Do you want to be a privacy officer?

After serving as chief privacy officer for the past year and a half, I will be retiring from Wayne State University at the end of the winter semester. We have been given permission to search for a replacement, so I thought I’d use this platform to say a little about what a Privacy Officer does.

The simplest way to describe it is to link to my Educause blog on “A day in the life of a Chief Privacy Officer.”

However, if you’re interested in the tl;dr1 version, allow me to give you the “elevator speech.” Universities, like nearly all other organizations, hold information about any and all people they deal with. For universities this includes data about students, faculty, staff, alumni and visitors. In 2017 it tends to be electronic records, although there are still thousands of pieces of paper with data on them as well.

Some of those records are sensitive. This means that the information could harm the person it refers to if it is released, or that its unauthorized release would subject the university to legal penalties because the data is protected by law. Or both. For example, social security numbers have become toxic (as we say in the privacy world) because those numbers can be used to commit identity theft. Student records such as grades are protected by the federal law known as FERPA and could cost the university embarrassment and money if they are released to unauthorized persons.

The privacy officer’s job is to help the university keep those records safe from inappropriate release by developing policies, by ensuring that employees are trained in how to apply those policies, and by reviewing how new methods of storing data (such as new versions of Banner or Academica) are configured to ensure the data therein is properly locked up.

This means serving on a lot of committees, meeting with administrators and researchers storing sensitive data, and speaking to groups such as the Academic Senate and the Administrative Council. It also means working closely with the Office of General Counsel, Internal Audit, the Associate Provost for Academic Personnel, and serving on the leadership team of C&IT.

If you think you might be interested in learning more about this position, you can find it listed at jobs.wayne.edu under position number 042601.


1 This popular internet acronym stands for ‘too long; didn’t read’. Usually an expression of disapproval.

Two-factor authentication is coming to your phone (or other device)

As I’m sure you know, the internet is an increasingly dangerous place, and the most frequent source of compromised computers is people responding to phishing emails. The Security office at C&IT is working 24/7 to keep track of phishing and block people’s access to bad sites, but unfortunately it is just not enough, so C&IT is about to introduce two-factor authentication for certain WSU websites.

The danger with phishing is that people will log into websites that are not what they seem to be, and input their credentials (AccessID plus password) . The bad guys running the phony websites then take those credentials and use them to log into sensitive Wayne State sites, like your bank direct deposit setup page, where they redirect your paycheck to a bank of their choosing. And yes, this has indeed happened recently to Wayne State employees. They also use those credentials to install bad stuff on your computer, which they then use to attack other computers within Wayne State.

Since people are easily fooled into clicking on things they shouldn’t, we’re also combating the problem from our end, by beefing up security on certain Wayne State websites—pages within Academica, like PayStub, Direct Deposit etc. We are introducing what is called ‘two-factor’ authentication. (The current system is ‘one-factor’ authentication, where you simply type your password, which is ‘something you know’ into a box). Two-factor authentication adds an additional layer of security by having you touch ‘something you have’1. Wayne State has contracted with Duo, a nationally-known Ann Arbor-based company to implement this additional layer.

How does it work?

If you have a smart phone (iPhone, Droid, Windows phone) you can download a free app on the device, and go through a simple registration process. You get the app in the usual way (from the App Store/Google Play etc., by searching for ‘Duo’). You go through a one-time set-up process, and after that, when you log in to the sites that WSU has protected through Duo, your phone will pop up an ‘Approve’ or ‘Deny’ button:

Duo on iPhone

If you push ‘Approve,’ Timesheet, Pay Stub, and a few other websites, such as native Banner2, will open up. There are additional wrinkles that can simplify your interaction with Duo–you can read about them here.

The process for other flavors of smartphone is the same. See here for Android and scroll down on this page for other devices.

If you would prefer not to use Duo’s app, you have many other choices. You can choose to receive a text message and then type that number into the website, or a phone call (where you can just press # as a response). And there are other ways to do it too. Details can be found here.

If you don’t want to use any device (smart phone, tablet, flip phone, computer) there are other ways to log on (contact the C&IT Help Desk for additional information).

