Security

Setting a Complex Voicemail PIN to Improve Security

Posted June 6, 2017

Tags: ,



Effective Date: July 6, 2017

We're improving voicemail security by making sure that your voicemail PIN is complex enough to prevent unauthorized access.

After July 6, you will be required to set a new PIN the next time you sign in to your voicemail if your old PIN was not sufficiently complex.

Instructions

When you dial your voicemail on your phone after July 6, you will hear a prompt that says, "Your PIN has expired. You must reset your PIN. Enter a new PIN followed by #."

Enter a complex PIN. If your previous PIN was complex, you may reuse that PIN.

A complex PIN fits the following requirements:

  • Is 6-64 numbers long
  • Three or more numbers cannot be duplicated in succession (111222, 222222, etc.)
  • Three or more numbers cannot be sequential (123956, 321869, etc.)
  • Cannot include your phone extension

You can also set your new PIN by signing in with your NetID and password at voicemail.wheaton.edu.

You can learn more about your voicemail settings and call management options here. If you would like to receive your voicemails as an email attachment, you can request it by contacting us at ait.service.desk@wheaton.edu.

If you have any questions, please contact us at ait.service.desk@wheaton.edu or call 630.752.4357 (HELP).

Windows Security Update

Posted May 24, 2017

Tags: ,



Effective Date: May 24, 2017

We are deploying a security update to all College-owned Windows computers today, May 24.

This update contains the latest version of the Windows Malicious Software Removal Tool. It is being performed outside of our normal update schedule out of an abundance of caution.

This update detects and removes WannaCry, WannaCrypt, and EternalRocks malware worms.

We regularly patch and update College-owned computers to mitigate any potential large-scale malware attacks. The specific vulnerabilities exploited by WannaCry, WannaCrypt, and EternalRocks were patched in February and March of this year.

Instructions

You may see a popup on your computer asking you to restart in order to install required software. If you see this popup, please restart your computer to install this update and protect your computer.

If you have any questions or concerns, please contact Academic and Institutional Technology at ait.service.desk@wheaton.edu or call 630.752.4357 (HELP).

Firefox Update to Support Banner

Posted May 11, 2017

Tags:



Effective Date: May 15, 2017

All College-owned Windows computers with Mozilla Firefox installed were updated to version 52 ESR May 15. This version is compatible with Banner, while maintaining security standards.

Key Benefits and Features

Previously, updating Firefox to the newest version did not support Flash, Java, and Silverlight, which are necessary to use Banner. This update will allow you to use the newer version of Firefox, while also using Banner. This version of Firefox is more secure than older versions of Firefox.

Impact on College Community

  • On May 15, Firefox Version 52 ESR (Extended Release Edition) was automatically deployed on all College-owned Windows computers with Mozilla Firefox installed.
  • The update of Firefox does not allow you to save passwords, as it is more secure.
  • The update keeps your bookmarks and other settings.

If you have any questions or concerns, please email us at ait.service.desk@wheaton.edu or call 630.752.4357 (HELP).


Wheaton Employees Participate in Cybersecurity Training

Posted March 22, 2017

Tags: ,



Wheaton College faculty and staff are currently participating in cybersecurity training as part of the College's response to data security risks identified by GreyCastle Security.

GreyCastle Security performed a data security risk assessment at Wheaton College last fall. Their assessment identified security risks and also provided strategies to improve security and mitigate risks in the future.

"GreyCastle and other industry leaders advise that employees’ lack of training and awareness of appropriate data and information security behaviors is a primary contributor to increased risk and possible information breach," said Chief Information Officer Wendy Woodward in a February 23 email to faculty and staff. "To address this at Wheaton College, we have contracted with a top-rated security training tool, Securing the Human, to provide a learning opportunity for all employees who have access to College data."

Securing the Human training, which began on March 15, focuses on helping employees recognize and respond appropriately to suspicious websites, spam or phishing emails, suspicious websites, signs of a virus infection, and more. The training also helps employees understand what behaviors are risky and which are safer.

"One of the biggest threats of malware these days is ransomware," said Director of Infrastructure and Security Harvard Townsend. "Ransomware maliciously encrypts all your data…The criminals then demand a ransom in order for you to get your data back."

"We have had two instances of ransomware at Wheaton in recent history and I’ve seen numerous reports of ransomware outbreaks at other colleges and universities," said Townsend.

"Regular data and information security training is one way we can collectively become more aware and be on guard against these efforts," said Woodward.

Employees have until March 31 to complete Securing the Human cybersecurity training, though many employees have already completed training.

You can learn more about the training or log in to the training site here. If you have any questions or concerns, please contact Academic and Institutional Technology at 630.752.4357 (HELP) or by email at ait.service.desk@wheaton.edu.

Security Certificate Replacement for Campus Wireless

Posted March 7, 2017

Tags: , ,



Effective Date: March 10, 2017

On Friday, March 10 at 1 PM, we will replace the security certificate for WC-Internet. Replacing security certificates is a routine process where we re-certify every three years that the wireless network is safe and belongs to Wheaton College.

Once the new certificate is in place, you may see a popup that asks you to verify that you want to connect to WC-Internet or a warning that the certificate could not be validated when you connect a personally-owned device to the campus wireless.

If you see a message like this, please know that it is safe to connect.

Rationale

Why Security Certificates Matter

Security certificates ensure that you are communicating with the intended service provider. They prevent someone from maliciously pretending to be your bank, social networking site, or campus wireless network. They're issued by a trusted third party or certificate authority.

Security certificates have to be re-issued every three years or they expire. In this way, they work like a driver's license or other official ID. In order to get an official ID, you have to prove your identity to a trusted authority. After that, you have to renew your license or ID every few years so you have an up-to-date way to prove to others that you are who you say you are. Security certificates work the same way.

Up-to-Date Encryption Methods

Wireless security certificates encrypt the communication between your device and the network you're connecting to. Encryption works by translating your data into gibberish and only retranslating it when it gets to the correct location. This prevents someone from "eavesdropping" on the network and learning your password or other personal information.

This particular certificate renewal is especially important because we're replacing an outdated encryption method with a new one. The encryption methods used to scramble and protect data become outdated over time as people discover vulnerabilities or design flaws. When that happens, it's important to retire the outdated encryption method and switch to a new one so people can't exploit known vulnerabilities.

Impact on College Community

On Friday, March 10 at 1 PM, we will replace the security certificate for WC-Internet. Replacing security certificates is a routine process where we re-certify every three years that the wireless network is safe and belongs to Wheaton College.

Wireless Certificate ErrorWireless Certificate Error

Once the new certificate is in place, you may see a popup that asks you to verify that you want to connect to WC-Internet or a warning that the certificate could not be validated when you connect a personally-owned device to the campus wireless.

The message may look like one of the provided examples, or it may look different depending on the type of device you connect.

 

If you see a message like this, please know that it is safe to connect. Your computer's security system is warning you that the certificate is different than before as a precautionary measure.

In most cases, you would want to check with the service provider to make sure that the network or website you're connecting to is still safe. In this case, we're the service provider and we're letting you know that it's safe ahead of time.

If you have any questions or concerns, please contact us at 630.752.4357 (HELP) or by email at ait.service.desk@wheaton.edu.

Media Center