Microsoft Teams at WSU

Recently you received an email from C&IT introducing Microsoft Teams. Microsoft is trying to promote Teams as a way to communicate and work with classes, and has an engineer working with WSU to help us use the program here, and foster its use further with other universities.

First of all, let’s answer, “What exactly is Teams?

Teams is a chat-based workspace built into Office 365 (what your Wayne email is a part of). It is meant to bring people together—both in conversations and content. It integrates and uses all the Office 365 tools so that you can collaborate and achieve even more.

Teams is taking over the functions of Skype for Business too—which will eventually be phased out—integrating Skype functions directly into its interface. Use Teams to work on projects between meetings—or use it for a meeting. The fact that it has the functionality of Skype for Business incorporated into it means that you can simply switch to a video meeting on the fly.

But why would you want to use a chat-based tool?

The barrage of emails we are all receiving is becoming harder and harder to keep up with. I know that I get hundreds of email messages a day and sometimes it’s difficult to make it through them all. In a chat based app, it’s easier to scan through the conversations to find information quickly. As a teacher, you can compare it to a discussion board in a LMS.

Though I have not used Teams in class, I have become a big proponent of using it here at C&IT. Here are a couple examples of my experiences with the app.

Collaboration in special groups

In C&IT, we have been moving to integrate it into our work for a while. The best example of this, that I am involved in, is the Data Governance committee. This committee consists of 54 people from all over the university. The amount of information being shared on this committee is enormous.

Every team that you are a member of has a general channel. That is your main meeting space. You can also add channels, which allows for a second working area for our subcommittee. It’s also helpful that you can control the people who are in each channel.

Team Structure
Figure 1: A Team structure: various channels are listed under the team.

Using files and tabs

I was recently chairing a search committee for a new position in my academic department. Teams was what bound us together through the project—it made the process far more efficient.

To make certain that everyone had access to the CVs, references, introductory letter, and supporting materials, I loaded them all into the files section of teams after I had downloaded them from the WSU jobs site. While doing this directly from teams could take a while, there is a function in teams to Open in Sharepoint. With this, after it opened in my browser, I could easily drag all the applicants’ folders into SharePoint.

Figure 2: File

By far the most handy function is the ability to add other options from the Office 365 suite (or other third-party applications) to a Team as tabs. As we were working on the search, I chose to have our analysis forms be entirely electronic and used Microsoft forms. I was able to add a tab directly into Teams so that my team members could complete the form for each candidate.

Figure 3: A Form Tab

Alternatively, I also made tabs to see the results of the forms.

I used these forms in a couple of ways during the search. Not only did I use them for analysis, I also used them as a form to enter information while speaking with references; as a form to record answers to questions during Skype interviews; and to vote to choose the candidates to bring for on-campus interviews. Since the information can easily be exported as an Excel file, it can later be used in many ways: to create letters from a mail merge of the information; to re-examine answers from interviews; and summing and sorting the the scores each person on the search committee gave the candidates for each of their desired qualities.

Figure 4: Check-box voting

Here I have demonstrated some of the ways in which I have added functionality to Teams via the tabs. Many functions can be added that are helpful in your course simply by clicking on the plus (+) symbol. Figure 5 shows types of the apps that can be added—there are hundreds of them.

Figure 5: List of tools for functionality
Figure 5: Tools for Functionality

Figure 6 demonstrates tools that are geared specifically towards academia; These are available simply by clicking More apps.

Figure 6: List of Educational Tools
Figure 6: Educational Tools

Teams is an amazing tool for connecting people, and I recommend you seriously consider using it as a part of your classroom.

Happy Data Privacy Day!

Keep your messages safe!

January 28 is Data Privacy Day! To honor the day, I thought I would give a little tip to all of you Warriors.

If you are like me, I’m going to guess that you receive countless numbers of email per day. It is likely the most utilized tool for your daily tasks. Statista reported that 269 billion emails were sent and received each day in 2017 and that 293.6 billion will be sent per day in 2019 (Daily number of e-mails worldwide 2017 | Statistic). Though it is an amazingly helpful tool, it needs to be used in the best way possible. More than once, I have learned of personal data via email through the university’s email systems, which sends chills of fear up my spine. Though it may seem like your message goes straight from your computer to whomever will be receiving it, email is far from private.

