A recent Boston Globe article reported “One million Massachusetts residents–or 1 in 6 people–have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years.”
In an effort to educate the community on responsibilities, policies, procedures and technology in place at HSPH, the Information Technology department hosted a security briefing for the community on March 16, 2010.
View On Demand Video:
View: HSPH Information Security Update
TIP: to fastforward and/or enlarge the video, right click on the presentation and select “Play in Real Player.”
- Taso Markatos, Chief for Information Technology and
- Andrew Ross, HSPH Security Manager.
- Discussion of Security Case Studies
- Types of Confidential Information
- High Risk Confidential Information (HRCI)
- Why We Are Focusing on This Issue
- Obtaining and Storing HRCI
- Exchanging Confidential Files
- Encrypting Laptops
- Recent Security Developments
- What We Are Asking of You
The HSPH Information Technology Department is pleased to announce a secure way to transfer files which meets Harvard’s security mandates. We have set up an Accellion appliance for community use.
To request an account(s) for you or your group, please have your Department Administrator provide a list of users to the HSPH Helpdesk at 432-HELP or firstname.lastname@example.org. Users in the Office of Human Resources and Office of Financial Services have already been added to the system.
Accellion Quickstart Guide:
- Accelion URL: http://accellion.sph.harvard.edu
- Your login is your email address (i.e., email@example.com).
- Your password is
the same as your Novell/GroupWise password.
- Each user is allowed 2 GBs space on the
- Each file will remain for 7 days.
- If you are exchanging files that contain high risk confidential information, please remember that retrieved files may not be stored locally on a laptop, desktop machine, or other local storage device. They must be saved to personal or shared network drives (P:/ and S:/ drives).
- Files which are saved to the
Accellion server cannot be accessed or recovered by the IT department.
- There is an excellent user guide available after you log into the secure file transfer website.
If you would like to any discuss security topics further, please feel free to contact Andy Ross, security manager, firstname.lastname@example.org, 432-1751.
It is time to retire Internet Explorer 6 (IE6).
Many people in the community are still using IE6. Due to compatibility requirements of new MyHSPH portal software that the school will be launching later this spring, we recommend that all users upgrade to Internet Explorer 7.0 (IE7) as soon as possible. Other popular websites such as Google and Youtube are also phasing out IE6 support this month.
Upgrading is easy and only takes 10-15 minutes.
If you need further assistance, please contact the Helpdesk at 432-HELP and we can walk you through it.
We are working on a means to efficiently push out an upgrade to the community. However, due to the time required to do the install, we are currently recommending manual upgrades at your leisure.
NOTE: Although Internet Explorer 8 (IE8) is also available, IE7 is currently still the supported web browser for Central Administrative Systems
(Oracle Financial, HUBS, CREW, PeopleSoft, CAADS, GMAS, etc.).
- YouTube, Google and the Slow Death of IE6, Wall Street Journal blogs, March 3, 2010
- New IE hole exploited in attacks on U.S. firms, CNET, January 14, 2010 (In January/February, IT pushed out security patches to all IE6 and IE7 users to fix this issue)
- Google Phasing out IE6, CNET, January 29, 2010
- Microsoft: Breaking up with IE6 is hard to do, CNET, August 13, 2009
SMARTphones, iPhones, and Blackberrys are in use everywhere on the HSPH campus. As the functionality of these devices increases, it is important to be aware of potential security concerns with these devices. These security issues can have an impact on your computing at HSPH.
CNET wrote an excellent article last week highlighting the areas of concern with recommendations.
It may be found at: Using your smartphone safely (FAQ)
To help keep your phones safe, we recommend:
- Resist the temptation to store any sensitive data on your phone for convenience sake (i.e., username/password combinations, account numbers)
- Set a phone password. Nearly all phones have method that requires entering a PIN after a period of inactivity
- Keep your phone’s software up-to-date. (i.e., iPhone and Blackberry have regular software updates that include important security patches.)
UPDATE, January 15, 2010: All scheduled maintenance was successfuly completed. All systems are fully operational.
