03: Take the #NoMouse Challenge on Global Accessibility Awareness Day
04: OIT enforces password expiration to increase account security
05: PackTV is the new name for NC State’s sports television station
06: Google announces Synergyse, Drive Desktop Notifications and Calendar Reminders
07: OIT summer workshops offer helpful tips for OS X Management with Casper, WordPress Security, Google Apps, and phishing scams!
08: SAR training scheduled for June 8
09: Are your IoT devices putting you at risk?

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: OIT Software Licensing Management to review software applications and renewals
Effective Wednesday, June 1, OIT Software Licensing Management will review all campus requests to purchase software applications and renewals over $5,000 to ensure they meet university, federal and state guidelines for security and accessibility. These requests include:

  • software
  • software as a service
  • cloud services
  • current software subscriptions
  • maintenance and support

This initial review has the potential to save the university time and money by preventing departments from purchasing software that:

  • puts sensitive university data at risk.
  • does not meet the needs of the campus population with disabilities.
  • requires integration with enterprise-level applications.

If you intend to purchase software over $5,000, you will need to have an IT support staff who is familiar with the product to complete the IT Purchase Compliance Form. Software Licensing Management will review your request as quickly as possible and will notify you if there are any issues. Keep in mind that some software purchases are complex and can take longer to review.

The NC State Purchasing Department will only process purchase requisitions after Software Licensing Management has reviewed and recommended the requested software.  

For additional information, see the IT Purchase Compliance Information website.

Back to top

02: Check your Gmail account activity to detect phishing attempts
Last month, OIT disabled more than 350 Google Apps @ NC State accounts. Of those, 250 belonged to campus users who fell victim to a phishing attack — a fraudulent attempt to acquire someone’s personal information.

With the recent onslaught of phishing attacks against the campus community, OIT is encouraging you to:

  • Turn on 2-Step Verification to protect your Google Apps account.
    2-Step Verification, also known as 2 Factor Authentication, adds an additional layer of security when you sign into your account. Once you activate this security measure, you will be required to log in with your password and an additional security measure (e.g., a security code that is delivered to your mobile device via text, voice call or mobile app, a USB security key, printed backup codes). To view a list of applications that support 2-Step Verification, see Two Factor Auth (2FA).
  • Review your Last account activity to spot any unusual or unauthorized actions. To do so:
    • Scroll to the bottom of your Gmail page to view your Last account activity and the Details link.
    • Click Details link to view:
      • Access type
        Displays when and how (e.g., mobile device, browser) your account was last accessed.
      • Location
        Lists the last 10 IP addresses your mail was accessed from and associated or nearby locations (e.g., state, country).
      • Concurrent sessions
        List all of your current Gmail sessions.
  • Enable Alert preference to show unusual activity in your account.

For more information, see Last account activity.

If at any time you believe your account has been compromised, change your password immediately and contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP).

Back to top

03: Take the #NoMouse Challenge on Global Accessibility Awareness Day
On Thursday, May 19 — Global Accessibility Awareness Day (GAAD) — simply visit your department’s or your favorite website and try to navigate to important content and activate site links with just your keyboard.

The #NoMouse Challenge is a global effort to raise awareness about accessible Web design and offers an opportunity to experience challenges some people with disabilities have while using the Web.

During the challenge, if you were unable to navigate the site or activate site links, take a moment to add keyboard focus (see Mouse and Keyboard events) or shortcuts to the Web page and also inform the site’s webmaster of any challenges you experienced.

For more information about accessible Web design, see:

Remember the purpose of Global Accessibility Awareness Day is to get you talking, thinking and learning about digital (e.g., Web, software, mobile) accessibility and users with different disabilities.

