At this point, I would guess that basically every Wayne State instructor has learned of the university’s decision to migrate from our current learning management system (LMS), Blackboard (Bb), to a new one called Canvas, which is made by a company called Instructure. This semester I was offered the opportunity — along with about 20 colleagues — to be one of the first instructors to teach classes in Canvas. As I learn about Canvas, I’ll do some journaling about my experiences and share them with the campus community so you have an idea of what to expect.
Knowing that change can be hard for a lot of people, a thoughtful and deliberate process to review and update our LMS has been underway for about one year. I have been involved in this process since the beginning and I am confident that the decision to move to Canvas is the best outcome for the university. You can learn more about the process and the decision at canvasproject.wayne.edu/process.
One huge advantage is that Canvas is a cloud based application—meaning that it is maintained by Instructure an Amazon Web Services hosting. This means that we will never have a moment like the beginning of the last academic year when we experienced several days of downtime. With hundreds of universities dependent on this application Instructure must guarantee reliability. They have the capacity to create backups and redundancies that Wayne State simply cannot create alone.
So, what do I actually think of Canvas?
First of all, I like it very much. Has the move over been without hiccups? No. I didn’t expect it to be. I’ve been using Bb for about 17 years and even though it very frequently drove me insane, I had become accustomed to its user interface and the Bb way of thinking. However, I have already found using Canvas to be more intuitive than Bb ever was. I’ve also found that even though the learning curve slows me down, I can do things more quickly than in Bb. Finally, I have to say that my students are far more receptive to Canvas and are having a far easier time with it than they did Bb.
Next semester, we are on schedule to have five colleges/schools using Canvas. University-wide usage will begin in the fall semester of 2018 with Blackboard being completely shut down in September 2018.
This is my first installment of this series of journals. I know I have not gone into any specifics of using Canvas. Don’t fret, they will come. For this entry, I simply wanted to outline our journey to Canvas.
In honor of National Cyber Security Awareness Month (NCSAM), I thought it would be helpful to explain three key Wayne State University technology systems that help protect the network and the privacy of employees and students. Keep an eye out all month for this series!
The first technology that I want to discuss is the WSU Virtual Private Network or VPN.
In a recent discussion with a colleague in my home academic department, I was asked: “What is this VPN thing that I’m being asked to use to access STARS?”
Simply put, I explained, once you sign in to the VPN it is the equivalent to being on campus and working on WSU’s network. A VPN provides a secure, encrypted tunnel in which data is transmitted between the remote user and a company’s network. It allows our Wayne State employees to access systems remotely and maintain a secure link to those important systems.
VPNs are becoming more well known since the federal government recently overturned regulations that would have required internet service providers to get your explicit consent before they share or sell your web browsing history and other sensitive information [i]. For this reason, many tech-savvy consumers are choosing to use a private VPN service to protect their identity and online activity. In the same way as described above, this means that no one can eavesdrop or track a user’s online activities.
A VPN is especially useful when accessing public Wi-Fi hotspots that may not be secure or when accessing the internet from another country. They provide you, the consumer, with unfettered internet access, and help to prevent data theft and unblock websites.
As privacy matters are becoming more and more important, secure technologies make certain that the data that we use in our work here at Wayne State is secure. I would also suggest, if you are concerned about your own privacy on the internet, that you consider using these technologies in your everyday usage of the internet. There are many VPN services available to the public and they can do a great deal to protect your information.
The Wayne State VPN has an additional layer of security with two-factor authentication. I’ll share more about how this works next week.
Learn more about the WSU VPN on the Computing & Information Technology knowledge base:
- What is the WSU VPN?
- Who can use the WSU VPN?
- How do I access the WSU VPN? How do I access it on iOS or Android?
Oct. 1 begins National Cybersecurity Awareness Month (CSAM). This is an initiative that was co-founded by the National Cyber Security Alliance and the U.S. Department of Homeland Security. Now in its fourteenth year, this month of watchfulness stretches to countries around the world under the auspices of CSAM. As we move into the month, I want to remind the Warrior community that we are all responsible for our own cyber security. The core message of CSAM is that the, “internet is a shared resource and securing it is our shared global responsibility.”
In order to encourage everyone to take Cyber Security into their own hands, the NCSA has initiated an awareness and education campaign for online safety and protecting your personal information. It is called: STOP. THINK. CONNECT.™ The great thing is that people are in no way being told that the internet is so dangerous that we shouldn’t use it. The campaign is just stating that we all need to stop to think about the consequences of our actions and then enjoy all the benefits the internet has to offer.
