Classroom Technology Updates and Requests

Dear Faculty and Staff:

A happy Friday to you all. I wanted to ask each of you to watch out for a few things in the classrooms.

1. Please turn off the projectors when you are done
2. Sign out, do not shutdown the computer.
3. You can see all classroom specifications and features in Ad Astra now
4. Please be kind to your fellow instructors and leave the room ready for the next class
5. How to request assistance with a classroom

Please turn off the projectors when you are done

As we have been going through the classrooms, especially the new classrooms, we are finding that folks are leaving the projectors on. This wastes electricity and reduces how long and how bright the projectors function. Virtually ALL our projectors are instant on and instant off. Please turn them off when you are done!

• Old panels (see classroom technology instructions here - old panel on left, no power knob) Hold the "on/off" or "Power" button for five seconds. This button will always be the top right button.
• New panels (see classroom technology instructions here - new panel on right): Single press the power button. It is white when it is off and blue when it is on.

Sign out, do not shutdown the computer

We keep finding computers turned off and a few of the help presses we get are because the computer has been "shutdown" instead of "signed out". To sign out of a computer, go to the start/search menu and find your email address or your avatar and click that. A menu will appear to sign out or switch user. Sign out please.


This gif shows you the differences between the Windows 10 and 11 start menu/search interfaces. You can see the user avatar on the left (darker screen) on Windows 10 and at the bottom (lighter screen) of Windows 11

Image credit: @tom-hudson

How to turn the computer back on

If you encounter a computer that has been turned off, the power button is in the bottom right corner of the front panel. The computer is tiny; perhaps 8" wide and less than 2" tall. This pic below shows the power button on the bottom right corner a little lighter in color. It is the only button on the front of the computer.

You can see all classroom specifications and features in Ad Astra now

Log into Malone Xpress and choose "Room Scheduling" from the launchpad. This will launch Ad Astra. You can view schedules and rooms from the "Calendars" --> "Scheduling Grids". There is a "day" view which shows lots of rooms and a "week" view which shows the entire week's schedule for a single room. Float your mouse over the circle next to each room to see a picture and feature list of each space.

Please be kind to your fellow instructors and leave the room ready for the next class

Several [not all] classrooms are being left in various states of disarray. Please leave the classroom in good shape for the next class! We recommend looking at who else is using the space and sending them an email to see what their preferences might be. If you like the room to be setup in the round, but the next class needs them in rows well, don't leave the room a mess!

The instructional preference survey that Kyle Calderhead sent out last year, indicated that you prefer tables on wheels 2:1 to tablet arm chairs. With that thought in mind, we have installed casters on tables in several JC, RH, and MH classrooms to try it out. Please send the Help Desk or Space Management feedback on how these are working or not working.

Related to this initiative, we have begun to post recommended layouts into each room. These will be posted inside the entrance to each classroom. Here is an example from JC103. These recommendations will show up in all classrooms over time. Read the example for more information about classroom layouts.

How to request assistance with a classroom

At the bottom of both the "Classroom Technology Instruction" and the "Layout Suggestions" pages, there are instructions on how to connect to the Help Desk and report ANY issues you have with that space. Are the blinds not working, too hot, too cold, tech misbehaving, chairs or desks broken, any issues can be reported to the Help Desk.

Press "Help" for help!

Remember that you have the "Help" button on all of the classroom controllers. This will page folks in the IT department who are trained to assist with the classroom technology. This button works during business hours. Be sure to call the IT Help Desk and select the option 2 technology emergency to ring one of our cell phones.

Christmas and Winter Break (for faculty and staff)

Hello Faculty and Staff:

With only a few days remaining before Christmas and New Year's break, we are providing a checklist of tasks you might do to prepare you, your accounts, and your offices before you leave!

Communication with students and customers

• Set your away message (vacation responder) on your email. You can set this ahead of time to start and stop on certain dates!
• Set your alternative greeting in your voicemail. While you can't set this one ahead of time, you can set a stop date. We are back to the office on Wednesday, 3 January 2024 at 8am!