Back to top

04: OIT enforces password expiration to increase account security
On May 11, OIT upgraded its Shibboleth authentication system to enforce password expiration across campus systems that use the login service. These systems include, but are not limited to:

  • Web Leave
  • Moodle, WolfWare and other DELTA resources
  • Numerous departmental-hosted services

The university’s Password Standard requires campus users to change their password at least once annually. Prior to the upgrade, the MyPack Portal was the only system that prompted users to change their expired password. Shibboleth V3 will alert users to change their password in a timely manner to limit exposure to compromise.

As a result of the upgrade:

  • You will no longer be allowed to log in to services with an expired password.
  • You will need to reauthorize your attribute releases on initial login to a site. Attribute releases provide information about you (e.g., campus affiliation, mail ID, password expiration) that will be shared with the service you are requesting to access.
  • You will receive an Impending Password Expiration warning 14 days in advance of your password expiration date. You can opt to change your password then or wait until it expires. If you wait, you will continue to receive the expiration warning until your password is changed.
  • You will see a new NC State-branded design for all new Shibboleth Login Screens.

For additional information, see the SysNews announcement.

Back to top

05: PackTV is the new name for NC State’s sports television station
Wolfpack Sports Television is out, and PackTV is in as the new name of NC State’s 24-hour sports television station on packtvChannel 32.2.

OIT Media and Student Services plans to launch PackTV on Apple TV and Roku this fall to reach even more viewers and renamed the channel to alleviate confusion between Wolfpack Sports Television and Wolfpack Sports Properties, which manages broadcast rights for NC State Athletics. On demand events and live programming will be offered this fall.

In mid April, Wolfpack Sports Television employees conducted a Twitter poll to allow its followers to vote on the channel’s new name from four possible choices. PackTV won 79% of the votes. PackTV also has a new channel logo that features three wolves, symbolizing varsity, club and intramural sports coverage on the cable channel. For more information, visit PackTV.

Back to top

06: Google announces Synergyse, Drive Desktop Notifications and Calendar Reminders
Need help with Google Apps? Virtual help is coming soon via Synergyse, Google’s new online guide that will help you be more productive while you work in Google Apps.

The new tool includes interactive models and searchable topics that will provide you with on-demand assistance. Synergyse also will provide up-to-date training, including new features that are incorporated into the Google suite of apps. For more information, see Welcoming Synergyse to Google.

Also, check out these two new Google Apps features that are available to you now.

  • Google Drive Desktop Notifications
    Previously in Google Drive, if someone wanted to request access to your files or share a document with you, you would only receive an email notification. Now you can view and accept the request via a desktop notification. These notifications are only available for Google Chrome. To use the new desktop notification service:

    • From the Google Drive main menu
      • Select Turn On when you see the following message:
        Get notifications on your computer for shared files and important events.
      • Select Allow to show notifications from https://drive.google.com.
    • From the Google Drive settings gear
      • Select Settings.
      • Select Notifications.
      • Check Notify me on this device and then under Notify me about, select the notifications you wish to receive.
        googledesktopnotifications
  • Google Calendar Reminders
    You can now create reminders in Google Calendar to keep track of your to-do items for projects and events. To do so,

    • Select the desired date and time on your Google Calendar.
    • Choose Reminder from the top menu.
    • Enter a description, due date and time, along with any repeating details.
    • Click Create.
      googlecalendarreminder

Reminders will display at designated day and time and are only visible to calendar owners. Once the task is completed, you can:

  • Select Mark as Done to remove the item from your Google Calendar.
  • Track as complete at the top of your daily agenda.

To learn more about these enhancements and other new Google features, check out the latest edition of What’s New: Google Apps.

For training tips, follow the NC State Google Services Team on Google+. To view upcoming Google Apps workshops, visit Classmate.

Back to top

07: OIT summer workshops offer helpful tips for OS X Management with Casper, WordPress Security, Google Apps, and phishing scams!
Upcoming training sessions include.