The best analogy that I can give you to understand the security of email is by posing this question: Would you take your social security number, your date of birth, your contact information, and information for a couple of bank accounts; write it onto a post card; and drop it into a mailbox to be sent to a trusted friend?

I seriously doubt it. Email can easily be intercepted by the least experienced of hackers. Never give any personal, financial, or important information to someone via a regular email message.

You may ask, “So, how can I get this information to someone privately?” Use encrypted messaging!

Our IT Team has set it up so that sending a message using our Outlook service is absolutely simple. Here’s what you do:

  1. Write your message as you normally would.
  2. In your subject line add this before your message’s subject: #secure
  3. Send it!

That’s it! You are done. The recipient will receive an email that has special instructions as to how they can get to the message. Via their browser, they will be sent to a page in WSU’s Outlook account.

Data Privacy Day Bonus!

This is really a reminder for anyone who missed the message I posted for last year’s Data Privacy Day.
You can now never change your WSU password again.

Currently, every six months, you receive a message that informs you that you must change your password to access all the WSU systems (Academica, Wayne Connect, Canvas, STARS, etc.). Then, you rack your brain to come up with something you know you will remember and haven’t used before—blending that perfect amount of lower and upper case letters, numbers, and special characters.

You can now make a password for yourself and never have to do it again.

How, you ask?  Simple. Using the same requirements but make a password that has 15 or more characters in it. If you do that, you’ll never be asked to change your password again.

You ask, “How will I remember a password with 15 characters?”

I suggest choosing random words that are easy for you to remember, add a number and a character. Security experts have learned that using multiple random words (three and up is best) provides a great balance between usability and security.  These types of passwords are actually difficult for hackers to determine.

Next time you are asked to make a password, make one with fifteen characters. It will save you time because you will never have to do it again.

Don’t be a phish, take Google’s security quiz

Phishing graphic

Today I was sent a link by Geoff Nathan, WSU’s former privacy officer. It was a really nifty tool so I thought I would share it with you — Google just released a phishing quiz to test your knowledge on phishing messages. It takes eight minutes; you can finish it quickly.

WSU’s C&IT security team does an amazing job at keeping the majority of email scams out of your inbox, but in the event that you encounter one before we do, it’s best to be prepared. My apologies to any of you who have dreamed of joining the band Phish.

I am issuing a challenge to all of you: take the test.

Take Google’s Phishing Quiz

Vector Graphics by Vecteezy.com

Naughty or nice: Beware privacy policies when you gift tech

Holiday season is in the air. Some of you may have just celebrated Hanukkah; others will be celebrating Christmas, Kwanzaa, or Winter Solstice. If, you are sharing presents as part of those celebrations, you may want to more closely examine the gifts you are giving or receiving.

It is predicted that people in the United States will spend approximately $3.8 billion on smart home devices like Amazon’s Echo or Google’s Home. This does not even include other Internet of Things (IoT) and internet-connected devices. These devices provide almost unimaginable convenience and connectivity. However, cyber-security experts warn that there are risks associated with being plugged in all the time.

Every time you purchase one of these devices, somewhere along the way, you will be presented with a privacy policy issued by the maker of the device. We have all seen these; they are cousins to the end-user license agreements (EULA) that people have waded through with software purchases since sometime in the 1980s. These agreements basically are a use-at-your-own-risk warning that ensures the software maker is not held accountable for anything that goes wrong as you use your computer. A privacy agreement is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy. If you are like most people, you just want to get to using your new device or app, so you scroll to the end of this lengthy document and click accept.

You may want to take a bit more time to look over those privacy notices, though. Smartphones have really pushed consumers to appreciate convenience and connectivity. With that convenience come some costs. Those costs are tied into privacy policies — if the companies making these devices prioritize privacy at all.