For much more detail on how this works, go to our FAQ.

Many universities and other organizations with sensitive websites that everyone needs to access are moving in this direction. Normally it only adds one or two seconds to the time it takes to log on to Academica or Banner (C&IT employees have been using Duo for a few months, based on the cutely-named  notion that we should ‘eat our own dogfood’).

As always, if you have questions you can contact the Help Desk, or you can add a comment below–I always read and respond to comments.

_______________________________________________________________________________________________

1 You can read about this way of classifying security methods on this website.

2 Technically you will need Duo whenever you access ‘Self-service Banner’. This includes facilities you access from Academica such as Pay Stub, Time Sheet, Direct Deposit, tax forms etc. In short, to get to any page within Academica that looks like this:

Self-service Banner image

 

What does the Yahoo Breach mean? Fix your password now!

You may have heard that Yahoo suffered a security breach which they revealed last week, although it’s not exactly clear when it happened, or even when they became aware of it. You probably don’t think this matters to you, but you might be surprised. There are some things you should do immediately, and some things you should do in the next few days.

First the facts: According to Reuters,  at least 500 million (yes, half a billion) accounts were hacked. That means that user names, email addresses, telephone numbers, birth dates, and encrypted passwords were all stolen. Unencrypted passwords, payment data (bank account information) were not taken. According to Bruce Schneier this is the largest breach in history.

Yahoo is claiming that the breach happened in 2014, and that they became aware of it recently, although some have questioned that claim.

So what does this have to do with you? First, if you know you have a Yahoo account, change the password now. Although they claim it happened two years ago, unless you’re sure you’ve changed the password since then, change it now.

Second, many other things are linked to Yahoo. For example, if you have a Uverse account, and use the email address associated with it, that’s the same set of credentials. The same for Flickr. Also, change the security questions (and especially the answers).[1]

Finally, if you used the same password for any other account, particularly your Wayne State email/Academica/AccessID account, CHANGE THE PASSWORD NOW!!! Especially if you have the same access ID (i.e. as I do, geoffnathan@yahoo.com)[2]

This is a good reason, unfortunately, for the annoying requirement for frequent password changes—people reuse passwords. On the other hand, if you use a password manager (like LastPass or Dashlane or Keepass) you don’t need to worry about it. You can read a discussion of the various password managers here

Finally, check back here later in the week to hear about a new security measure C&IT will be implementing that will change the way you get to things like your pay stub, your time sheet and your direct-deposit information in Academica.


[1]    This is a good time to reiterate that you should not use standard answers to security questions. So if it asks you your mother’s maiden name, LIE. Nobody cares, and that answer can’t be Googled, and isn’t on Facebook. Just make sure you record you answer somewhere where you can find it.

[2]    And, before you can get smart with me, as I am writing this I have already changed it.

Has Academica left you apoplectic? Does Wayne Connect leave you feeling disconnected?

New systems come with new puzzles, and our two new connection apps certainly have had that effect. C&IT is offering free training/help over the next few days. All sessions will be held in the Purdy/Kresge Auditorium (use the entrance nearest the Student Center).

The sessions will cover topics from setting up your inbox and syncing Wayne Connect to your mobile device to using streams and getting the most out of our new portal.

Here are the available sessions:

Wednesday, 9/2: 9:00 a.m. – 10:00 a.m.                             Thursday, 9/10: 3:00 p.m. – 4:00 p.m.
Wednesday, 9/2: 10:30 a.m. – 11:30 a.m.                            Monday, 9/14: 9:30 a.m. – 10:30 a.m.
Thursday, 9/3: 1:30 p.m. – 2:30 p.m.                                   Monday, 9/14: 11:00 a.m. – 12:00 p.m.
Friday, 9/4: 10:30 a.m. – 11:30 a.m.                                     Friday, 9/18: 9:00 a.m. – 10:00 a.m.
Thursday, 9/10: 1:30 p.m. – 2:30 p.m.                                 Friday, 9/18: 10:30 a.m. – 11:30 a.m.