  • OIT-Advanced OS X Management with Casper will be offered on Wednesday, May 18 from 1:30 p.m. to 4:30 p.m. in Room B3 of the Hillsborough Building. Learn advanced techniques and best practices to manage OS X devices with Casper. To register, visit Classmate.
  • Gmail: Advanced Productivity will be offered on Thursday, May 19 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. Building on Gmail: More than your Inbox, this advanced hands-on workshop takes Gmail to the next level. You will learn more about using labels, filters, canned responses, Google Calendar Events, Hangouts, and Google Drive via Gmail, along with any planned or newly released features. To register, visit Classmate.
  • Google Forms: Data Collection and Analysis will be offered on Tuesday, May 24 from 2 p.m. to 4 p.m. in Room 108 of the Avent Ferry Technology Center. Easily build surveys, plan events and gather data with Google Forms. In this workshop, you will learn the basics of creating forms, collaborative editing and viewing data in spreadsheets and charts as well as advanced features such as custom themes, page breaks, question validation, and embedding forms in websites. To register, visit Classmate.
  • Create, Collaborate & Get Organized with Google Drive will be offered on Wednesday, May 25 from 9 a.m. to 11 a.m. in Room 108 of the Avent Ferry Technology Center. In this hands-on workshop, you will learn how to use Drive to manage your resources in a collaborative environment, including organizing files and folders, securing documents through file sharing permissions, editing and collaborating in groups, and using common tools throughout Google Apps. For this workshop, you will need to have an active NC State University Unity account with access to Google Apps at NC State. To register, visit Classmate.
  • WordPress Security will be offered on Wednesday, May 25 from 2 p.m. to 3:30 p.m. in Room 106 of the Avent Ferry Technology Center. This is an intermediate presentation on the security vulnerabilities of WordPress environments. During the presentation, you’ll learn how to recover from a hack and tips to secure your site. To register, visit Classmate.
  • Advanced Drive will be offered on Thursday, June 2 from 9 a.m. to 11 a.m. in Room 110 of the Avent Ferry Technology Center. Are you comfortable creating folders, sharing documents and using Google Drive’s basic organization tools? If you answered yes, then you’re ready to take Drive to the next level. In this workshop, you’ll learn about uploading, exporting and converting documents, file management, advanced search, installing apps, and new Drive functionalities. To register, visit Classmate.
  • Gmail: More than your Inbox will be offered on Tuesday, June 7 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. There is more to Gmail than just composing, replying to and forwarding messages. This workshop will provide an in-depth overview of Gmail features including an emphasis on labels and search tools, contacts management, chat, tasks, settings, labs, and new features. To register, visit Classmate.
  • Google Hangouts: Video Conferencing and More will be offered on Wednesday, June 8 from 2 p.m. to 3:30 p.m. in Room 110 of the Avent Ferry Technology Center. Join us for this fun and interactive workshop to learn about Google Hangouts, a free Web conferencing tool that allows you to communicate with others on campus or around the globe via video, audio and text messaging. Learn how to use the Hangouts platform to share your screen, share documents, add a personalized banner, and download apps that offer additional helpful features. This session will cover using Hangouts on your laptop or desktop only. To register, visit Classmate.
  • Google Sheets will be offered on Tuesday, June 14 from 2 p.m. to 4 p.m. in Room 110 of the Avent Ferry Technology Center. Come to this two-hour overview of Sheets to learn how it integrates with other apps in Google Drive. Topics will include formatting options, find and replace, notifications, conditional formatting, and more! To register, visit Classmate.
  • Google Calendar: Advanced Productivity will be offered on Wednesday, June 15 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. This workshop will focus on Calendar (e.g., my calendar, other calendars, mini calendar), event details and calendar management. Specific topics will include event attachments, maps and directions, sharing and embedding calendars, labs, quick add, search options, mobile notifications, scheduling Hangouts (video conferencing), and more. To register, visit Classmate.
  • OIT CrashPlan for NC State Sub-Org Administrators will be offered on Wednesday, June 15 from 1:30 p.m. to 4:30 p.m. in Room B3 of the Hillsborough Building. This workshop will provide an overview of CrashPlan Cold Storage, explore the options available to CrashPlan sub-org administrators and provide best practices for management. To register, visit Classmate.
  • Phishing 101 (Lunch and Learn series) will be offered on Wednesday, June 22 from noon to 1 p.m. in Room 110 of the Avent Ferry Technology Center. Phishing is an attempt to steal your personal information including your passwords, credit card numbers and banking information. It can be extremely damaging to you and the university. During this session, you’ll see recent examples of phishing attempts and learn valuable tips on how to recognize scams and signs of a compromised account and the steps to take after you’ve received phishing emails. Attendees are welcome to bring a light lunch or snack. To register, visit Classmate.