The National Cybersecurity Alliance has some pointers I’d like to offer you so that you can remain #cyberaware:
- Lock down your login: A password and a username is not really enough to protect your important accounts. Use stronger authentication tools (security keys, biometrics, etc.) whenever possible. Two-step authentication can be your best friend when you want to keep your info safe. (Find info about two-step authentication at Wayne State at kb.wayne.edu/160520.)
- Keep a clean machine: Make certain that all software and apps on your mobile devices and computers are up to date. This makes certain that security updates are working in your favor.
- When in doubt, throw it out: If you receive an email, tweet or posting that has a link and you do not recognize it, just delete it or mark it as junk.
- Back it up: Protect all your digital information by keeping copies in a safe place. You do not want to lose your valuable data if something should happen to one of your devices.
- Own your online presence: Make certain that you are comfortable with your privacy and security settings for websites. The site’s default may tell people more about you than you realize. Check your privacy settings.
- Share with care: Think before you post anything about yourself or other people online. What is revealed could affect you or your friends and family more than you initially think.
- Personal information is like money. Value it. Protect it: Your interests, location, purchase history, etc. is valuable to a lot of people. Be mindful of the apps and websites you are using and what they may be collecting about you.
The internet offers a plethora of information and entertainment. While you are online laughing at cat videos, make certain that you are watching out for your privacy and security. Be #cyberaware
Former Information Privacy Officer Geoff Nathan got firsthand experience with Wayne State’s new eduroam service this summer. Check out what he had to say.
— Michael Barnes
Wayne State University has joined the international consortium known as eduroam. Eduroam allows anyone with login credentials at member universities to log in to the network at any other member institution.
What does this mean?
It means that if you can log in to the Wayne State wireless network (the secure one), then you can log in to the wireless network at any other academic institution that is also a eduroam member. This means you have a secure Wi-Fi option at hundreds of universities, research institutes and more.
How well does it work?
Very well! This past summer I visited the University of Hawaii (Manoa campus)1, Tartu University in Tartu, Estonia and Southern Illinois University Carbondale. While on the campus of each place I simply chose eduroam as the network I chose to connect to, entered my Wayne State credentials and immediately got access to their network.
The only drawback is that you may get a mysterious error about certificates, but this only means that the university has made a small configuration error, not that there is a real problem.
So next time you are visiting another academic institution around the world, you probably can use their secure Wi-Fi with your WSU AccessID and password.
Find a full list of every eduroam institution around the world (sorted by country) at eduroam.org/where/. There are over 500 eduroam institutions in the United States alone and there are additional institutions in nearly 100 other countries.
1 Yeah, I know. But I’m an alum. I lived there in the ’70s.
Those who know me (or those who occasionally look at the blog listings on Today@Wayne) may know that after 15 years at Wayne State University, I announced my retirement this past spring. I was proud to serve as Wayne State’s first Information Privacy Officer and I’m confident that my successor, Michael J Barnes, will be able to do even more with the role. You already met him when he posted over the weekend about the nasty Equifax security breach. Please join me in welcoming him.
Thanks for reading this blog over the years. I may do a guest post from time to time, so this won’t be the last you hear from me. Now for a few words from Michael:
Hi all. I am an Associate Professor in the College of Fine, Performing & Communication Arts in the Maggie Allesee Department of Theatre and Dance, having served as the Artistic Director and on its Executive Committee since 2011. I’ve served on numerous committees at Wayne State and, as a member of the Academic Senate, served on the Facilities, Support Services, and Technology Committee. Before I came to Wayne State, I was faculty at the University of Miami in the Department of Theatre Arts, also teaching in their School of Law, and at Temple University. I’ve been obsessed with technology since I started learning on the original Macintosh computer.
I’ve worked with Geoff on a handful of projects in my time at Wayne State and I’m excited to become a member of the C&IT team and turn my passion for technology into a position where I can effect change. I’m taking over the ProfTech blog, so keep an eye out here for regular updates about university privacy and how faculty can best use technology resources. You can also reach me at email@example.com with questions or comments about university privacy.
In the wake of the cyberattack on Equifax and the loss of the personal data of millions of U.S. citizens, I thought it would be interesting for the Wayne State community to know a bit more about cybersecurity on our campus.
Wayne State takes your privacy and the storage of your information very seriously. C&IT works constantly to make certain that all information is kept safe. It is a top priority to keep our employees information safe and to make certain that we uphold standards set by regulations like FERPA and HIPAA.
For a brief overview to understand the university’s methods of securing data, Director of Information Security Kevin Hayes shared the active controls utilized here at WSU:
- Multiple layers of firewalls
- Regular vulnerability scans check for malware and security issues on our central servers
- Automatic blocking of new attackers and threats
- Two-factor authentication for access to sensitive data
- Manual reviews of servers, systems and processes to ensure data integrity
He also shared metrics to understand just how successful the firewall and security systems have been at Wayne State.
On a typical day, university firewalls block:
- 187 million connections at the Internet edge
- 8 million connections for residence halls and housing
- 7 million connections at the data center
- 1 million connections at our Disaster Recovery (DR) site
- 300,000 connections for the President, Provost and Office of General Counsel
- 200,000 connections for the WSU Police Department
In the month of Aug. 2017, the systems:
- Dynamically blocked 2,844 attackers attempting to scan our network
- Blocked 4,373 viruses and malware components
- Prevented 482,316 outbound connections to other malicious destinations
- Thwarted 91,793 hacking attempts
Yes, you read that correctly. There are close to 200 million attempts to hack into WSU systems in one day. When I first heard these figures, I was shocked. In our modern world, it is virtually impossible keep information about you completely private. Rest assured, WSU does everything possible to make certain that we are never the source that compromises your personal privacy.
On Thursday, Sept. 7, the national media reported that Equifax, which is one of the three major consumer credit reporting agencies, has been the victim of a cyberattack that affected 143 million customers. Whether you like it or not, this will likely affect you, your spouse, or any number of your family members. Unfortunately, I know many people who seem to walk blindly into what are now the forests that constitute our modern commerce and economy. Some of them feel they are protected because they don’t shop online, or because they don’t pay their bills online, or because they only use their debit card…or, or, or… That simply is not the case anymore; no one is immune to identity theft.
In the last few years, we have been seeing a rising number of major corporations being hit by this type of attack. We saw the national retailer, Target, experience a security breach in 2013 where the names, credit card numbers, expiration dates, and security codes of approximately 40 million people were stolen by hackers. Yahoo was hit by a couple of these attacks — the information of over one billion account holders was breached.
You may think “I’m not a customer of Equifax; It doesn’t affect me.” This simply is not the case. Whether we like it or not, we are all customers of Equifax. As one of the three major credit bureaus (the other two are Experian and TransUnion), any time you apply for a credit card, a loan, or utilize your bank, your information is being shared with these agencies. They maintain consumer credit information and sell that information to businesses in the form of credit reports. Though they are heavily regulated, they are publicly traded, for-profit agencies.[i]
Media sources have reported that hackers may have gained access to sensitive information, which includes social security and drivers’ license numbers, for 143 million customers. Given that the current adult population of the United States is 245.3 million people, this means that over half the adult population of the U.S. has now had their information stolen and is at risk for identity theft.
A quote from the New York Times indicated that in severity, on a scale from 1 to 10, this attack is a 10. Unlike the Yahoo or Target attacks, thieves were able to acquire information of a more personal nature. They were able to retrieve names, birth dates and addresses; information that would allow access to bank accounts, employee accounts and medical information; the credit card numbers for 209,000 people; and documents used in personal disputes for 182,000.[ii]
What Do You Do?
It is important that all individuals investigate as to whether their information has been compromised. Equifax has set up a site to help determine whether your data is at risk. That site is: equifaxsecurity2017.com/. You should also acquire a free copy of your credit report from one of the three major agencies. This can be obtained at annualcreditreport.com. If you think your data has been used, be certain to contact your local law enforcement officials. In addition, if you find that your information was stolen, you should place a fraud alert on your credit files; the FTC has a website with a guide for placing a fraud alert. Equifax is also offering all consumers the ability to freeze their Equifax Credit Reports as well as making use of their Credit Protection Service for free for one year.
It is worth noting that the Attorney General of the state of New York has pointed out that the terms of service for Equifax’s credit monitoring service, TrustedID Premier, say that users give up their right to participate in a class-action lawsuit or arbitration. However, he has also stated that, in the case of this breach, those Terms of Service would not be able to be upheld in a court of law.
As one last point, I would suggest that each of you take the time to contact your elected Representatives and encourage them to examine the policies we have in place for consumer data protection. This type of event demonstrates the importance of making certain that this the industry of sharing your financial data be strictly regulated. The information that these cyber-thieves acquired could affect people for years to come.
- Equifax Site to Check Data and Utilize Protection Service: equifaxsecurity2017.com/
- Obtain Your Credit Reports: annualcreditreport.com
- FTC Consumer Information on Placing a Fraud Alert: consumer.ftc.gov/articles/0275-place-fraud-alert
- New York Times “How to Protect Your Information Online”: nytimes.com/interactive/2017/technology/how-to-protect-data-online.html
Since my initial writing of this posting, I have read a number of articles on how to best handle the Equifax breach. In my opinion, the best way to deal with it is to have a freeze put on your credit file with Equifax and the other services. Because it makes makes it so that no credit report can be run, it stops any thief from opening credit in your name. If you need to apply for credit you temporarily thaw the account by providing a PIN number (which will need to be kept in a very safe place where you cannot lose it). Of course, the credit services do not let you freeze an account for free, nor do they thaw it for free. However, the cost is far less than what you might experience if you are the victim of identity theft. Equifax has bowed to pressure, however, and will offer credit freezes free for the next 30 days.[iii] If you are still a bit confused about just exactly what to do, I would suggest these articles the New York Times, “Equifaxes Instructions are Coinfusing, Here’s What to Do Now“the Chicago Tribune, “After the Equifax Breach, Here’s How to Freeze your Credit to Protect your Identity.”
[i] Irby, LaToya. “What You Should Know about the FCRA.” The Balance. 11 May 2016. https://www.thebalance.com/what-you-should-know-about-the-fcra-960639
[ii] Bernard, Tara Siegel, Tiffany Hsu, Nicole Perlroth, Ron Lieber. “Equifax Says cyberattack May have Affected 143 Million Customers” New York Times. 7 September 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html?hpw&rref=business&action=click&pgtype=Homepage&module=well-region®ion=bottom-well&WT.nav=bottom-well
[iii] Leiber, Ron. “Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees for 30 Days.” New York Times. 12 September 2017. https://www.nytimes.com/2017/09/12/your-money/equifax-fee-waiver.html?mcubz=3
My colleague and acquaintance, Bruce Schneier, wrote a good article about what we can learn from the Wannacry attacks of last month. It’s both in the Washington Post and the Metrowest Daily News (the WP article is behind a paywall for me, but you may be able to read it).
P.S. I have recently retired, but will occasionally return to post on important issues related to security and privacy.
Although all Wayne State employees have the ability to download and use the Microsoft Office Suite (including Word, Excel, Powerpoint etc.) it is only available to current employees. When you retire you will probably find that eventually the license will expire. Then what do you do?
One simple possibility is to purchase an individual license for the Suite, which is available from Microsoft for $99/year. If you are not comfortable doing that, there are several options available that I will outline here.
If you really want to stay within the Microsoft environment, all Wayne State employees, students and retirees have access to the online versions of all of these programs. The online versions are not as powerful as the desktop versions (for example the online Word doesn’t have Track Changes, which makes it useless for sharing editing tasks), but they are good enough for most tasks, and are free as long as you have access to Wayne Connect.
Otherwise, if you are comfortable in the Google universe, there is a complete set of tools available for free from Google. These include Google Docs, Sheets, and Slides. They only work online, but all of them allow conversion (and downloading) to the more widely used Microsoft equivalents (and conversion can go both ways). The interface is quite different from the Word (etc.) interface, but does everything that most people need to do (Sheets probably doesn’t do the kind of complex statistical and modeling that Excel can do, nor the complex formatting you can do with Word or similar dedicated word processors). Here’s a screenshot of what a sample CV document looks like in Google Docs:
Second, if you are willing to spend some money there are high-end competitors to Word that do some tasks better than Word. I have for twenty years used Notabene, a powerful academically-oriented word processor written for those in the humanities. It has built-in support for commonly used scholarly languages (anything using the Roman alphabet, Hebrew, Greek, Arabic) including the ability to mix left-to-right and right-to-left orientation in the same line, a powerful, built-in bibliography program that both stores and inserts references following commonly used style sheets, and a textbase app that permits you to index your files and search for anything, then insert the relevant context into a document. But it’s about $400 (although you can try it out for free—it just won’t print). On the other hand, that’s a one-time only expense, since you’re actually buying it, not licensing it. Here’s a screenshot of a multilingual document in Notabene1 :
Finally, there are some decent free alternatives beyond the Google suite. I have been playing with WPS Office for Windows, which is a free download for Windows, iOS, Android and Linux. It has a user-friendly interface that greatly resembles Word (and Excel etc.) and can handle their files with ease. It’s free, although there’s a relatively reasonable subscription version (WPS Office for Windows Premium) that goes for $25/year. You can find it at wps.com/office-free.