Luckily, the Mozilla Foundation  — you likely know them via their subsidiary, which makes the Firefox browser — has a guide to help people as they make gift decisions. As the organization believes “the internet must always remain a global public resource that is open and accessible to all”, it has been highly active in advocating for security and privacy.

Mozilla’s list is known as the “*Privacy Not Included Guide“. To prepare the list, Mozilla allows users to list items on a scale from “Not Creepy” to “Creepy.” It’s an easy-to-navigate website that shows photos of products, lists them in categories and — most importantly — tells consumers whether they feel the gifts maintain a set of minimum security standards for IoT devices. These standards include whether the products use passwords, manage vulnerability, update for security frequently, encrypt all network communications, and make their privacy policies easily accessible and understandable. 

In this list Mozilla works to answer several questions: 

  • Can it spy on me?
  • What does it know about me
  • Can I control it?
  • Does the company show it cares about consumers?

As a tech junkie, I must admit that I enjoy many of the conveniences offered by some of these devices. I do, however, want to know exactly what information is being used so that I can make a choice as to using the device. An example: Our smartphones use location data; unless you turn the service off, they know every place you have been and can actually make predictions as to what you may do next. I was a bit taken aback the first time my Android phone showed me how long it would take to get someplace before I even asked it. Did I turn location services off? Temporarily. I missed the convenience of being told how long it would take to drive to my next appointment. I have read the privacy agreement provided by Google though and decided that I could accept their having this data. I feel better, though, knowing that they encrypt all the data as it goes to the servers that power this artificial intelligence (AI) technology and that I have to use passwords along with multi-factor authentication to access the information. I am taking that risk. 

You, however, may not want to take that risk. Knowing that an Amazon Echo or Google Home must listen to you all the time in order to answer all your needs may be too much for you. You may not feel comfortable with that Fredi baby monitor, which has been hacked in the past and has a default password of “123”. You may feel absolutely fine with knowing that your Fitbit fitness tracker connects to your smartphone or that the cool Parrot Bebop 2 drone uses an open Wifi network as it follows you around taking photos. All of you likely have varying comfort levels; you deserve to be well informed in order to make your choices. Mozilla helps us along with this. 

In the age of Cambridge Analytica, most of you now recognize the importance of your data. Companies and individuals may have both positive and nefarious usages for it. You deserve to know what you may be sharing. 

I highly suggest taking a look at the *Privacy Not Included Guide as you’re making your gift purchases this year.

https://foundation.mozilla.org/en/privacynotincluded/

Eduroam is here (and there, and everywhere)

Former Information Privacy Officer Geoff Nathan got firsthand experience with Wayne State’s new eduroam service this summer. Check out what he had to say.

— Michael Barnes


Wayne State University has joined the international consortium known as eduroam. Eduroam allows anyone with login credentials at member universities to log in to the network at any other member institution.

What does this mean?
It means that if you can log in to the Wayne State wireless network (the secure one), then you can log in to the wireless network at any other academic institution that is also a eduroam member. This means you have a secure Wi-Fi option at hundreds of universities, research institutes and more.

How well does it work?
Very well! This past summer I visited the University of Hawaii (Manoa campus)1,  Tartu University in Tartu, Estonia and Southern Illinois University Carbondale. While on the campus of each place I simply chose eduroam as the network I chose to connect to, entered my Wayne State credentials and immediately got access to their network.

The only drawback is that you may get a mysterious error about certificates, but this only means that the university has made a small configuration error, not that there is a real problem.

So next time you are visiting another academic institution around the world, you probably can use their secure Wi-Fi with your WSU AccessID and password.

Find a full list of every eduroam institution around the world (sorted by country) at eduroam.org/where/. There are over 500 eduroam institutions in the United States alone and there are additional institutions in nearly 100 other countries.


1 Yeah, I know. But I’m an alum. I lived there in the ’70s.

Welcoming our new Information Privacy Officer

Those who know me (or those who occasionally look at the blog listings on Today@Wayne) may know that after 15 years at Wayne State University, I announced my retirement this past spring. I was proud to serve as Wayne State’s first Information Privacy Officer and I’m confident that my successor, Michael J Barnes, will be able to do even more with the role. You already met him when he posted over the weekend about the nasty Equifax security breach. Please join me in welcoming him.