For other available training sessions, visit Classmate Scheduled Workshops. If you are interested in custom software training, complete the Custom Training Form. Email all training questions to classreg@ncsu.edu.

Back to top

08: SAR training scheduled for June 8
Security Access Request (SAR) training for campus requestors and approvers of access to secured university data will be held on Wednesday, June 8 from 9:30 a.m. to noon in Room 110 of the Avent Ferry Technology Center. To register, visit Classmate.

Back to top

09: Are your IoT devices putting you at risk?
In the era of connected technologies, we have access to a host of devices from the Internet of Things (IoT) that enables us to collect and share data. Your electronic toothbrush can chart your brushing habits to share with your dentist. Your refrigerator can reorder groceries via radio frequency identification (RFID) tags. Your health monitoring bracelet can track your vital signs and activity levels to help you reach your fitness goals.

In the next four to five years, it is estimated that more than 40 billion IoT devices will be wirelessly connected, according to TechCrunch. Nearly every device you use, from your toaster to your home’s HVAC system, could become an IoT device. With this influx of connected devices comes greater security risks.

In many cases, companies developing such devices are more focused on product functionality and features than security. Conversely, for devices with adequate protection, some consumers may fail to use available security features, putting themselves at risk for privacy and data breaches.

To protect yourself from the risk of cyber attacks and breaches via your IoT devices, follow these security measures:

  • Limit your connections. If your device does not need to be connected to the Internet, do not connect it. Also, disconnect devices when they are not in use. Limiting connections will help prevent exposure to hacking.
  • Use separate WiFi access. Connect IoT devices on a secondary private WiFi network, separate from your main network that you use for sensitive activities like banking. Doing so can protect the data you store on your main network from being hacked through your IoT devices.
  • Secure your smartphone. Protect your smartphone data by setting up passwords, pin codes and other security features that prevent unauthorized access. Invest in software designed to secure your data in the case of loss or theft; these programs can track your device via GPS, perform data backups and remotely wipe data. Turn off WiFi when secure connections are not available to prevent auto-connecting to unsecured networks.
  • Maintain strong passwords or codes. Ensure you update passwords or pin codes on your IoT devices regularly with strong combinations. Include numbers, uppercase and lowercase letters, characters, and symbols, if permissible. Make sure your passwords are memorable, but not too easy to guess. It is also good to have different passwords for different devices, in case of a breach. See the university Password Standard for additional information on choosing strong passwords.
  • Enable updates. If the IoT device has the ability to receive security updates, ensure those are enabled or manually perform updates on a consistent basis.
  • Install a firewall. To better secure your IoT devices, you can install a firewall to add a layer of security against hacking and other security risks.
  • Opt for privacy. If the IoT device has privacy options, select those which share the least information or disable sharing features. It is a good idea to disable device features such as motion detection and voice recognition, when not in use, to prevent hackers from taking over any monitoring features.
  • Replace outdated devices. Replace older devices with newer technologies that offer better or updated security features.

For additional security tips, see:

Back to top

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Subscribe to OIT News

To subscribe or cancel your subscription online, go to http://go.ncsu.edu/subscribe-oitnews

To subscribe by email, send the following message to mj2@lists.ncsu.edu: subscribe oitnews

To unsubscribe by email, send the following message to mj2@lists.ncsu.edu: unsubscribe oitnews