HLS Risk and Security Summer Advisory June 12, 2013
Posted by ijohnson in : HLS Faculty, HLS Staff, Security , add a commentGreetings All,
Now that graduation has passed I would like to remind everyone of a few things concerning risk and security.
Privacy and the compromise of electronic communications are in the news lately, but remember that breaches of physical security can compromise sensitive records, often easier than obtaining digital records. Please keep these tips in mind:
- If you are leaving for the day, clear your desk of all sensitive materials and lock them in cabinets or drawers, and lock your office door.
- You should also close and lock your office door if you will be away and not within sight of it
- If you have cabinets that are built into or placed in hallways, make sure that they are locked at all times. It is very easy for a passerby to look, find, and remove paperwork without anyone noticing because of the hallway placement
- If the cabinets are labeled, keep the labeling system a simple alphabetic one. Avoid using names and titles on the drawers that can easily identify and draw attention to those materials
Thanks for your cooperation, and have a safe and happy summer,
Bob McCarthy, CISSP
IT Risk and Security Administrator
Harvard Law School
WCC B036
1585 Massachusetts Ave.
Cambridge, MA 02138
(617) 496-0753
“The shaft of the arrow had been feathered with one of the eagle’s own plumes.
We often give our enemies the means of our own destruction.” – Aesop
Wasserstein Lab Summer Hours June 3, 2013
Posted by ijohnson in : Announcements, HLS Students , add a commentDear Students,
With commencement now behind us, the Wasserstein Student Lab hours will be shifting to the summer schedule. As such, the student lab will open at 9 AM and close at 5 PM, Monday through Friday.
Sincerely,
Ian J.
Student Help Desk Coordinator
Harvard Law School
Wasserstein Hall B020 (Student Lab)
1585 Mass. Ave.
Cambridge MA, 02138
617 495 9576
Open & Secure Advisory, 2nd Quarter 2013 May 28, 2013
Posted by ijohnson in : Announcements, HLS Faculty, HLS Staff, Security , add a commentDear members of the HLS community,
The following is an HLS ITS Open & Secure advisory. Our goal with these advisories is to report on information security issues in the hope that it helps change the way you use technology and make you better prepared to protect yourself. Should you have any question on the following, please call ITS at x50722 or email security@law.harvard.edu and check out the Open & Secure website and the Information Security blog.
Recent Breaches in Academia or the Legal Services Industry:
Walz and Associates Law Firm (Albuquerque, NM), January 28, 2013 Someone found hundreds of documents in a recycling center and notified a local news team. They included criminal histories, depositions, medical records, personal phone numbers, and addresses. The law firm said they were beyond old and didn’t need to be shredded, but the county took the responsibility to ensure that they were shredded.
LexisNexis, Sprechman & Associates (Miami, FL), February 22, 2013 LexisNexis notified Sprechman & Assoc. that they had to block an associates access due to unusual and excessive activity. It was determined that the associate used their access to misuse SSNs to file over $11 million dollars in fraudulent tax refund claims. 20,000 records were affected.
Tips and reminders:
False Harvard IT/HUIT emails:
- There continue to be reports of emails claiming to be from the Harvard IT department requesting information from users. These usually claim that you need to do this to keep your account from being locked out
- These are phishing scams. If there were a legitimate issue with your account, HLS ITS and HUIT would send out an email as an initial contact, but we wouldn’t send a link for you to click on to resolve the issue. Someone would follow up the email to assist you.
Smishing
- SMS Messaging (Text messages) sent to a person’s phone and directs them to call a phone number that has an automated system set up to trick you into telling them your information or direct you to a typical phishing website to infect your machine or trick you into giving over your information.
- Beware of unsolicited texts that may appear to come from legitimate stores or banks. Many come from “5000” which means it came from an email account and not a phone number.
Information security events for the period of 1/1/2013 to 3/31/2013
- Number of Digital Millennium Copyright Act (DMCA) violations reported to HLS – these relate to the illegal copying of protected digital material – 5 (no change)
- Number of HLS computers that were infected by a virus – 24 (53% decrease)
- Number of emails infected with viruses that were stopped before they were delivered to HLS – 18,823
- Number of SPAM messages that were diverted before delivery to HLS – 1,270,687
Thanks for your help,
Bob McCarthy, CISSP
IT Risk and Security Administrator
Harvard Law School
WCC B036
1585 Massachusetts Ave.
Cambridge, MA 02138
(617) 496-0753
“The shaft of the arrow had been feathered with one of the eagle’s own plumes.
We often give our enemies the means of our own destruction.” – Aesop
Microsoft Office 2010 Available May 23, 2013
Posted by ijohnson in : Announcements, HLS Students , add a commentDear Students,
The Student Help Desk now has Microsoft Office 2010 available for students with Windows based laptops. For students who have not yet received a free copy (installed by our staff from a USB flash drive), please come down to the Student Help Desk.
We are located in the basement of Wasserstein Hall (B020), and business hours are from 8:30 AM to 7 PM, M-F. For students who have already received a copy of Office 2007, you have the option of upgrading to Office 2010 at no charge.
Thank you,
The ITS Team
Helios Maintenance April 23, 2013
Posted by ijohnson in : Uncategorized , add a commentDear Students,
The Helios upgrade today has been completed and the system is once again available for your use.