Thanks for reading this blog over the years. I may do a guest post from time to time, so this won’t be the last you hear from me. Now for a few words from Michael:

Hi all. I am an Associate Professor in the College of Fine, Performing & Communication Arts in the Maggie Allesee Department of Theatre and Dance, having served as the Artistic Director and on its Executive Committee since 2011. I’ve served on numerous committees at Wayne State and, as a member of the Academic Senate, served on the Facilities, Support Services, and Technology Committee. Before I came to Wayne State, I was faculty at the University of Miami in the Department of Theatre Arts, also teaching in their School of Law, and at Temple University. I’ve been obsessed with technology since I started learning on the original Macintosh computer.

I’ve worked with Geoff on a handful of projects in my time at Wayne State and I’m excited to become a member of the C&IT team and turn my passion for technology into a position where I can effect change. I’m taking over the ProfTech blog, so keep an eye out here for regular updates about university privacy and how faculty can best use technology resources. You can also reach me at mjbarnes@wayne.edu with questions or comments about university privacy.

Quick info about Wayne State’s cybersecurity

In the wake of the cyberattack on Equifax and the loss of the personal data of millions of U.S. citizens, I thought it would be interesting for the Wayne State community to know a bit more about cybersecurity on our campus.

Wayne State takes your privacy and the storage of your information very seriously. C&IT works constantly to make certain that all information is kept safe. It is a top priority to keep our employees information safe and to make certain that we uphold standards set by regulations like FERPA and HIPAA.

For a brief overview to understand the university’s methods of securing data, Director of Information Security Kevin Hayes shared the active controls utilized here at WSU:

  • Multiple layers of firewalls
  • Regular vulnerability scans check for malware and security issues on our central servers
  • Automatic blocking of new attackers and threats
  • Two-factor authentication for access to sensitive data
  • Manual reviews of servers, systems and processes to ensure data integrity

He also shared metrics to understand just how successful the firewall and security systems have been at Wayne State.

On a typical day, university firewalls block:

  • 187 million connections at the Internet edge
  • 8 million connections for residence halls and housing
  • 7 million connections at the data center
  • 1 million connections at our Disaster Recovery (DR) site
  • 300,000 connections for the President, Provost and Office of General Counsel
  • 200,000 connections for the WSU Police Department

In the month of Aug. 2017, the systems:

  • Dynamically blocked 2,844 attackers attempting to scan our network
  • Blocked 4,373 viruses and malware components
  • Prevented 482,316 outbound connections to other malicious destinations
  • Thwarted 91,793 hacking attempts

Yes, you read that correctly. There are close to 200 million attempts to hack into WSU systems in one day. When I first heard these figures, I was shocked. In our modern world, it is virtually impossible keep information about you completely private. Rest assured, WSU does everything possible to make certain that we are never the source that compromises your personal privacy.

Lessons from the Wannacry Ransomware Attack

My colleague and acquaintance, Bruce Schneier, wrote a good article about what we can learn from the Wannacry attacks of last month. It’s both in the Washington Post and the Metrowest Daily News (the WP article is behind a paywall for me, but you may be able to read it).

P.S. I have recently retired, but will occasionally return to post on important issues related to security and privacy.

What should we do after Congress repealed the privacy law?

I have received many questions from my friends about what to do now that Congress voted to repeal the online privacy rules created last October by the Obama administration.

The first thing to do is to avoid panic. Those privacy laws never took effect, so I believe we are now no worse off than we were before last October, although some commenters are disputing this.

What did the proposed regulations do? They would have forbidden your internet service provider (ISP) from collecting and using data of your online activities. Particularly from selling that data to other merchants (such as Amazon or Facebook).

When you browse the web from home (or from your phone) your ISP (Comcast, AT&T, WOW, Verizon etc.) routes your traffic from your device to the website you are visiting. That information is, of course, stored by your provider and can be aggregated and sold to the highest bidder. And, of course, if the information is stored, it can be subpoenaed, seized through a national security letter or stolen and sold online to somewhat less reputable people than Comcast.