Tips for your away messages. Include when you will be back or whether and how often you are checking your messages. Be careful with the wording of your message since it will be playing before, during, and after Christmas and New Years.

Power savings for individual offices

• Unplug or turn off any power strips. 
• Unplug any AC adapters. AC adapters still draw some energy even if they are not in use. These are sometimes called "electricity vampires"

Power savings for the office suite

 If you are the last one out of the office...

• Shut down your office copier and printer. Unplug them too!
• Empty out, clean out, and unplug your office fridge. Depending on your office, this is not for the feint of heart :-). Open a ticket or call Physical Plant if you need assistance with this; especially if you have a fridge that requires defrosting.
• If you have a thermostat in your office, turn it off or set it to medium. Building HVAC systems will be placed into "unoccupied" mode during the break unless an office has made arrangements with Physical Plant to stay open.

userid.malone.edu shutdown

Hello Students, Faculty, and Staff:

It has been about a year since we started moving our Single Sign On [SSO] system to Microsoft Azure AD (now rebranded/marketed as Microsoft Entra ID). Just a few weeks ago, we successfully transitioned the last service still using the old one. Now it is time to say goodbye to https://userid.malone.edu .

On Tuesday, 10 October 2023 at 10:10am - that's 10/10 at 10:10 - we will turn off the old userid system. 

We took a look at the logs and nearly 300 of you have logged into the old SSO system in the past two weeks. This means that you are logging in only to have to log in a second time to the new SSO system. That is too many logins!!

Update your bookmarks!

Take a look in your web browsers and phones. You will want to remove or update any bookmarks to userid.malone.edu. We recommend that you instead bookmark Malone Xpress at https://jics.malone.edu or https://myapps.microsoft.com which is the Microsoft SSO page which is roughly the equivalent of the old userid system.

Questions?

We can help! Reach out to us via the web at https://helpdesk.malone.edu or by phone at 330.471.8428.

Setting Up an Appointment Calendar for Advising or Something Else

Dear Faculty, Staff, and Students (but especially Faculty for today's post):

Are you and your advisees having trouble finding a time to meet? Good news! There is a feature in your Google calendar called "Appointment Schedules" which can be used to schedule meetings. 

Here are the Google Instructions or you can take a look at Google marketing propaganda page for appointments which gives a nice overview.

Once an appointment calendar is set up, you can copy and send the link to your advisees and ask them to sign up for an appointment. Your appointment calendar is tied to your personal calendar, so you will not accidentally double-book a time.

We have recorded a short (no audio) step-by-step video showing how to set up appointment slots for advising.

Please contact the IT Help Desk if you have any questions or issues. We can be reached via the web at https://helpdesk.malone.edu or by phone at 330.471.8428.

Required Security Training for Malone Employees

Dear Faculty and Staff:

You may remember that back in December 2022 we announced a new "Required Training Policy." You can read and review this policy in FAQ415. You may also have seen some different training assigned to you this week namely, AED training. I thought it a good opportunity to talk about what is happening.

While the policy is published where the IT policies are usually placed, required training delivered on the KnowBe4 platform, in person, or otherwise will cover a variety of topics including:

• Information security
• Campus safety (workplace assailant, AED locations and use, etc.)
• Title IX
• Manager training, e.g., "lead Malone"
• Other training deemed important and necessary by leadership.

We have committed (read it in the policy section 3.1!) to, "carefully select training which is useful to our employees, which meet the specifications of the regulations the university is beholden to, and also honor the time of our employees."

AED training

The most recent example is the AED training that has been assigned to all users in KnowBe4. If you attended the in-person training that Jack Angelo hosted in the Spring, you are not required to take it again. You will have received the email invitation, but you will notice that it is marked as "complete" when you sign into KnowBe4. You are welcome to review the presentation as well as the Youtube video (linked in knowbe4) giving instructions on their use again.

Action Items. What do I need to do?