Thank you for your patience during the upgrade/maintenance process.
Sincerely,
The ITS Team
Gmail service outage April 17, 2013
Posted by mmatturro in : Outages & Notifications, Uncategorized , add a commentDear members of the HLS community,
This note is to let you know that Google’s Gmail service is currently experiencing some intermittent outages. This issue is affecting all Gmail users – people with a personal Gmail account as well as people with an account through Harvard (HLS or any other parts of Harvard).
What is affected:
All Gmail services – consumer accounts and all Harvard Gmail accounts.
What you need to do:
No action needed. We just need to wait for Google to resolve these issues.
Please contact the ITS help desk at x.5-0722 if you have any questions.
Thank you,
The ITS Team
This information has also been posted on our ITS Community Support Blog: http://blogs.law.harvard.edu/hlshelp
Un-scheduled Interruption of Myrooms.law.harvard.edu April 16, 2013
Posted by mmatturro in : Outages & Notifications, Uncategorized , add a commentDear members of the HLS IT user community,
This note is to let you know that we are still experiencing an un-scheduled interruption of Myrooms.law.harvard.edu. ITS is working on the issue and will send an update once the issue is resolved.
Thank you,
The ITS Team
This has also been posted to our HLS Community Support Blog: http://blogs.law.harvard.edu/hlshelp
Un-scheduled interruption of several applications – Update April 15, 2013
Posted by mmatturro in : Outages & Notifications, Uncategorized , add a commentDear members of the HLS Community,
This note is to let you know that we have resolved the issues from last night’s unexpected outage for several Microsoft SQL applications.
What was affected:
CMS, Myrooms, SeatGen, Business Objects and Pfaids
What you need to do:
If you are still experiencing an issue this morning with the applications listed above, please try to reboot your computer. If you continue to have problems after rebooting please contact the ITS help desk at x.5-0722. We apologize for any inconveniencethis may have caused.
Thank you,
The ITS Team
This information has also been posted on our ITS Community Support Blog: http://blogs.law.harvard.edu/hlshelp
~~~~~~
Dear members of the HLS IT user community,
This note is to let you know that we began experiencing an un-scheduled interruption of several applications (CMS, Myrooms, SeatGen, Business Objects and Pfaids) starting at 7:55pm. ITS is working on the issue and will send an update once the issue is resolved.
Thank you,
The ITS Team
This has also been posted to our HLS Community Support Blog: http://blogs.law.harvard.edu/hlshelp
Unscheduled Email Outage Resolved February 14, 2013
Posted by mmatturro in : Outages & Notifications, Resolved , add a commentWhat was affected:
Open & Secure Advisory, 1st Quarter 2013 February 12, 2013
Posted by ijohnson in : HLS Faculty, HLS Staff, Security , add a commentDear members of the HLS community,
The following is an HLS ITS Open & Secure advisory. Our goal with these advisories is to report on information security issues in the hope that it helps change the way you use technology and make you better prepared to protect yourself. Should you have any question on the following, please call ITS at x50722 or email security@law.harvard.edu and check out the Open & Secure website and the Information Security blog.
Recent Breaches in Academia (from www.privacyrights.org):
Pepperdine University, December 11, 2012 An employee had left a University laptop in their locked car and it was stolen from the car. The data on the laptop may have included names, SSNs, addresses, and/or date of birth. The laptop was used for IRS related information and had information dating back to 2008, and approx 75% of those affected were students.
This is an example of why HLS policy states high risk confidential information and/or confidential information are not to be stored on laptops. But if a laptop is used for field work, such as clinical or research work, the laptop must be encrypted and the data moved to HLS secure network storage as soon as possible.
Stanford University, 4th Breach: January 9, 2013 Packard Children’s Hospital had 57,000 patients information exposed when an unencrypted laptop was stolen from a physician’s car. Previously, in August 2012 Stanford Hospitals & Clinics and the School of Medicine had 2,500 exposed when an unencrypted laptop was stolen from a physician’s locked office. In September 2011 Stanford Hospitals & Clinics reported 20,000 records exposed when they were inadvertently posted to a website, and in January 2010 Packard Children’s Hospital reported 532 records exposed when a computer was lost.
Tips and reminders:
False HUIT emails:
- Several members of HLS have received emails that are supposedly from the HUIT Help Desk stating that their email account was sending out numerous SPAM emails and that they needed to click on a link to confirm their account.
- This is a phishing scam as neither HUIT nor HLSIT/Security would send out an email with a link like that.
Drive-by Downloads:
- Any virus, trojan, or other malware downloaded to your computer when you visit a website without your knowledge.
- The best defense against this is making sure that your browser has the latest updates and patches and avoiding questionable websites.
Information security events for the period of 10/1/2012 to 12/31/2012
- Number of Digital Millennium Copyright Act (DMCA) violations reported to HLS – these relate to the illegal copying of protected digital material – 5
- Number of HLS computers that were infected by a virus – 51
- Number of emails infected with viruses that were stopped before they were delivered to HLS – 12,842
- Number of SPAM messages that were diverted before delivery to HLS – 1,249,077
Thanks for your help,
Bob McCarthy, CISSP
IT Risk and Security Administrator
Harvard Law School
WCC B036
1585 Massachusetts Ave.
Cambridge, MA 02138
(617) 496-0753