And all of these things have happened already (Schneier’s article cites real examples):

What can you do to prevent your ISP from seeing where you browse and what websites you look at?

The best solution is to use a Virtual Private Network (VPN). A VPN is like a tunnel that routes all your internet browsing through a neutral pathway so that nobody outside the tunnel can see it. Your browsing is encrypted from your computer to the entrance to the tunnel and outsiders can only see traffic from the tunnel to your target website. Thus nobody can tell where you are browsing.

VPN’s were developed to permit protected information being transmitted across the web. If you are a Wayne State employee you can use the Wayne State VPN. If you do so, your computer (or smartphone — the VPN works with those too) talks only to Wayne State, effectively making it part of the Wayne State network. But any browsing traffic (or downloading) is encrypted, so that nobody can snoop on it (with the possible exception of the NSA, although there is some dispute about whether even they can break 64 bit encryption). You can learn about, and use the Wayne State VPN here: computing.wayne.edu/vpn.

Even if you’re not worried about Comcast or AT&T snooping on your web activities, there are good reasons to use the VPN, particularly if you are not at home. Random Wi-Fi connections in public places are notoriously vulnerable to snooping, and the VPN will protect your laptop or smartphone there. And, of course, I have written over the years about international travel and the possibility that other governments might watch over your shoulder to read your email or other activities. A few countries (China in particular) attempt to block the use of VPN’s, although they generally leave universities alone.

When you use a VPN all traffic from your computer to the website you are looking at goes through the Wayne State (or alternative–more below) first, and is encrypted from your computer to the target website. That means if someone snoops on your computer all they see is encrypted  traffic from you to Wayne State. They can’t see where you are browsing.

Here’s a diagram of what happens when you DON’T use a VPN:

 

And here’s a diagram of what happens when you DO use a VPN:

 

 

It should be said that for older machines and slower network connections there might be a slowdown in how fast a page loads, and we don’t recommend using the VPN for streaming movies.

One last thing: be aware that when you visit a website whose URL begins with https: any text you transmit to that site is encrypted, but any site that begins http: is not encrypted. In addition, sites with https: are authentically what they say they are. You can tell this because there is a green padlock in the address bar, and the text sometimes includes the name of the company.

If you don’t have access to Wayne State’s VPN there are .alternatives. Kevin Hayes, our Chief Information Security Officer recommends not using the various free VPN’s on the market, pointing out that ‘if you are not paying, you are not the customer’. However,  PC Magazine has a rating of various commercial VPN options here: pcmag.com/article2/0,2817,2403388,00.asp.

Yes, the IT Services Survey is real—and I’m glad you asked

Much of the campus received a message earlier this week to fill out an IT Services Survey. I have been contacted by many people asking whether the survey was legitimate, or whether it was a phishing attack.

Let me first say that I very much appreciate folks asking me whether this is real. It means our training is having an effect and people are learning to be skeptical of email messages that ask them to click on things. That is exactly the right attitude to have!

That said, let me point out a couple of telltale indicators that this message is real:

If you hover over the link that is provided, a tiny window will pop up (on Firefox it appears in the bottom left corner) showing the actual URL that you will go to if you click the link. Always hover over a link if you are suspicious. If the pop-up address and the one visible in the actual message match, then you are about to go to the website claimed. In this case, the website belongs to techqual, a company many of you already know about — it’s Wayne State’s source for running this survey. Here is a screenshot of what that looks like in my Wayne Connect mailbox — the arrow points to the popup URL.

 


If you are interested in learning more about how to recognize phishing emails, our Chief Information Security Officer, Kevin Hayes and I will be conducting anti-phishing training on Thursday, March 23, at 11 a.m. in the Purdy-Kresge Auditorium. Come and learn all the telltale signs of phishing emails and why we keep getting these attacks. And, of course, what you can do to protect yourself. No advance registration and no technological knowledge is required. Learn more at events.wayne.edu.