The bottom line is this training is required. Please sign into Malone Xpress and click on the "KnowBe4 Training" button in the Launchpad.

Take any training that is listed for you. 

Overdue training

Any employees with overdue training are subject to section 3.3.2 of the policy which is progressive; from warnings, warnings with chair/director cc'd, account suspension, etc.

We encourage you to please take your training as soon as you see it assigned. If you are nervous or have questions about it, please let us know. Remember that you can sign into Malone Xpress and launch the KnowBe4 training site.

Managers/Chairs/Directors

Please sign into KnowBe4 and view your "team dashboard."

and review:

• anyone on your team who has training due or overdue. Send a note to your team members reminding them that they have training due.
• make sure the list is inclusive of your entire team and that there are no folks who should not be listed as part of your team (let HR and IT know if you have any of these).

Scams and Unsecured malone.edu email accounts

Hello Students, Faculty, Staff, & Alumni:

This week's post is a little more serious because it pertains to several phishing emails that have made it past our filters because of mismanaged and insecure malone.edu email accounts. We are evaluating the best way to move forward so that less accounts are compromised so we can reduce the chance of our user community being scammed. 

The best way for you to prevent your account being hacked is to:

1. make sure you set up good multi-factor authentication methods for your accounts.
2. Be extremely suspicious of offers that are too good to be true or ANYTIME someone asks you to purchase things on their behalf. Scammers often ask you to buy gift cards or order equipment for them.
3. Report when you see suspicious activity. Mark it as SPAM in the web mail interface or - for faculty and staff - report suspicious emails using the orange phishing hook so that IT can review the message. You can also contact the Help Desk if you want assistance to verify a message is legitimate. DO NOT forward the message to HelpDesk. We will review it using administrative interfaces.

In the past week, we received the third instance of this particular attack. Here's the rough outline of how this particular attack works.

1) Compromised account

An account which did not yet have multifactor authentication set up had its password guessed by an attacker. In this case, it was an alumnus' account from ten years ago. The attacker set up the alumnus' MFA and logged into his account using a ToR web browser. ToR is a darkweb tool which obfuscates the user's location. We can see in our logs that the login traffic appeared to come from no less than three different countries.

How does an attacker guess a password? There are many ways, but here are a few:

1. The password is part of security breach from another site.
2. The user uses the same password on all of his or her web sign-ins.
3. The user has a pattern to their passwords. If their original password is 'BobWhite14,' then the next one they use is 'BobWhite15.' If the previous password is subject to a breach, then the attacker can guess what password might come next.
4. The user's computer/device is hacked and they store their passwords on an unsecured file on the hacked device. This would be the equivalent of saving all your passwords in the Notes app on your iPhone instead of using the password storage found in Settings. Some folks store their passwords in a Word document saved on their hard drive; this is also extremely insecure.

2) Phishing emails sent

The attacker sent out something like the following message to 240 email addresses:

The Department of Business and Technologies at Malone University is looking for research assistants who are interested in working remotely and receiving a salary of $450 per week. Students (Previous or Present Students) from any department in the university can  participate in the research. Please contact Professor Shawn Campbell as soon as possible by text (999)999-9999 with your full name, email address, year of study, and department to obtain the position description and further application requirements.

 

Best Regards.  

C/O Professor Dr. Spamislaw McPhishterson

Title: Professor of Underwater Basket Weaving, Malone University

What are the indications that this is a Phish? 

1. First red flag is that they want you to start texting them instead of replying to the email.
2. Second is that if you responded to the email then the reply comes from an entirely different email address (especially not a malone.edu email address). Once the communication leaves our systems, it cannot be easily tracked if we need to investigate it.

3) Hooked!

One or more people text the attacker or reply to the email. The attacker get the victim off of our network and systems as soon as possible to thwart any attempts at figuring out who they are. 

4) Reeling in the victim

The attacker starts to email or text the victim impersonating the professor and telling them about the internship opportunity. They tell them that they sound like a good candidate for the internship and text them the image of a check that has our name and logo on it, but is totally bogus.

