IT – News & Announcements

Microsoft Office 2019 campus rollout—important information and timeline

Michigan Tech IT is preparing to roll out this version to campus in the upcoming months.

Useful information

Office 2019 is available for Mac OS and Windows 10
Mainstream (non-paid) support for Office 2016 ends October 2020
There are almost no visual differences between Office 2016 and 2019
Office 2019 will be 64-bit, allowing for access to more system resources during calculations.
Some have reported having issues in the past with files not being compatible between Office 2016 and older versions of the software. Microsoft has stated that this is not an issue with Office 2019.
Like students, faculty and staff have access to Office 365, which automatically updates. More information is available at our Software Download Center.
Office 2016 is the last version of Microsoft Office that is compatible with Windows 7

Notes

We strongly encourage faculty and staff who rely on Office Add-ins to get involved with the testing and let us know about your experience.
Installing Office 2019 will uninstall any other versions of Office installed. You cannot run multiple versions at the same time.
Existing Office Add-ins (Aspen, ChemDraw, JMP, Endnote, etc.) may need to be reinstalled or may stop working in Office 2019.

Timeline

November thru New Year—Early testing

Starting in mid-November, IT will make Office 2019 available to faculty and staff through the Software Center in Windows 10 and to MacOS machines running 10.12/10.13/10.14 through JAMF Self Service. Faculty and staff with laptops or off-domain machines can contact our Help Desk Consultants to arrange a time to install the software.

January 2019

All campus-connected systems with Office versions older than 2016 will be upgraded to at least Office 2016. All new faculty and staff computers purchased will have Office 2019 installed by default. Office 2016 will remain in the campus computer labs throughout fall and spring semesters.

May 2019

Following Spring Commencement, campus computer labs, as well as remaining faculty and staff on-campus computers, will be upgraded to Office 2019.

Questions, comments or concerts? We can help. Contact us at it-help@mtu.edu or 7-1111.

microsoft office 2019

New Google Calendar Feature

If you need to schedule a meeting, but you’re not sure what time works with everyone’s schedule, Google Calendar’s recently updated feature can help. Here is a step-by-step guide to easily use the new “Meet With…” feature.

To most effectively use the new “Meet With…” feature, start by displaying only your calendar. Unselect all calendars except yours on Google Calendar.
Next, under the “Meet With…” section on the left navigation menu, enter the name or names of the people you would like in the meeting.
After entering the names of everyone you would like to attend the meeting, all calendars will display in your calendar view.
With everyone’s calendar now visible, you can see all available times to schedule a meeting. Click in an open time slot on your calendar to begin the scheduling process and a menu will pop up for the new event.
This new event will include everyone entered in the “Meet With…” section discussed earlier. You will have the ability to add any additional guests, add a room, add a location, a description, and conferencing options.
Once you click save, it will give you options to send an invitation to the other people you are scheduling the meeting with.

If you have any questions about this new Google Calendar feature, we can help. Contact us at it-help@mtu.edu or call 7-1111.

Whaling, SMiShing, and Vishing…Oh My!

three types of phishing: mass scale phishing, spear phishing, and whaling — Infographic by Digital Guardian. Check out the full phishing infographic by Digital Guardian

There’s more than one way to be phished!

Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very low risk for the attacker. Make sure you’re on the lookout for these variants on the traditional, mass emailed phishing attack:

Spear phishing: An attack of this kind often involves very well-crafted messages that come from what looks like a trusted VIP source, often in a hurry, targeting those who can conduct financial transactions on behalf of your organization (sometimes called “whaling”).
SMiShing: Literally, phishing attacks via SMS, these scams attempt to trick users into supplying content or clicking on links in SMS messages on their mobile devices. Flaws in how caller ID and phone number verification work make this an increasingly popular attack that is hard to stop.
Vishing: Voice phishing, these are calls from attackers claiming to be government agencies such as the IRS, software vendors like Microsoft, or services offering to help with benefits or credit card rates. Attackers will often appear to be calling from a local number close to yours. As with SMiShing, flaws in how caller ID and phone number verification work make this a dangerous attack vector.

No matter the medium, follow these techniques to help prevent getting tricked by these social engineering attacks:

Don’t react to scare tactics: All of these attacks depend on scaring the recipient, such as with a lawsuit, that their computer is full of viruses, or that they might miss out on a chance at a great interest rate. Don’t fall for it!
Verify contacts independently: Financial transactions should always follow a defined set of procedures, which includes a way to verify legitimacy outside email or an inbound phone call. Legitimate companies and service providers will give you a real business address and a way for you to contact them back, which you can independently verify on a company website, support line, etc. Don’t trust people who contact you out of the blue claiming to represent your company.
Know the signs: Does the message/phone call start with vague information, a generic company name like “card services,” an urgent request, and/or an offer that seems impossibly good? Hang up or click that delete button!

Related resources to check out

Learn more about spam and phishing or hacked accounts from the National Cyber Security Alliance.
Read this Better Business Bureau Tip on Phishing Scams.
Read the FCC article on Avoiding the Temptation of SMiShing Scams
The FTC provides more information for consumers about phone scams and how to spot them.
See our previous Campus Security Awareness Campaign blogs about phishing and ransomware: October 2018: Don’t Let a Phishing Scam Reel You In, February 2017: Learn What It Takes to Refuse the Phishing Bait, September 2017: Avoiding Ransomware Attacks, and April 2016: Don’t Get Hooked

Campus Security Awareness Campaign 2019

This content is from a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

Take Control of Your Personal Information to Help Prevent Identity Theft

The first full week of March is National Consumer Protection Week. The week is designed to help people make good financial decisions and understand their rights as consumers. Understanding your rights as a consumer can help you recover from identity theft.

Identity theft has become a fact of life during the past decade. If you are reading this, it is a safe bet that your data has been breached in at least one incident. Does that mean we are all helpless? Thankfully, no. There is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.

First, take control of your credit reports. Examine your own report at each of the “big three” bureaus. You get one free report from each credit bureau once per year. You can request them by going to AnnualCreditReport.com. Make sure there’s nothing inaccurate in those reports, and file for correction if needed. Then initiate a credit freeze at each of those plus two other smaller ones. Instructions can be found at Krebs on Security. To keep an eye on your credit report all year, space out your credit bureau requests by requesting a report from a different credit bureau every four months.

Next, practice good digital hygiene. Just as you lock your front door when you leave home and your car when you park it, make sure your digital world is secured. This means:

Keep your operating system up to date. When OS updates are released, they fix errors in the code that could let the bad guys in.
Do the same for the application software you use. Web browsers, plug-ins, email clients, office software, antivirus/antimalware, and every other type of software has flaws. When those flaws are fixed, you are in a race to install that fix before someone uses the flaw against you. The vast majority of hacks leverage vulnerabilities that have a fix already available.
Engage your brain. Think before you click. Think before you disclose personal information in a web form or over the phone.
Think before you share on social media sites. Some of those fun-to-share-with-your-friends quizzes and games ask questions that have a disturbing similarity to “security questions” that can be used to recover your account. Do you want the answers to your security questions to be published to the world?
Use a password manager and keep a strong, unique password for every site or service you use. That way a breach on one site won’t open you up to fraud at other sites.
Back. It. Up. What do you do if you are hit with a ransomware attack? (Or a run-of-the-mill disk failure?) If you have a recent off-line backup, your data are safe, and you can recover without even thinking about paying a ransom.
Full disk encryption is your friend. If your device is stolen, it will be a lot harder for a thief to access your data, which means you can sleep at night.
Check all your accounts statements regularly. Paperless statements are convenient in the digital age. But it is easy to forget to check infrequently used accounts such as a health savings account. Make a recurring calendar reminder to check every account for activity that you don’t recognize.
Manage those old-style paper statements. Don’t just throw them in the trash or the recycle bin. Shred them with a cross-cut shredder. Or burn them. Or do both. Data stolen from a dumpster are just as useful as data stolen from a website.

If you’ve been a victim of identity theft:

Create an Identity Theft Report by filing a complaint with the Federal Trade Commission online (or call 1-877-438-4338).
Use the Identity Theft Report to file a police report. Make sure you keep a copy of the police report in a safe place.
Flag your credit reports by contacting the fraud departments of any one of the three major credit bureaus: Equifax (800-685-1111); TransUnion (888-909-8872); or Experian (888-397-3742).

Resources

For more tips and tools on dealing with identity theft, visit the FTC Identity Theft website.
Go to IdentityTheft.gov to report and recover from identity theft; you can also browse the FTC’s complete list of possible recovery steps.
Download the FTC’s comprehensive guide for victims: Identity Theft – A Recovery Plan.
Learn about current scams and how to protect yourself by visiting Fraud.org.
Visit StaySafeOnline.org to review the tip sheet for victims of cybercrime and an infographic aimed at helping users stay safe from cybercrime during tax time.
Access free annual credit reports at https://www.annualcreditreport.com.
How to Freeze Your Credit (for free!).
Learn more about National Consumer Protection Week.

Video Resources

This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).