Communications

Thursday, February 6, 2025

To all OU community members,

University Technology Services (UTS) would like to provide an important security reminder regarding the Duo multi-factor authentication the university uses to secure many campus online services.

In order for Duo to effectively protect your account, it is important that you:

• Only approve a Duo request when you are actively logging in. You should never approve a request unless you are absolutely sure it is for your own log on.
• Do not share Duo passcodes. Oakland University staff will never ask you for passwords or passcodes.
• Report fraudulent activity. If you receive an unrecognized Duo voice prompt, select the option presented to report fraud.
• Report any suspicious activity on your account to the Help Desk.

UTS provides the following resources to help you maintain a secure account:

• Phishing and Social Engineering Awareness for faculty, staff, and students
• Security Awareness Training for faculty, staff, and student employees
• Security Baselines that document how to secure devices
• Remote Work Guidance on how to work securely when off-site
• Phishing Awareness with tips on how to spot phishing emails

Sincerely,

Bhavani Koneru
Chief Information Officer

On July 24th University Technology Services will be making a security enhancement to the DUO Mobile App.

What will be changing:
UTS will require time-based one-time passcodes (TOTP) moving forward. When using a TOTP passcode, you'll see a 30 second countdown indicator underneath the passcode. If you don't use that passcode before it expires then the account refreshes with a new passcode and the countdown begins again.

How to prepare for this upcoming change:
You must ensure your DUO Mobile App version is v4.49.0 or higher. You may confirm your version by following the steps below:

Android
To see which version of Duo Mobile is installed on your device, go to the Android Settings menu, tap Apps, then scroll down and tap Duo Mobile. The "App Info" screen shows the version.
https://guide.duo.com/android

iPhone
To see which version of Duo Mobile is installed on your device, open Duo Mobile and tap the menu icon. The app version will be displayed in the bottom left corner.
https://guide.duo.com/iphone

Upgrading DUO Mobile:
Please visit your devices app store to upgrade Duo Mobile.

If you do not upgrade the DUO Mobile App to version v4.49.0 or higher, the DUO Mobile App’s one-time passcode generator will no longer work.

If you are already on DUO Mobile App version v4.49.0 and above then you are ready for the change and there's nothing more you need to do.

If you are unable to upgrade due to an unsupported phone or Operating system, you may request a DUO Hardware Token by submitting the DUO Token Request form at forms.oakland.edu. Please be advised, a Duo Token is only necessary if you are unable to use Duo Push, which automatically prompts you for multi-factor authentication.

If you need help upgrading or have any questions please reach out to the OU Helpdesk at [email protected].

For more information, please visit: https://guide.duo.com/iphone#passcodes

Thank you,
Information Security Office

Wednesday, May 15, 2024

Colleagues,

We are excited to announce that a new MySail portal is now available. During a transition toward full utilization of this new platform, both the old version and the new version will be accessible.

In the new MySail portal, many updated tools and features will allow students to streamline their college experience planning – from registering for classes and getting financial aid information to accessing personal account information. Faculty and staff will also be able to use these tools and features to maximize their experience.

To ensure a smooth transition, all of the items available in the old version of the MySail portal are also available in the new version. An advantage is that the new version comes with many new features, such as a light and dark view, and drag-and-drop functionality to arrange available information in a way that best fits individual user needs.

Those ready to explore the new MySail portal and start personalizing their own dashboard can get started now. We hope you enjoy this new online resource.

Sincerely,

Bhavani Koneru
Chief Information Officer

Monday, November 13, 2023

To the campus community,

Faculty and staff are advised to be aware of recent social engineering attacks that target individuals who work at service desks and help desks. In these attacks, callers claim to be an actual person at the business or institution. They frequently gather information by doing deep background research into an employee's location, schedule, etc. Upon establishing a false identity, malicious callers attempt to coerce information or action from the service or help desk staff member who took the call.

They may ask to reset a password or alter a dual authentication process, for example, in order to gain access to otherwise secure resources. These types of attacks often occur at busy times of day. At OU, this may include class start times, peak meeting times, the end of a workday, etc., in order to create a false sense of urgency. Ways to mitigate these types of attacks include:

• Verifying the person is whom they claim to be by asking to call their office number to continue the conversation;
• Requesting a video chat with the person and having them display ID during the call;
• Directing the caller to self-service tools such as an online password reset procedure whenever feasible;
• Never sharing or bypassing security controls including passwords or Duo authentication;
• Subscribe to our email list
• Reporting suspicious behavior to UTS; and
• Helping to ensure that all all employees, including student workers, are aware of this attack vector and how to respond.

Faculty and staff interested in learning more about information security are encouraged to complete the online Security Awareness Training. The university appreciates the understanding and vigilance of campus community members as it works to protect sensitive information and vital resources.

Wednesday, September 6, 2023

Colleagues,

Oakland is designing a new operating model for technology services that will best serve the current and future needs of the campus community. Over the past serval months, our partner, BerryDunn, has met with many people here at OU to better understand our current environment and technology needs. They are now interested in gathering critical information from students, faculty and staff. To collect perspective regarding the strengths, challenges and opportunities to improve OU's current technology services, BerryDunn is providing a brief, 10-minute, online survey that seeks your views on current technology and opportunities to improve their delivery both on-campus and remotely.

We request and strongly encourage you to complete the survey no later than Friday, September 15.The BerryDunn team will also facilitate onsite and remote sessions to gather OU community perspectives during the weeks of September 11, 18 and 25. We encourage you to participate in these events as well. If you have questions about this initiative, please email [email protected]. We look forward to your participation and insight throughout this effort.