Once they 'hire' the victim, they ask he or she to purchase gift cards or items which can easily be returned to a store (office supplies or non-perishable items). They instruct the victim to make the purchases and either dropship them to a location or send pictures of the cards with the pin codes scratched off. 

The victim follows instructions and places the orders. The victim tries to cash the fake check and it bounces.

More red flags:

1. Why would Malone ask an intern to use their personal account to buy stuff? We don't. We wouldn't.
2. Asking to buy or transmit gift cards are a major red flag. They are untraceable and easily sent/received with people snapping pictures.
3. Texting a picture of a check. That is not how checks work. Checks are typically printed with special magnetic ink and on paper that is copy-resistant. The bank is bogus, the signature is bogus, and they simply copied and pasted our logo on the check.

If you've fallen victim to a scheme like this

First you should file a police report immediately. While it is nearly impossible to identify the attacker and recover your funds, sometimes it can be done. Let them know all of the circumstances around the attack. 

These attacks are getting more and more sophisticated which means they are harder to detect both for humans and for computers. The appeal of easy and/or quick money has drawn many a cash-strapped student in. Don't feel ashamed such that you don't let the authorities know about it.

What did we do and what are we doing to prevent this from happening in the future?

One huge thing we are doing to prevent this from happening in the future is our implementing multifactor authentication [MFA]. Once it is set up, then attackers have a harder time taking over a malone.edu account. In this case, the alumnus did not set up his MFA yet, so once they got his password, they set it up for themselves and had full access to his account.

Google detected that it was a phishing attempt and disabled his account. Diligent community members reached out to IT and we further locked out the hacked account and pulled all instances of the email from our servers. We have no way of knowing how many people started to text the attacker, but we are aware of at least one person who did and was bilked out of their money and time.

The future of alumni accounts is in question. We have offered this service to alumni to retain their malone.edu email as long as they are actively checking it. But we are reviewing whether to continue to offer the service in lieu of folks who may not be managing their alumni accounts well. More to come on this front and be sure to send us feedback through helpdesk@malone.edu if you have thoughts.

image credit: https://www.publicdomainpictures.net/en/view-image.php?image=240518&picture=scam 

Google Meet Use - recording and presentation tools

Hello Everyone (especially Teaching Faculty):

We have gotten several calls this past week about recording in Google Meet. This week's post (a little late) shows you

• How to schedule a recurring Google Meet for a class and who can and cannot record a meeting
• Where the recording tools are located in Google Meet 
• How to generate transcripts and information on attendance tracking.
• Other activities like whiteboard, Q&A, and polling features.
• Where recordings are stored (Your google drive "meet recordings" folder) and how long they're retained.

This week's post is about Google Meet use. Google changed the location of the recording mechanism; moving it into the activity menu. I created a brief video on how to schedule a Google Meet and how to navigate to the activity tools and record your presentation.

Who can Record?

Anyone who is listed as an instructor in a current or upcoming course has the ability to record. This is programmatically set. If you are an instructor, but you lack the ability to record your presentation, make sure that the meeting was scheduled by you and not someone else. 

Recording management

All Google Meet recording are stored in a folder on Google Drive called "Meet Recordings". Recording will last ninety (90) days after which they will be automatically discarded. If you want to keep a recording longer than that, you will need to download it from your Google drive to another location. It can then be re-uploaded into another location on Google Drive. You cannot just move the recording to another location in drive. 

Reach out to the IT Help Desk if you are having any trouble recording or have any questions about Google Meet use. We can be reached via email at helpdesk@malone.edu , via the web at https://helpdesk.malone.edu or by phone at 330.471.8428.

Quick Start for Using Google Meet for recording of synchronous meetings

A less than seven minute tutorial on Google meet recording including transcript and attendance files.

More Resources for Google Meet

There is a fairly exhaustive list of resources located in Google's Help documentation for Google Meet. Pay especial attention to the "during the meeting" section to learn how to use the different features.