CAS Computing Services
The College of Arts and Sciences Computing Services Office was founded in the fall of 1992. Our mission is to provide dedicated Information Technology support services to the faculty and staff of the College.
Located on the third floor of 438 College Street, the Computing Services Office consists of three full-time professional support staff.
Hendrickson, CAS IT Administrator
Beth Wilkins, CAS IT Assistant
Justin Howard, CAS IT Assistant
College of Arts and Sciences
Computing Services Office
438 College Street, Third Floor
Burlington, VT 05405
29 August 2012, 1:45 pm
I’m guessing that you probably don’t know exactly what we mean when we say “University information” in a security related discussion. This is because the definitions are buried in the fairly recently published University Information Security Policy and just like End User License Agreements, nobody likes to read policy statements until we have to.
Those of you involved in human subject research, anything HIPAA related, etc are, I’m sure, much more conscious of protecting things like patient information, health records, etc. Or at least I sincerely hope you are. But those of you routinely doing “other UVM business” may not be as familiar.
So, extracted from this policy document:
The following definitions apply to UVM information, and not to information about yourself or your friends or family that is unrelated to UVM.
“Personally Identifiable Information” is any information about an individual that (i) can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, motor vehicle operator’s license number or non-driver identification card number, or biometric records; and (ii) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
“Protected Health Information” refers to individually identifiable health information transmitted or maintained by electronic media or maintained in any other form or medium, but excludes certain education-related records and certain employment records held by an employer.
“Protected Student Information” is student education records maintained by the University, whether by academic or administrative units, and protected under the Family Educational Rights and Privacy Act (FERPA) and as described more fully in the UVM FERPA Rights Disclosure policy.
[FERPA Rights Disclosure document is here http://www.uvm.edu/policies/student/ferpa.pdf]
“Confidential information” is sensitive information about individuals, the University, or University property, including, without limitation, Personally Identifiable Information, Protected Health Information, information involving certain legal matters, or business and financial transactions, grant applications, student records, pending patent applications, institutional electronic security architecture, and information about security breaches or other events.
Protected Library Records – means patron registration records that contain the information a University library patron must provide to be eligible for library privileges and patron transaction records that contain personally identifiable information related to an individual’s activities within the University libraries.
In order to easily protect UVM from a data breach, which admittedly would be very costly to the institution both financially and in reputation, UVM now requires that all UVM owned laptops be encrypted using our licensed PGP encryption. UVM also requires that home computers used for “UVM business” be encrypted as well.
It’s my opinion that vastly increased security could come from less drastic measures, such as educating the people performing the work of exactly what constitutes sensitive information. Which brings us to this post.
Takeaways from the above:
It would be wise to consider NOT using your personal devices and home computers for UVM related business
If you do choose to do so, it would be wise to:
- Store UVM related documents containing protected information ONLY in UVM network storage (Zoofiles or Active Directory), not on Dropbox, Carbonite, iCloud or any form of personally available local or cloud storage and not on the local hard drive of the computer
- Set your email programs NOT to cache your email on the local machine if you can (note that UVM webmail is NOT immune to caching since it stores snapshots of visited pages in the web browser temporary directory)
- Make sure that all your devices are protected by a password, passkey or equivalent and where possible ensure that theft target, easy to lose devices such as smartphones and iPads are protected by remote location and erasure services, if any. Apple offers a “find my device” service that is capable of locating a misplaced or stolen device (which in my experience works frighteningly well) and also remotely wiping the data off of it, if it cannot be retrieved.
If we all do our part to be aware of sensitive data and take fairly common sense steps towards protecting it, UVM will be protected from expensive and embarrassing data breaches. It’s also a good idea to implement some of these measures to protect your personal property and information as well.
30 April 2012, 3:11 pm
Is this email legitimate or a hoax? This is the single most frequently asked question we have. The answer is almost always no but people still ask and occasionally one of our clients will fall for a scam and end up with a compromised account.
The basic rule of thumb should be: if you want to ask someone about a particular email, then chances are the email is a scam and you should just delete it.
In general here’s what to look for:
- Is the email coming from a UVM email address? If not, it’s fake.
- If there is a link in the email, does the link appear to be going to a UVM website (i.e. does the host name end in “uvm.edu”)? If not, it’s fake.
- Does the link in the email go to same place that the email says it does (e.g. the link says “www.uvm.edu” but actually goes somewhere else). If it doesn’t, it’s fake.
You do not have to click the link to find out where it’s actually going. Instead you can right click (control click under MacOS) and select “Copy Link Location”, then you can paste the link into any web browser and “see where it’s going” before actually clicking.
- If you do click the link does the site ask you for personal information (account and password, or worse, SS#)? If yes, it’s fake.
- Does the email threaten dire measures if you don’t comply? If yes, it’s probably fake.
Any security measure imposed by UVM (e.g. expiring your UVM netID every 365 days), will not be executed without ample warning (two weeks at least) and can always be reversed.
Here is an ebay website on the subject:
12 March 2012, 9:30 am
For those running MacOS X Lion, aka 10.7, it is now safe to install the 10.7.3 update. Apple switched from the context sensitive Software Updates version of the update (which is supposed to only install the components of the update that your computer needs) to the “Combo” version which contains everything for all currently supported Mac hardware. This makes for a bigger update, but a safer one.
Please plan to allow enough time for the update to download, connect yourself to the fastest network connection possible and for those with Macbooks, connect your Magsafe AC Power supply before installing.
If you are not running a Mac, or are not running MacOS 10.7 (Lion) please disregard this message.