Category: Security

Getting a new phone? Prep for BoilerKey

If you are planning to get a new phone, be sure to prepare for BoilerKey changes or you’ll be locked out!

Print off your BoilerKey Backup Codes or turn on self-recovery per this Purdue Today article:

https://www.itap.purdue.edu/newsroom/192019-BoilerKey-Self-Recovery-Holiday.html

Or, if you still have your old phone , you can use it to log into the BoilerKey site (using the DUO app + WiFi) and initiate a new BoilerKey setup…

https://purdue.edu/boilerkey

EdIT can assist you if you are locked out. Just contact us at EdIT@purdue.edu.

Thank you!

~ Bob & the EdIT team

Reasons to use Purdue email systems

Reasons to use Purdue email systems

In other words, reasons not to forward your Purdue email to a non-Purdue email service:

1. Purdue email is considered an official Purdue record.

2. