Announcements

10 Dec, '14—9:01 am

In the coming weeks, CIS will start notifying individuals who need to update their Brown passwords. This is to ensure all Brown accounts meet the new, stricter password requirements.

We realize these emails will look a lot like phishing attempts (email scams). You should always be wary of emails asking you to click a link and enter personal information or passwords. In this case, we will be asking you to visit the website myaccount.brown.edu. We'd rather not send this as a link, but most email programs and phones will automatically display it as a link. You can get to MyAccount by typing the address into your browser’s address bar, or by navigating to MyAccount from the A to Z list on the Brown homepage.

Please continue to be suspicious of emails, even if they appear to come from a Brown email address. You can view all known phishing attempts sent to Brown accounts at http://brown.edu/go/phishbowl.

More information about this change can be found in our Password Change FAQ.

30 Jan, '15—4:02 pm

Here's the latest issue of Secure IT! We invite you to peruse this issue and send us ideas for future ones.

  • CISO Memo: At This Time, It's All About Privacy :: As Brown prepares to participate and celebrate in Data Privacy Month, David Sherry takes a closer look at one of the hot buzzwords of 2014: privacy.
    » Data Privacy Month :: ISG offers several opportunities to enhance your privacy awareness during the month of February >> 2 films + 1 Brown Bag + 4 Location = 5 events. (Bonus - a raffle, too!) Explore and sign up at brown.edu/go/privacy.
    » Bonus: What's Your Privacy IQ? Take this simple quiz at myprivacyiq.com to find out.
  • Identity Finder Reminder :: Start 2015 with the peace of mind knowing that any sensitive data on your computer is being properly protected. Identify, locate and then secure this data with Identity Finder, available for download by active faculty and staff from the Software Catalog (brown.edu/go/software). ISG will begin actively promoting the use of Identity Finder in the next couple of months, during which time a new, more Mac-friendly version will become available. Should you need assistance with set up or have questions about its use, start by reading Learn About Identity Finder, which includes a link to download a handy two-page document to get your started.
  • Did You Know... that the IT Knowledgebase includes over three dozen articles in fourteen different categories in its Security section? And that you can quickly get to the IT Knowledgebase at brown.edu/go/kb?
  • Gmail Security Checklist :: Found in the Security & Privacy section of Gmail Help, this checklist includes how to:
    » Update your account recovery options
    »
    Check your account for unusual activity
    » Turn on 2-Step Verification (a.k.a. two-factor authentication) Learn more at: google.com/landing/2step/
    » Bonus: Visit the "Two Steps Ahead" site from the folks at STOP.THINK.CONNECT.
  • Securely Using Mobile Apps :: They make your tablet more powerful and your smartphone even smarter. But the power of mobile apps can also can put them at risk. Learn how to be safe and secure when using them in the latest issue of OUCH! Note: Available in over two dozen languages.
  • Update on the Phish Bowl :: ISG launched the Phish Bowl (brown.edu/go/phishbowl) just five months ago.
    • During that relatively short period we received almost 900 reports from over 470 different individuals and posted close to 80 alerts.
    • During the same period, almost 125 Brown email addresses were compromised by successful phishing strikes.
    • From September 22nd through October 1st alone -- a little more than a week -- more than five dozen Brown accounts needed to be temporarily suspended due to their being hacked and then used to send phishing emails to others. Of these, the vast majority of compromises were IRS-related, with the subject lines of E-file and Tax Revenue Record.With tax season upon us, we will no doubt be clobbered by more of these.
      We thank you for all your assistance with the Phish Bowl, which couldn't function without you. Send any reports or inquiries about phishing to phishbowl@brown.edu. If you have general questions or feedback about the Phish Bowl itself, drop us a note at ISG@brown.edu. If we receive enough of them, we'll create a Phish Bowl FAQ and add it to the website.
  • Follow us on Twitter :: ISG and CISO alerts, tips and more at @ISGatBrown and @CISOatBrownU.
28 Jan, '15—11:35 am

ISG invites you to a month-long focus on privacy this February, starting with the screening of The Human Face of Big Data on 2/4. Other events include the Brown Bag The Evolution of Privacy & Why It Matters to You, and a showing of the documentary Rise of the Hackers. Complete details can be found at brown.edu/go/privacy.

  • 02/04 @ Noon | Film: "The Human Face of Big Data" | Salomon 001 (Note the new date)
  • 02/05 @ Noon | Brown Bag: "The Evolution of Privacy & Why It Matters to You" | CIT 201 (ETC)
  • 02/09 @ 6:30 PM | Film: "Rise of the Hackers" | BERT 130
  • 02/13 @ Noon | Film: "The Human Face of Big Data" | 70 Ship, Rm 107
  • 02/26 @ Noon | Brown Bag: "The Evolution of Privacy & Why It Matters to You" | 70 Ship, Rm 107
28 Jan, '15—8:39 am

Check out these great workshops and events during the month of January. Did we miss anything? Tweet us@ITatBrown or email cis@brown.edu.

6 Jan, '15—11:09 am

Happy 2015! Here are some tech resolutions to give your new year a good start. 

