Communications - University Technology Services

Communication on planned system maintenance, service disruptions, or security threats are located on the UTS homepage. Early notifications enable users to plan their activities accordingly, minimize inconvenience, and enhance user satisfaction.

Campus messages from the Office of the CIO are sent out to the campus community to promote efficiency, transparency, and collaboration. Other communication channels from University Technology Services include monthly IT meetings, email lists and the MySAIL portals to ensure that messages reach the intended audience promptly. Utilizing these channels for regular updates and targeted announcements improves information accessibility and visibility.

Our communication goal is to;

Provide consistent communication channels
Maintain clarity and simplicity in IT communication messages
Provide timely notifications
Foster two-way communication
Enhance IT services' overall effectiveness and user experience

Emphasizing these strategies will help build stronger relationships between IT teams and the university community that will contribute to the achievement of academic and operational excellence.

2023

Social Engineering Attacks Warning

Monday, November 13, 2023

To the campus community,

Faculty and staff are advised to be aware of recent social engineering attacks that target individuals who work at service desks and help desks. In these attacks, callers claim to be an actual person at the business or institution. They frequently gather information by doing deep background research into an employee's location, schedule, etc. Upon establishing a false identity, malicious callers attempt to coerce information or action from the service or help desk staff member who took the call.

They may ask to reset a password or alter a dual authentication process, for example, in order to gain access to otherwise secure resources. These types of attacks often occur at busy times of day. At OU, this may include class start times, peak meeting times, the end of a workday, etc., in order to create a false sense of urgency. Ways to mitigate these types of attacks include:

Verifying the person is whom they claim to be by asking to call their office number to continue the conversation;
Requesting a video chat with the person and having them display ID during the call;
Directing the caller to self-service tools such as an online password reset procedure whenever feasible;
Never sharing or bypassing security controls including passwords or Duo authentication;
Subscribe to our email list
Reporting suspicious behavior to UTS; and
Helping to ensure that all all employees, including student workers, are aware of this attack vector and how to respond.

Faculty and staff interested in learning more about information security are encouraged to complete the online Security Awareness Training. The university appreciates the understanding and vigilance of campus community members as it works to protect sensitive information and vital resources.

Improving OU's Technology Services

Wednesday, September 6, 2023

Colleagues,

Oakland is designing a new operating model for technology services that will best serve the current and future needs of the campus community. Over the past serval months, our partner, BerryDunn, has met with many people here at OU to better understand our current environment and technology needs. They are now interested in gathering critical information from students, faculty and staff. To collect perspective regarding the strengths, challenges and opportunities to improve OU's current technology services, BerryDunn is providing a brief, 10-minute, online survey that seeks your views on current technology and opportunities to improve their delivery both on-campus and remotely.

We request and strongly encourage you to complete the survey no later than Friday, September 15.The BerryDunn team will also facilitate onsite and remote sessions to gather OU community perspectives during the weeks of September 11, 18 and 25. We encourage you to participate in these events as well. If you have questions about this initiative, please email [email protected]. We look forward to your participation and insight throughout this effort.

Sincerely,

Bhavani Koneru
Chief Information Officer

BerryDunn University Recommendations

Tuesday, June 6, 2023

Colleagues,

As we shared with you late last month, OU is partnering with BerryDunn, an independent consulting firm experienced in higher education transformations, to evaluate university IT operating models and enhance the quality of the university's technology services. Unfortunately, a previous communication regarding a university-wide town hallevent focusing on this project included an incorrect location for the meeting. It will take pace from 10:45 a.m. to noon on Thursday, June 8, in the Oakland Center Ballrooms. All University personnel are welcome to participate. At the conclusion of a comprehensive study, BerryDunn will provide the university with recommendations related to the IT services needed to support campus needs.If you have any questions about this project or Thursday's town hall, please contact us at [email protected].

Sincerely,

Bhavani Koneru
Chief Information Officer

Fraudulent Internship Phishing Emails

Friday, June 2, 2023

To the campus community,

The university has learned that fraudulent email messages that appear to come from the university are targeting students who are led to believe they are receiving a check providing funds to purchase office supplies tied to an internship or student employment. Unfortunately, these messages appear to come from a legitimate Oakland email address ending in “.edu.” Students are reminded, however, that legitimate work and internship arrangements will never be made utilizing checks sent in email messages. On a broader level, red flags to consider when receiving any unanticipated communication include:

Requests for credit card or bank account numbers, social securitynumbers or driver’s license information;
Requests to set up a local business office or remote workspace andpurported financial arrangements to enable this;
Requests for an initial investment, offers of large payments or rewards, ordirections to deposit checks or transfer money;
Any urgent requests for information, funding or other resources in order totake advantage of a limited opportunity;
Offers of remarkably lucrative positions;
Any unsolicited offers of employment or financial gain, even if they appearto come from a known and trusted institution; and
Any communication that seems suspicious, unusual or simply too good tobe true.