Sincerely,

Bhavani Koneru
Chief Information Officer

Tuesday, June 6, 2023

Colleagues,

As we shared with you late last month, OU is partnering with BerryDunn, an independent consulting firm experienced in higher education transformations, to evaluate university IT operating models and enhance the quality of the university's technology services. Unfortunately, a previous communication regarding a university-wide town hallevent focusing on this project included an incorrect location for the meeting. It will take pace from 10:45 a.m. to noon on Thursday, June 8, in the Oakland Center Ballrooms. All University personnel are welcome to participate. At the conclusion of a comprehensive study, BerryDunn will provide the university with recommendations related to the IT services needed to support campus needs.If you have any questions about this project or Thursday's town hall, please contact us at [email protected].

Sincerely,

Bhavani Koneru
Chief Information Officer

Friday, June 2, 2023

To the campus community,

The university has learned that fraudulent email messages that appear to come from the university are targeting students who are led to believe they are receiving a check providing funds to purchase office supplies tied to an internship or student employment. Unfortunately, these messages appear to come from a legitimate Oakland email address ending in ".edu." Students are reminded, however, that legitimate work and internship arrangements will never be made utilizing checks sent in email messages. On a broader level, red flags to consider when receiving any unanticipated communication include:

• Requests for credit card or bank account numbers, social security numbers or driver's license information;
• Requests to set up a local business office or remote workspace andpurported financial arrangements to enable this;
• Requests for an initial investment, offers of large payments or rewards, ordirections to deposit checks or transfer money;
• Any urgent requests for information, funding or other resources in order totake advantage of a limited opportunity;
• Offers of remarkably lucrative positions;
• Any unsolicited offers of employment or financial gain, even if they appearto come from a known and trusted institution; and
• Any communication that seems suspicious, unusual or simply too good tobe true.

For more information on how to avoid phishing scams, visit the UTS Phish Tank webpage.

Friday May 26, 2023

Colleagues,

In partnership with BerryDunn, an independent consulting firm experienced in higher education transformations, OU has begun evaluating IT operating models in an effort to enhance the quality of technology services being provided to the campus community. On June 8 and 9th, the BerryDunn team will be on-site at Oakland conducting project kick-off meetings with University leadership and conducting several townhall meetings to provide the project details and their approach and also answer any questions from campus stakeholders. A university-wide town hall and/or open-forum will be conducted from 10:45a.m. to noon on June 8 in the Banquet room in Oakland Center and all University personnel are welcome to join.

The input and perspective of stakeholders such as yourself will help Oakland ensure the best possible outcome for the institution. Following the on-site sessions, IT Staff will receive a survey from BerryDunn regarding their current role(s) and responsibilities. It will also ask for perspective on opportunities for improvement for technology services at OU going forward. In order to gain a diverse perspective BerryDunn will then conduct follow-up interviews and focus groups with IT staff students, faculty, and staff across campus.

These activities are planned for the end of June and more information will be provided in the coming weeks. At the conclusion of this work, BerryDunn will provide the University with recommendations related to the IT services needed to support campus needs. This includes the skill sets needed to effectively provide those services and an organizational structure to strengthen integration and collaboration of existing IT personnel. If you have any questions about this project, please contact us at [email protected]. We look forward to your participation in this project.

Sincerely,

Bhavani Koneru
Chief Information Officer

Friday, March 17, 2023

To the campus community,

The university has learned that many students are receiving fraudulent email messages that appear to come from university academic departments. These messages offer students remote internship opportunities and encourage them to respond to receive additional information. The sender then forwards a fraudulent check for $2,000 or more to be deposited into a bank account and used to purchase computer equipment purportedly necessary for the position. Unfortunately, both the sender and the equipment provider are behind the scam.

At least one student spent more than $1,000, and victims may be held responsible for repaying banks any funds used in attempts to buy equipment. Importantly, these communications are coming from a foreign email address ending in "edu.vn" or"edu.sa" rather than from a legitimate Oakland address ending simply in".edu."Students are reminded that legitimate work and internship opportunities can be found on Handshake and that they should not apply for university affiliated positions by other means. On a broader level, red flags to consider when receiving any unanticipated communication include:

• Requests for credit card or bank account numbers, social security numbers or driver's license information;
• Requests to set up a local business office or remote workspace and purported financial arrangements to enable this;
• Requests for an initial investment, offers of large payments or rewards, or directions to deposit checks or transfer money;
• Any urgent requests for information, funding or other resources in order to take advantage of a limited opportunity;
• Offers of remarkably lucrative positions;
• Any unsolicited offers of employment or financial gain, even if they appearto come from a known and trusted institution; and
• Any communication that seems suspicious, unusual or simply too good tobe true.

For more information on how to avoid phishing scams, visit the UTS Phish Tank webpage.

Thursday, February 16, 2023

Colleagues,

Because there is no reduction in the number or type of attempts to steal sensitive personal and institutional data, University Technology Services (UTS) is once again strongly encouraging all faculty and staff to take advantage of our online Security Awareness Training program. Offered in partnership with SANS, an industry leading training organization, this program provides participants with knowledge and resources to help side step increasingly deceptive attacks carried out through tactics such as phishing and social engineering. The training takes about an hour to complete and can be managed in increments of as little as three minutes. You can access Security Awareness Training using your NetID username and password at https://oakland.litmos.com.

In conjunction with this initiative, UTS will continue to distribute simulated, non-harmful data security attacks in order to gain valuable information on existing

vulnerabilities and how to strengthen the protective measures we have in place. We appreciate your participation in this important security initiative.

Sincerely,

Bhavani Koneru
Chief Information Officer