As UNM has embraced the remote work/remote instruction environment, UNM Information Technology (IT) has continued to improve how it balances information security and privacy with usability of systems and services. The following is important information on existing technology services and upcoming improvements:
Zoom Security for Main Campus and Branches (For information on HSC Zoom Services, please refer to https://hsc.unm.edu/about/cio/user-support/support/Zoom.html.)
There has been some publicity and concern regarding Zoom security. Many of the information security-related issues with Zoom can be attributed to meeting hosts not implementing the recommended secure settings, or with the use of free individual accounts rather than the use of the UNM institutionally reviewed and licensed service. Individually licensed Zoom accounts do not offer the authentication and secure configuration options available to an institutionally supported Zoom service. UNM completed an extensive security and privacy risk assessment for the UNM enterprise Zoom service to provide a simple and robust live collaboration tool capable of meeting the many needs of the diverse university community.
In that assessment, the UNM Information Security and Privacy Office worked with IT service owners to review how Zoom would be used at UNM, and to help ensure that appropriate safeguards were in place to protect UNM data in use through the UNM Zoom service. UNM IT worked with the UNM Registrar, Office of University Counsel and the UNM Information Security and Privacy Office to provide all meeting hosts with recommendations for how to secure Zoom sessions and protect the privacy of meeting participants without limiting the ability of UNM community members to have open meetings with colleagues at other institutions. This information can be found at at.unm.edu/media-collaborative-apps/zoom-web-conferencing.html
Please be sure to review the privacy recommendations relative to the type of information you will be sharing on Zoom and apply the recommendations appropriately to your Zoom meetings. UNM IT is also available to work with meeting hosts to provide them with additional information on how to safely conduct a Zoom meeting as part of provisioning UNM Zoom Licensed/Pro accounts. Please keep in mind that Zoom should not be used to facilitate or conduct Export Control-related work.
External email notification banner and message preview in LoboMail
On Dec. 12, 2019, a banner was added to all e-mails sent from outside UNM’s e-mail system. This was in response to the detection at UNM of a virus that proliferated through external email phishing and had previously caused a peer institution in New Mexico to physically shutdown for 3 weeks last fall. While this banner has been an important step in mitigating dangerous phishing attacks, we acknowledge that the existing banner minimizes the ability for users to see a preview of the email message content.
After business hours on April 28, 2020, we will alter the text used for flagging e-mails sent from outside the UNM e-mail system so that the banner alert is smaller and message content is viewable in preview windows. We will continue to whitelist external entities that have a need to send emails on behalf of UNM.
To protect your account from phishing:
- Always be cautious with externally flagged e-mails and especially when opening attachments or following links from unverified or external sources.
- Never provide your password through e-mail, even for a password reset.
- If you receive phishing email, any e-mail asking for your password or for Personally Identifiable Information (PII), please forward the e-mail as an attachment to security@unm.edu. For instructions on how to forward email as an attachment, or to see whether UNM IT is already aware of specific phishing email, please visit phishbowl.unm.edu. Additional information on reporting incidents to UNM’s Information Security and Privacy Office is available at ISPO.unm.edu.
Two-factor authentication
One-factor authentication is any login using your NetID and something only you know (such as your password). Additional factors can include a hardware token, or something else that you have, like a mobile phone or smart phone, which can receive a call or text message, or can utilize a mobile authentication application. Verifying your identity with a second factor helps prevent others from logging in to your account, even if they know your password.
UNM has been using two-factor authentication with sensitive Payroll and Benefits information. Effective May 18, 2020, IT will be adding two-factor authentication to your Bursar’s Account Suite, more commonly known as TouchNet. Later in June, IT will be adding additional enhancements to UNM’s two-factor authentication. Details on these additional enhancements will be forthcoming.
Removal of additional login steps for LoboMail access
UNM IT will be eliminating an extra step for logging into LoboMail. After business hours on April 28, 2020, users who access LoboMail through their web browser will be able to do so with a single step.
Due to the healthcare nature of the Health Sciences Center, there are variations to services and support for HSC students, faculty, and staff. If you have questions regarding HSC technology services, please contact the HSC Service Desk at 272-1694 or HSC-CIO-notices@salud.unm.edu.
The UNM IT Service Desk is here to assist you with IT related services. Please contact us at 505.277.5757.