Another free competitor comes in at least two flavors: Apache OpenOffice and LibreOffice. They are very powerful office suites, but I find their interfaces somewhat user-unfriendly for those who are used to the Microsoft varieties. These programs are open-source, which means that they are being developed by communities from computer source code that is open to anyone. As with all the other alternatives, these permit conversion to and from the more familiar .docx and .xlsx formats.
Finally, if all you want to do is read Word, Excel and Powerpoint files, you can download viewers that permit you do just that: Word Viewer.
In short, although it’s a little annoying, you can keep working from home after you retire. As I plan to do…
 I am not affiliated with Notabene, but I have been using it since 1987. Another multilingual word processor is Nisus.
I have received many questions from my friends about what to do now that Congress voted to repeal the online privacy rules created last October by the Obama administration.
The first thing to do is to avoid panic. Those privacy laws never took effect, so I believe we are now no worse off than we were before last October, although some commenters are disputing this.
What did the proposed regulations do? They would have forbidden your internet service provider (ISP) from collecting and using data of your online activities. Particularly from selling that data to other merchants (such as Amazon or Facebook).
When you browse the web from home (or from your phone) your ISP (Comcast, AT&T, WOW, Verizon etc.) routes your traffic from your device to the website you are visiting. That information is, of course, stored by your provider and can be aggregated and sold to the highest bidder. And, of course, if the information is stored, it can be subpoenaed, seized through a national security letter or stolen and sold online to somewhat less reputable people than Comcast.
And all of these things have happened already (Schneier’s article cites real examples):
- What the repeal of online privacy protections means for you, The New York Times
- Congress removes FCC privacy protections on your internet usage, Schneier on Security
- Five creepy things your ISP could do if Congress repeals FCC’s privacy protections, Electronic Frontier Foundation
What can you do to prevent your ISP from seeing where you browse and what websites you look at?
The best solution is to use a Virtual Private Network (VPN). A VPN is like a tunnel that routes all your internet browsing through a neutral pathway so that nobody outside the tunnel can see it. Your browsing is encrypted from your computer to the entrance to the tunnel and outsiders can only see traffic from the tunnel to your target website. Thus nobody can tell where you are browsing.
VPN’s were developed to permit protected information being transmitted across the web. If you are a Wayne State employee you can use the Wayne State VPN. If you do so, your computer (or smartphone — the VPN works with those too) talks only to Wayne State, effectively making it part of the Wayne State network. But any browsing traffic (or downloading) is encrypted, so that nobody can snoop on it (with the possible exception of the NSA, although there is some dispute about whether even they can break 64 bit encryption). You can learn about, and use the Wayne State VPN here: computing.wayne.edu/vpn.
Even if you’re not worried about Comcast or AT&T snooping on your web activities, there are good reasons to use the VPN, particularly if you are not at home. Random Wi-Fi connections in public places are notoriously vulnerable to snooping, and the VPN will protect your laptop or smartphone there. And, of course, I have written over the years about international travel and the possibility that other governments might watch over your shoulder to read your email or other activities. A few countries (China in particular) attempt to block the use of VPN’s, although they generally leave universities alone.
When you use a VPN all traffic from your computer to the website you are looking at goes through the Wayne State (or alternative–more below) first, and is encrypted from your computer to the target website. That means if someone snoops on your computer all they see is encrypted traffic from you to Wayne State. They can’t see where you are browsing.
Here’s a diagram of what happens when you DON’T use a VPN:
And here’s a diagram of what happens when you DO use a VPN:
It should be said that for older machines and slower network connections there might be a slowdown in how fast a page loads, and we don’t recommend using the VPN for streaming movies.
One last thing: be aware that when you visit a website whose URL begins with https: any text you transmit to that site is encrypted, but any site that begins http: is not encrypted. In addition, sites with https: are authentically what they say they are. You can tell this because there is a green padlock in the address bar, and the text sometimes includes the name of the company.
If you don’t have access to Wayne State’s VPN there are .alternatives. Kevin Hayes, our Chief Information Security Officer recommends not using the various free VPN’s on the market, pointing out that ‘if you are not paying, you are not the customer’. However, PC Magazine has a rating of various commercial VPN options here: pcmag.com/article2/0,2817,2403388,00.asp.