On Thursday night, January 14, 2010, the network and server teams will be performing our normal monthly system maintenance to all servers and network equipment.
The downtime window will last from 7:00PM – 2:00AM.
The following services will have one or two small outages:
(You can continue to work, but may have brief pauses while services restart)
- GroupWise Full Client and IMAP Clients
- Novell File and Print services
- ICF File and Print services
- Powerfaids and NetPartner
- Web Server (main www.hsph.harvard.edu site)
- GroupWise WebAccess – NOTE – The new GroupWise WebAccess may require you to relogin, but you will not lose any work you have in a compose window. This new version has many new features, including an Auto-Save feature that is integrated with the “work-in-progress” folder.
The following services will not be affected:
- HPCC system
- HSPH Unix server
In late-October, the Information Technology Department began an important project to provide full disk encryption for all Harvard-owned
laptops using McAfee Endpoint Encryption.
Our work continues in the new year.
If you didn’t do so in the fall, we ask that all laptop owners fill out the brief form located at: https://webapps.sph.harvard.edu/internal/forms/laptop-encryption/
This greatly assists us with scheduling.
If there are any questions, please contact the User Service’s Helpdesk at 432-HELP.
With many in the HSPH community using Facebook or Twitter on a regular basis, there are potential security concerns to be aware of with either site. These security issues can have an impact on your computer at HSPH.
CNET wrote an excellent article prior to the winter recess highlighting the areas of concern with recommendations.
It may be found at: Using Facebook and Twitter safely
The Department of Information Technology offers:
- McAfee virus scanning products to the community free of charge.
- Additionally, automatic Windows updates are pushed out to the community for all users that utilize Novell.
Please contact the Helpdesk at 432-HELP for further information.
We are pleased to announce the promotion of Andy Ross from Unix Systems Administrator to HSPH Security Manager. Andy has worked in the HSPH Department of Information Technology at HSPH for the past 9 years and has played a critical role in keeping our core servers, including email servers, operating smoothly 24-7-365.
Andy’s extensive experience with both server and network administration will allow for a smooth transition to this new and
important role. In preparation for the new role, Andy spent several months training with both top security vendors and with central
university security professionals.
As security manager, Andy will oversee security technology and policies as well as work with the community to educate users on best practices. His work will involve a variety of systems and processes including:
- Web and application servers
- Confidential and high-risk information including student records, research data, financial and ecommerce information
- Secure file transfer
- Laptop and PC encryption
- Remote computing
- Community best practices
- Auditing, risk assessment and compliance work with school and central university administration
Congratulations to Andy!
Prior to joining HSPH, Andy served our country for 8 years in the United States Army rising to the rank of sergeant.
We are happy to have Andy on board providing security for HSPH!
Beginning in late-October, the Information Technology Department will begin an important project to provide full disk encryption for all Harvard-owned
laptops using McAfee Endpoint Encryption.
Full disk encryption is an important step in protecting confidential information and has now been mandated by Harvard University. Disk encryption provides valuable data protection for laptops that are lost or stolen.
There will be no charge to encrypt your laptop.
We ask that all laptop owners fill out the brief form located
Christopher Cahill, our desktop group leader, will be contacting department administrators and individual users in the coming weeks to schedule
the disk encryption. We are required to complete work by December 31, 2009. We have developed an FAQ about the product. It may be found at:
For more information on new University security policies or the product, please visit:
Occasionally, an email message phishing for information finds its way through our spam filter. Today, some users saw a message from a seemingly legitimate .edu address that read:
Your mailbox has exceeded the storage limit which is 20GB as set by your administrator,you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please click the link below:
Raubicheck, Prof. Walter F
Another recent email said:
To ensure quick, responsive e-mail services, it is necessary to establish limits on the amount of e-mail each user may store on the system. The
volume of e-mail you are storing on the Central e-mail system is now exceeding your normal space allocation. To request for more storage
space on your webmail account, simply click here
Please note that the HSPH Helpdesk will never ask someone in the HSPH community for username and password information for any HSPH server or service via email.
Any messages received that are phishing for information should be deleted. Protect your accounts!
Further reading on phishing: