What is the Y-drive? The Y-drive is a general purpose, shared storage resource available to all BUMC faculty and staff to conduct University-related activities. It was created as a shared campus resource over 15 years ago at 50GB. Today it is nearly 25TB.
Are there disk quotas on the Y-drive? Generally, the Y-drive has not had any quotas established. We have relied on the community to be good stewards of this service. By and large, this policy has been successful.
Can I store personal files on the Y-drive? No. The Y-drive is not intended for personal data storage.
How does BUMC/IT know what I have on the Y-drive? BUMC IT does not actively police the use of the Y-drive unless automated monitors indicate a resource threshold has been reached. Recently, on several occasions, available storage on the Y-drive has been under pressure. Automated reports of top storage users have revealed examples of potentially inappropriate personal use of the Y-drive including the following examples:
- personal iTunes libraries
- (likely) copyrighted material such as software, movies and television programs
- personal photo libraries
- computer backups
- other personal files
While we have contacted these top users for remediation, we have not explored all suspected personal use cases. We ask you to review your current Y-drive usage to ensure you are only storing work-related files.
Does that mean that BUMC IT is snooping around in my files? No. The aforementioned reports only list general file-system information about the file such as its name, size, creation date, etc. We do not “snoop” into the contents of any files on the Y-drive.
I’ve looked through my files on the Y-drive and found some that you list above. I want to keep these files. What are my alternatives?
Citing the examples above:
- iTunes and other music libraries for personal use should be stored on your personal computer.
- Copyrighted material should never be illegally maintained. You should immediately delete it.
- Photos can be stored on any number of consumer photo sharing sites (e.g., Flickr, Google+, Skydrive, etc.)
- It is unnecessary to back up your personal computer to the Y-drive. The University has a site license for CrashPlan that will accomplish this goal in a more sustainable fashion.
- You should store these files on a consumer file service — e.g.,
Google Drive, Microsoft Skydrive, Amazon Cloud Drive, etc.
But I have a lot of data sets that I need to preserve, what are my options? The University has a high-capacity Data Archiving service for the storage of infrequently used data. This service is available to all faculty, researchers, staff and departments.
If you need assistance with managing your files and directories, contact the BUMC IT Service Desk at 638-5914or email@example.com.
BUMC IT Client Services is proud to welcome Scott Wilson starting as a Computer Support Specialist today. Scott graduated from Wentworth Institute of Technology with a BS in Computer Networking in 2012 and recently worked for TMNG Global as a Network and Desktop Support Specialist. Scott brings extensive Windows and Mac experience to our team.
As described last week in a BU Today article, members of the BU community were recently victims of phishing; and IS&T has again received several reports of a phishing message being received by members of our community like the one below.
We believe the scammers are trying to use the fact that they were successful last time to continue and extend their crime. The message to watch out for claims to be from BU Security and talks about protecting you from the evils of phishing. You can tell the message is a fake because it claims to be from BU, and even uses the BU logo, but it is pointing you to a link that is not a bu.edu link.
A real BU link will always have “ .bu.edu/ ” in it. There is always a dot before bu and a slash after edu, as shown below.
Other things to watch out for:
- If you are prompted to Web Login, make sure it is the authentic BU Web Login page which begins with https://weblogin.bu.edu/something
- Remember that BU will NEVER ask you for your password or ask you to “verify” it; nor would any other legitimate business or institution. It is important that you safeguard your passwords and never give them to anyone.
For more good ways to detect phishing, go to: www.bu.edu/infosec/howtos/how-to-detect-phishing/.
Additional information on phishing is provided by IS&T at www.bu.edu/tech/phishing.
Making your spam/phishing filter more effective
Mail that is clearly spam is filtered for you, automatically. However, one person’s spam might be another person’s research project, so other messages are simply tagged as suspicious and then allowed to go through. You can decide how to handle suspicious mail that does get through, following the tips for Managing Spam provided by IS&T at www.bu.edu/tech/comm/email/unwanted-email/spam/.
If you see a phishing message, please send it and full headers to firstname.lastname@example.org. For details on how to do this, see www.bu.edu/tech/comm/email/unwanted-email/report-abuse/.
Myriam Bikah joins BUMC IT today in the position of BI Developer II. Myriam joins BU after spending the past 5 years with the American Association of Community Colleges (AACC) in Washington, D.C., as a Data and Research Associate. There she helped colleges understand student achievement measures and trends, in part by developing MicroStrategy dashboards and OLAP reports, creating data dictionaries and training videos. Prior to the AACC, Myriam worked at the National Committee for Quality Assurance (NCQA) as a Heath Care Analyst, translating healthcare performance measures into SAS specifications, and performing extensive statistical analyses of healthcare data. She holds an MS in Industrial Engineering from the University of Nebraska – Lincoln, and a BS in Mathematics from UNC Charlotte. Her thesis work involved the design of a user-centered, portable, ergonomic, real-time, solid-state neutron detection device for Homeland Security applications (related work here). She’s as fluent in calculus as she is in French. Myriam is new not just to BU, but also to the city of Boston. Welcome, Myriam!
Over the past few months BUMC Information Technology has been enrolling departments into a new support structure that is centrally funded by the schools, initiated by Provost Antman and Bobby Sprinkle, Executive Director, BUMC IT. Starting July 1 this new support structure officially begins for BU departments on the Medical Campus. As part of this process, we will be doing an inventory of computer equipment that has been purchased with BU funds (either departmental or grant). Once a department is fully inventoried it will no longer be charged for setups, hourly support, or annual support agreements, but will be centrally funded by Medical Campus schools. For more information about this program or questions feel free to visit or call BUMC IT http://www.bumc.bu.edu/it/support/subscription/centrally-funded-desktop-support/
BUMC IT and BU IS&T Information Security will be sponsoring a paper shredding day, Thursday, June 13 from 10am to 1pm along the Talbot Green. Bring any work related or personal documents that you would like to have securely shredded on site at the shredder truck. We will also have an area nearby where you can drop off computer equipment you would like recycled as well as hard drives you would like destroyed.
This time of year is wonderful. People are thinking of others a little more and reaching out to them again if they haven’t talked in a while. Unfortunately, as with any other time when behavior can be predicted, the bad guys are working overtime to try to take advantage of it. This year has seen record levels of malicious activity online and via email as they are taking advantage of all the shopping being done online.
This is a quick reminder to be extra careful this time of year with your email.
We have been seeing many, many malicious messages
- pretending to be receipts for purchases that you didn’t make or
- offers for discounts on products you like, or
- pretending to be complaints from the Better Business Bureau (BBB) or
- notifications of a lawsuits against you, etc.,
- anything to try to goad you into clicking the link.
These emails are trying to: (1) trick you into following a link to a fake site pretending to be someplace you normally go so you give them your password or (2) infect your computer with malicious software, or both.
Here are a few simple tips to avoid being hooked by a phisher:
1. If the email asks for your password, it is a scam. Delete it.
2. If the email is about an order that you don’t know anything about, it is almost certainly a scam. It may thank you for purchasing something that you know you didn’t order and then either include a PDF attachment as a receipt or give you a “Dispute” link. If you click the link or open the attachment, it will almost certainly infect your system.
- If you want to confirm if a purchase was made without your authorization, DON’T CLICK THE LINK IN THE EMAIL. It is completely possible to make a link lie to you. Instead, call the number on the back of your card or use your browser to go to the known and trusted website by typing in the URL/Web Address yourself.
- General rule: if the email message is lying to you about where it wants to send you, it is a scam.
For example, take this link: http;//www.google.com/ If you click this, it will not take you to Google, it will take you somewhere completely different. Scammers use this trick all the time to trick you to going to malicious websites. You can tell where a link is going to take you by hovering over it with your mouse. DON’T CLICK. Hover. If you do this for the link above you will see a completely different link pop up in a box by your pointer or in a space at the bottom of your email client or browser.
3. Forward scam emails to email@example.com and then delete them. If in doubt, call the IT Help Desk (617) 638-5914.
For more information visit: bu.edu/infosec/howtos/how-to-avoid-phishing/
(The above link was sent in clear text and is pointing to a domain you trust, bu.edu. But if your browser made the link clickable, you should still get into the habit of not clicking it, but copying and pasting the link into your browser.)
Keep your eye out for scams, and best wishes to you all,
Quinn R Shamblin
Executive Director of Information Security, Boston University
This Tech Brief, “Technology Now: Cloud Computing,” explores the entire spectrum of cloud computing programs that offer potentially lower cost, easy-to-use services with high reliability and rapid startup times are now widely available online. These services, provide computing resources as an online service, not as a physical product. Researchers and users are demanding access to the capabilities that these services provide, but security officers are reluctant to give them access and academic IT organizations are not typically resourced to provide them locally.
Win cash, gain experience, and earn international recognition with one short video or a poster!
The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting a contest in search of short information security awareness videos and posters developed by college students for college students. The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them.
Winners will receive cash prizes, and their videos and posters will be featured on the HEISC website (www.educause.edu/security). The winning videos and posters may be used in campus security awareness campaigns.
A gold, silver, and bronze prize will be awarded in three categories—training films of two minutes or less, 30-second public service announcements (PSAs), and posters—for a total of nine cash prizes. Honorable mention prizes will also be awarded.
Cash prizes for videos
- Gold: $2,000
- Silver: $1,500
- Bronze: $1,000
Cash prizes for posters
- Gold: $1,500
- Silver: $1,000
- Bronze: $500
Deadline: March 8, 2013.
For more information, visit http://www.educause.edu/SecurityVideoContest.
- If an e-mail asks for your password, it is a scam. Delete it!
A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information.
- Don’t follow links, and never provide personal information.
You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam.
- Don’t open attachments that you weren’t expecting.
Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.
- Filter out spam.
Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam.
- When in doubt…
If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to firstname.lastname@example.org. If possible, it is helpful to include full headers when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.
If it’s too late…
If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.
Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or email@example.com.
LEARN MORE ABOUT PHISHING:
- Phishing IQ Test: http://www.sonicwall.com/furl/phishing/index.php
- Phishing Awareness: http://www.youtube.com/watch?v=H0yWWqX0L4g
- “Phishing” Internet Security PSA: http://www.youtube.com/watch?v=pPCPU5UpPG4&NR=1
Remember, Boston University will never ask for your login and password information via e-mail.