For more information on how to avoid phishing scams, visit the UTS Phish Tank webpage.

BerryDunn Town Hall

Friday May 26, 2023

Colleagues,

In partnership with BerryDunn, an independent consulting firm experienced in higher education transformations, OU has begun evaluating IT operating models in an effort to enhance the quality of technology services being provided to the campus community. On June 8 and 9th, the BerryDunn team will be on-site at Oakland conducting project kick-off meetings with University leadership and conducting several townhall meetings to provide the project details and their approach and also answer any questions from campus stakeholders. A university-wide town hall and/or open-forum will be conducted from 10:45a.m. to noon on June 8 in the Banquet room in Oakland Center and all University personnel are welcome to join.

The input and perspective of stakeholders such as yourself will help Oakland ensure the best possible outcome for the institution. Following the on-site sessions, IT Staff will receive a survey from BerryDunn regarding their current role(s) and responsibilities. It will also ask for perspective on opportunities for improvement for technology services at OU going forward. In order to gain a diverse perspective BerryDunn will then conduct follow-up interviews and focus groups with IT staff students, faculty, and staff across campus.

These activities are planned for the end of June and more information will be provided in the coming weeks. At the conclusion of this work, BerryDunn will provide the University with recommendations related to the IT services needed to support campus needs. This includes the skill sets needed to effectively provide those services and an organizational structure to strengthen integration and collaboration of existing IT personnel. If you have any questions about this project, please contact us at [email protected]. We look forward to your participation in this project.

Sincerely,

Bhavani Koneru
Chief Information Officer

Fraudulent Internship Phishing Scam

Friday, March 17, 2023

To the campus community,

The university has learned that many students are receiving fraudulent email messages that appear to come from university academic departments. These messages offer students remote internship opportunities and encourage them to respond to receive additional information. The sender then forwards a fraudulent check for $2,000 or more to be deposited into a bank account and used to purchase computer equipment purportedly necessary for the position. Unfortunately, both the sender and the equipment provider are behind the scam.

At least one student spent more than $1,000, and victims may be held responsible for repaying banks any funds used in attempts to buy equipment. Importantly, these communications are coming from a foreign email address ending in “edu.vn” or “edu.sa” rather than from a legitimate Oakland address ending simply in “.edu.”Students are reminded that legitimate work and internship opportunities can be found on Handshake and that they should not apply for university affiliated positions by other means. On a broader level, red flags to consider when receiving any unanticipated communication include:

Requests for credit card or bank account numbers, social security numbers or driver’s license information;
Requests to set up a local business office or remote workspace and purported financial arrangements to enable this;
Requests for an initial investment, offers of large payments or rewards, or directions to deposit checks or transfer money;
Any urgent requests for information, funding or other resources in order to take advantage of a limited opportunity;
Offers of remarkably lucrative positions;
Any unsolicited offers of employment or financial gain, even if they appearto come from a known and trusted institution; and
Any communication that seems suspicious, unusual or simply too good tobe true.

For more information on how to avoid phishing scams, visit the UTS Phish Tank webpage.

Security Awareness Training Program

Thursday, February 16, 2023

Colleagues,

Because there is no reduction in the number or type of attempts to steal sensitive personal and institutional data, University Technology Services (UTS) is once again strongly encouraging all faculty and staff to take advantage of our online Security Awareness Training program. Offered in partnership with SANS, an industry leading training organization, this program provides participants with knowledge and resources to help side step increasingly deceptive attacks carried out through tactics such as phishing and social engineering. The training takes about an hour to complete and can be managed in increments of as little as three minutes. You can access Security Awareness Training using your NetID username and password at https://oakland.litmos.com.

In conjunction with this initiative, UTS will continue to distribute simulated, non-harmful data security attacks in order to gain valuable information on existing

vulnerabilities and how to strengthen the protective measures we have in place. We appreciate your participation in this important security initiative.

Sincerely,

Bhavani Koneru
Chief Information Officer

2022

Work time and leave reporting in the enhanced Sail environment

Wednesday, November 23, 2022

To the campus community,

The close of the first work month to be affected by a major upgrade to the Sail interface is quickly approaching.

