Bank of America has contacted Harvard University to make us aware of a recent email scam that has affected the University of Michigan and two local schools. The emails will appear to come from an official University department with a link asking employees to either confirm their login information or update their payroll or Open Enrollment benefits. If employees enter their data, it is captured by the perpetrators of the fraud. Once that credential data is captured, the information may then be used to change direct deposit information.
As always, please be suspicious of any link in email. If asked to log in to PeopleSoft or another sensitive system, do not follow the link. Instead, enter the URL directly into your web browser, or connect via a trusted source such as harvie.harvard.edu.
If you suspect that you are the victim of a fraudulent email, please contact the HSPH Helpdesk for support.
In recognition that October is National CyberSecurity Awareness month, Harvard University Information Technology Security will be conducting information security briefings in the LMA area for faculty, students and staff.
Two will be at the Harvard Medical School (HMS) and one at the School of Public Health (SPH).
Below is the schedule:
October 4th 10 – 11 am at HMS TMEC 227
Topics: Cloudy with a chance of identity theft. Why a good password is very often your best defense and Is it ever not social? Protecting yourself in the age of social networking.
October 10th 12 -1 PM at SPH Kresge G1
Topics: Is it ever not social? Protecting yourself in the age of social networking. and Have device, will travel. How to be mobile and safe.
October 17th 2 – 3 pm at HMS TMEC 227
Topics: Have device, will travel. How to be mobile and safe. and Taming Lions, Tigers…..and Windows, Turn your operating system into a lean, mean, malware fighting machine.
Please come out and participate in a practical discussion on how to maintain your privacy.
As HSPH faculty and staff begin heading out for the summer, we want to remind everyone of some important information security policies.
- Harvard policy requires that all Harvard-owned laptops must be encrypted. If your laptop is not encrypted, please call our Helpdesk (432-help) to arrange for laptop encryption.
- If you are traveling outside of the U.S. with an encrypted laptop or device, please consult the following link for some important information:
- High Risk Confidential Information should not be stored on any mobile device (laptop, netbook, smart phone, USB key, etc.)
- This fall the Information Technology Department will resume hosting information security briefings to update the HSPH community on new policies and changes regarding data security.
HSPH Department of Information Technology
Date changed to Monday, February 7th due to weather.
On Monday, February 7th, we will complete our secure password migration for all HSPH systems. This will only affect a small number of HSPH users.
For those of you who have already completed this process in July-September, there will be no change on Thursday.
Each user affected will be required to reset their password after logging into either Novell on a computer or the Groupwise email system.
Additionally, we have rolled out a new service that will allow you to reset your password 24-7-365 without having to call the HSPH Helpdesk.
To use the HSPH self-service system, each user will be required to establish four security challenge questions.
Starting on Thursday, you can visit https://password.sph.harvard.edu to setup your challenge questions and change your password.
It should take users no longer than 5 minutes to make the required changes.
For complete information on secure passwords and screen shots outlining the process, please visit:
HSPH Complex Password Policy ( http://isites.harvard.edu/fs/docs/icb.topic745555.files/complex-password-policy-email.pdf )
Please contact the Helpdesk at 617-432-4357 or firstname.lastname@example.org if you have any questions.
HSPH IT Helpdesk
The fourth item in Harvard University’s Information Security Mandate “Finding High Risk Confidential Information (HRCI),” requires that each School must ensure that all University-owned computers and servers are annually scanned to locate High Risk Confidential Information (HRCI).
In response to this University mandate and over the next few weeks, the HSPH Department of Information Technology will begin deploying a new security product called Data Loss Prevention (DLP), from McAfee. This product will be used to scan all HSPH-owned PC’s and servers for HRCI annually. Once the automated scan of your computer is completed, each user will receive an email from the DLP system, listing any files which meet the preset patterns for HRCI, such as social security numbers. The user is then responsible for investigating and remediating the information as necessary.
As a reminder to everyone, the Harvard Enterprise Information Security Policy states that no High Risk Confidential Information may be stored on any PC, laptop or other portable media, and approval must be obtained from the University and school Security officers prior to storing any HRCI data on a secure server.
The University’s complete Information Security policy can be found at: http://www.security.harvard.edu/
Note: this offering is for PCs only, Macs are not targeted at this time.
For questions or assistance with this policy, please contact Andy Ross, HSPH Security Manager at 617-432-1279 or email@example.com.
On Thursday evening, September 16th, we will be performing our normal system maintenance to all servers and network equipment.
The maintenance window will last from 7:00 PM til 1:00 AM.
The following services will have one or two small outages:
(You can continue to work, but may have brief pauses while services restart)
The following services will be unavailable for the duration of the maintenance window:
The IT Department recommends that you reboot your PC after any system maintenance.
This will ensure that the proper software updates are applied to your computer.
Be Green! We also request that you shutdown your PC before you leave everyday.
All future planned maintenance windows are Thursday nights from 7PM to 1AM and on the following dates:
For the past 6 months, the User Services staff have been encrypting HSPH-owned Windows laptops in order to meet the new university security mandates.
For the final phase of this process, we are asking any faculty and staff who still have not had their laptops encrypted to contact us directly to set up an encryption appointment.
If you could please email us at firstname.lastname@example.org with the most convenient
days for us to encrypt your laptop, we will get back to you with a confirmed time. Since the encryption takes 24 hours, any laptops brought in on a Friday will be kept until Monday. If your laptop has already been encrypted, you do not need to reply.
Please feel free to contact the Helpdesk at 432-HELP if you have any questions.
Thank you and have a great day!
In response to the guidelines put forth by the University in
the Harvard Enterprise Information Security Policy
and the findings of
a recent IT Governance audit by Harvard Risk Management and Audit Services, HSPH
must change our current password policy to meet the new requirements.
In early June, the HSPH Department of Information Technology will begin
mandating complex passwords for all HSPH systems.
Each user will be required to
reset their password to comply with new standards by June 30, 2010.
- Additionally, we will be rolling out a
new service that will allow you to reset your password 24-7-365 without having
to call the HSPH Helpdesk. To set up this self-service system, each user will
be required to establish three security challenge questions.
Beginning the first week of June, we will roll out the new requirements
department by department in an attempt to minimize the impact and enhance user
support. Each department administrator
will be notified of when the requirements will go into place for their
department. It should take users no longer than 5 minutes to make the required
For complete information on secure
passwords and screenshots outlining the process, please visit our internal document on secure passwords (PIN protected).
Technicians are in the field this morning to address any remaining issues with the McAfee issue from yesterday. Our push of the updated data file for Novell users was successful for most users.
If your computer remains in a reboot loop, please contact the Helpdesk at 432-HELP or email@example.com and we will schedule a technician for an office visit as soon as possible.
Thank you for your continued patience.
In an effort to educate the community on responsibilities, policies, procedures and technology in place at HSPH, the Information Technology department will host a security briefing for the community on April 23, 2010 from 12-1 pm in Conference Room 2, Landmark 3rd Floor. This is an encore of the March 16, 2010 session that was held in Kresge G1.
An on-demand video is available is also available from the March 16, 2010 event.
View On Demand Video:
Information Security Update
TIP: to fastforward and/or enlarge the video, right click on the presentation and select “Play in Real Player.”