You can RSVP for these sessions by logging into Academica and clicking on this link:

https://www.eaa.wayne.edu/event_new/session_registration.cfm?eid=1650

Remember you can always call the Help Desk at (313) 577-HELP or emailing helpdesk@wayne.edu

Thoughts and tips on using Academica

Academica has been the University’s official portal for a few days now, and the Feedback section has been filling up with likes, dislikes and assorted comments. I’ve combed through the comments so far and have a few thoughts I’d like to share.

Appearance

First, there is the notion of a ‘portal’. In contemporary computing terms, a ‘portal’ is a webpage that leads you to facilities that permit you to do stuff. It’s different from an organization’s ‘website’, which is a webpage that allows you to find out stuff. So a portal should be interactive, while a website should be like a reference work (an almanac or a phone book, or even an encyclopedia).

Categorization

So, most of the links that appear in Academica are either interactive (‘see my paystub’, ‘check my grades’, ‘search for a journal article in the Library’) or lead to interactive links (‘Benefits and Deductions’).

Of course, some lead to other portals, such as the link to the IRB in the Office of Research, and a few are there even though they are static, simply because of popular demand (‘Campus Map’, ‘Research Compliance’), but the principle distinction was between ‘doing things’ and ‘finding out stuff’.

Finding stuff

If you want to use Academica as your portal for everything, you can use the search box at the top and select (with the drop-down arrow) to search the WSU Website, where you can find anything that is searchable (parking structure maps, English major requirements, General Counsel’s office) on the wayne.edu domain.

Appearance

A number of folks commented on the visual appearance (some in less than complementary terms), and seemed to think Pipeline was more visually appealing—an opinion I’d challenge, myself. However, the main reason Academica looks the way it does it that it was designed from the ground up to be easy to use on any device, and particularly to be easy to use with smaller devices, like phones and tablets. It actually detects the size of your display and customizes itself automatically. The reason for this is that increasing numbers of us use mobile devices as our primary means to access the electronic world. A recent study showed that ninety percent of Wayne State students bring smartphones to their classes, and now they can use their phones to check the status of their bursar’s account, or their final grades, and employees can check their paystubs (I just checked mine with my iPhone 5s in three ‘clicks’).

Why did we do this?

Pipeline is at the end of its development cycle–the company that made it is no longer supporting it. That makes it like a car whose spare parts are unavailable. It could keep running, but if it broke suddenly it can’t be repaired. C&IT decided it was better to replace it before that happened, and our local app-programming gurus built something for the twenty-first century. In addition to being usable on all devices it is very adaptable. It will not break a sweat if twenty thousand students check their grades all at once. Those who used Pipeline over the years know that it tended to roll over if demand got heavy. Academica is pretty resilient and should not do that.

Academica is here

As of July 31, Pipeline is being switched off, and will be replaced by Academica. Everything you used to use Pipeline for can be done through Academica, but faster (i.e. with fewer clicks). You can get to:

  • time sheets
  • registration
  • TravelWayne
  • pay stubs
  • class schedules
  • reporting
  • SET Scores

Academica learns your preferences. While the initial display is generic, after you have clicked on particular links a couple of times they will always appear on the ‘front page’. But if you don’t see something, you can always use the search box, a very powerful search engine that can find any link you might need (Search box is circled in red):

Academica search box

Academica also permits messaging within the Wayne State community. Like Twitter it permits #hashtags and @ mentions (ask someone younger than you if you don’t know what those are 🙂 ). Academica is also designed to work perfectly on mobile devices of any size screen.

The ‘stuff on the left’ is a series of threaded conversations, akin to comments on Facebook and similar social networking sites. If that kind of thing doesn’t appeal to you, you can ignore it, but it allows you to ‘converse’ with others in the groups to which you are automatically subscribed (such as one for each class you are registered in, if you are a student) or to create new ones on the fly to hold discussions either in private or publicly.

Finally, as always, ignore any email message that says you have to ‘do something’ to transition to Academica. And especially, don’t click on any links in such messages. When in doubt, type the name into your web browser yourself:  academica.wayne.edu or a.wayne.edu for short. That way, you always know where you are. And where you aren’t.

If you have questions, contact the C&IT Help Desk at (313) 577-HELP or helpdesk@wayne.edu.