To help ensure that faculty and staff are able to easily report work and leave time for November in the enhanced Sail environment, as well as to ensure that supervisors can easily review and approve submitted leave reports and time sheets, the following instruction guides are available:

After viewing these detailed guides, those with questions or concerns about Sail's improved reporting and approval processes should contact the Payroll Department.

Advisory on Google Drive phishing scams

Wednesday, November 16, 2022

To the campus community,

We are urging all students, faculty and staff to be aware of and vigilant in avoiding a recent influx of phishing scams involving shared Google Drive resources such as documents, spreadsheets and PDF files.

Upon receiving standard notifications from Google that a resource has been shared with them, recipients of these attack messages are asked to provide their NetID credentials to gain access. The following tips can help prevent recipients from falling prey to these phishing attempts.

Never provide sensitive information such as passwords or Duo authentication codes via a Google document or form.
Never attempt to access shared resources unless they are expected and provided by a known colleague.
Report suspicious or unexpected messages as phishing in webmail using the process documented in UTS’ Phish Tank.

Anyone concerned about having mistakenly attempted to gain access to a fraudulently shared Google resource should change their NetID password at netid.oakland.edu and immediately notify University Technology Services at [email protected].

Those wishing to learn more about these and other phishing attacks are encouraged to visit the Fresh Phish section of Phish Tank. Faculty and staff are also encouraged to complete OU’s Security Awareness Training.

We appreciate the awareness, cooperation and vigilance of students, faculty and staff striving to keep the campus community safe from cyber attacks.

Sincerely,

Bhavani Koneru
Chief Information Officer

Implementation of phishing awareness campaign

Tuesday, August 2, 2022

Colleagues,

In conjunction with ongoing efforts to protect sensitive institutional information, University Technology Services (UTS) will soon conduct phishing awareness campaigns involving all faculty and staff.

These campaigns will simulate email attacks by malicious senders. Unlike real world attacks, however, messages will not pose a security risk to sensitive information.

In the event you interact with a UTS phishing awareness email – by clicking on a link, for example – you will be redirected to a secure site that provides feedback on how to better identify and avoid falling prey to malicious emails.

To prepare yourself to appropriately respond to both simulated and actual information security threats, we would like to encourage you to complete the 4-minute Email and Phishing Training module of OU's Security Awareness Training if you haven’t already done so. You can access it using your NetID username and password.

We appreciate your participation in this important security initiative.

Sincerely,

Bhavani Koneru
Chief Information Officer

Launch of information security awareness training

Tuesday, July 12, 2022

Colleagues,

Protecting Oakland University's institutional information – including human resources, student, personal, research and academic data – continues to be a top priority.

Studies show that 85% or more of data breaches occur as a result of responses to deceptive messaging attacks such as phishing and social engineering. In order to mitigate this threat, University Technology Services (UTS) wants to ensure that you have access to resources that allow you to protect both the institution and yourself in a digitally connected world.

As part of our multi-year security initiative, UTS is excited to share that we have partnered with SANS, an industry leading training vendor, to make Security Awareness Training available to all faculty and staff. This highly focused, self-paced training takes about an hour to complete and can be managed in increments of as little as three minutes.

You can access Security Awareness Training using your NetID username and password at https://oakland.litmos.com.

We appreciate your participation in this important security initiative.

Sincerely,

Bhavani Koneru
Chief Information Officer

2021

Increased security for university sign-on services

Thursday, October 28, 2021

Colleagues,

Protecting Oakland University's institutional information – including human resources, student, personal, research and academic data – continues to be a top priority.

In order to meet our information security obligations and, particularly, to address the growing and continuously evolving threat of cyber attacks, we are preparing to take a major step forward with multi-factor authentication (MFA).

Starting this fall, we will expand current use of the Duo MFA sign-on process to include all faculty and staff and all university sign-on services, including Webmail and MySail. This change will significantly increase our protection from unauthorized access by requiring a level of user verification beyond simply entering one's password.

Those of you already using Duo MFA will not need to take action other than to begin using this sign-on process as it is made available for additional online services. Those of you unfamiliar with Duo MFA will need to enroll in order to utilize it. The UTS Duo Enrollment Quick Start Guide explains how.

At this time, the university's Duo MFA licensing is limited to faculty and staff. As such, we ask you to not share application links or information with the student community.

Thank you in advance for your participation in this critical security upgrade. Please rest assured that UTS will provide additional information as we get closer to the Duo MFA expansion implementation date, which we plan to share with you soon.

Sincerely,

Bhavani Koneru
Chief Information Officer