1. Change your passwords, especially your Brown password, as we are in the midst of a password change campaign! Not sure where to start? Afraid you'll forget a complex password? We have some great tips at brown.edu/go/passwords

2. Turn off unnecessary notifications on your smartphone. Did you know that brief interruptions can cause errors? Notifications redirect your attention and can be a distraction from a productive day. Here are instructions for iPhone and Android

3. Start with a fresh inbox by archiving last year's mail. In Gmail, you can find all mail from 2014 and earlier by searching before:2015/1/1 in:inbox. If you're not sure how to select all and archive, this article has step-by-step instructions. Archiving mail will just get it out of your inbox - it'll still show up in searches, All Mail, and labels.

4. Resolve to learn something new. Here are a few ideas:

23 Dec, '14—4:21 pm

Earlier this week, Residential Life and CIS announced an improved IPTV service for residential undergraduates starting January 5th (edited to add: it was made availble early, on December 22nd!). Here are some of the exciting features:

  • Works wirelessly anywhere on campus: will no longer require an ethernet cable

  • More channels: over 20 additional channels for a total of 60 (see channel list)

  • Additional access: off-campus students and other members of the Brown community will now be able to watch eight local HD channels while on campus

  • New DVR feature: record shows for later viewing

  • More ways to watch: access on a computer, a mobile devices using iPhone and Android apps, and on a television using a Roku or by hooking up a computer to your TV

Residential Life will send instructions for accessing the new system at the beginning of the semester. 

21 Jan, '15—2:07 pm

As Brown prepares to participate in and celebrate International Data Privacy Day/Month, I'd like to briefly write about one of the hot buzzwords of 2014: privacy. I could make this memo private by writing it, saving it, encrypting it and not telling anyone about it. But some things are meant to be shared, and this is one of them.

Privacy, sometimes described as "the right to be left alone", was easy at one time. You could move to a wilderness area, and keep to yourself. If you had a problem in the small town that you lived in, you could move 1000 miles away and start over, with a good chance that you could keep private what you wanted to keep private.

Enter, the Internet.

Now, everyone has data being collected about them, stored, sometime sold, oftentimes shared, and even stolen on occasion. Privacy is now harder than ever, and in many ways getting harder. Of course, it doesn't help that many of the population share details that should probably be kept private. Everyone should be aware of where and how their information is used, and steps that you can take to mitigate some of the risks.

As we celebrate and focus on privacy from January 28th through February 28th, the ISG will be screening two films, as well as holding brown bags on privacy. All the details can be found at brown.edu/go/privacy. We hope that you can join us to elevate your privacy IQ. You can also check on your privacy IQ right now by taking an anonymous test at myprivacyIQ.com.

As always, I welcome your comments and feedback. Please feel free to reach out to me directly at david_sherry@brown.edu, or the group at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on protecting your identity, privacy or personal computing security. And remember, sec_rity is not complete without U!

21 Jan, '15—11:06 am

As Brown prepares to participate and celebrate in National Cyber Security Awareness Month (NCSAM) for the 10th year, I thought that I would cover a question that gets brought to me a great deal: "You used to be IT security, but now you're Information Security. What's the big deal?"

For many years (actually since security became a technology discipline), those responsible for the security function were most commonly known as IT Security. This was for good reason, as the focus and responsibility was predominantly IT-centric (firewalls, switches, subnets, IDS, IPS, etc). Brown had an IT Security function, as well as IT security roles in the network group. However, as the technology evolved and changed, so did the role.

When I first arrived at Brown over six years ago, one of the first tasks as CISO was to brand the newly formed group in my area. While we still had network security responsibilities at that time, the Brown Information Security Group was formed. While the staffing and organization of the group has changed over the years, the mission to focus on Information Security has not. Brown still maintains an excellent network (or "IT") security function, who expertly aid in the design, management, monitoring and operation of securing the University network. That will never go away, and they play a key role in ensuring that the bad guys stay out.

However, today information security is much broader than simply the network. The ISG mission covers all aspects of the security of Brown's data and information, including privacy, compliance, awareness, response and risk management. It also includes not only electronic information, but hard copy data as well. As a result, information security also plays a key role in records management and reducing risk at Brown through participating in several committees that focus on this issue, reviewing grants and contracts for aspects of data ownership, use and sharing, and by supplying solutions to identify, protect and dispose of information in a secure manner. No longer is information security simply responsible for maintaining a secure network, but now plays a key role in risk and reputation management for the university.

As always, I welcome your comments and feedback. Please feel free to reach out to me directly at david_sherry@brown.edu, or the group at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on protecting your identity, privacy or personal computing security. And remember, sec_rity is not complete without U!

16 Jan, '15—11:41 am

If you are new to Brown or missed ISG's earlier announcements, we recommend that you install and run Identity Finder, a useful addition to anyone's security toolkit. It allows you to scan your computer for any sensitive information that might be stored on it -- such as social security numbers or passwords -- and then take appropriate measures to either secure or remove it.

The enterprise version is available to all active faculty and staff from CIS's software download pages. In addition, students and home users can install a free version available on the Identity Finder website on their personal computers to perform basic search and remediation. More robust personal versions are also available.

ISG recommends that you install and periodically run Identity Finder to detect and secure sensitive data on your computer, which will help protect you from identity theft. More information is available in the IT Knowledgebase article Learn About Identity Finder.

Please note: If you already have Identity Finder installed but haven't used it in awhile, you will be asked to update to version 6.2, which is available for download from CIS' Software Distribution site (downloads for Windows andMacintosh are available). Note you will need to delete your current client before installing the new version.

6 Jan, '15—9:54 am

Check out these tech workshops and events during the month of December. Did we miss anything? Tweet us @ITatBrown or email cis@brown.edu.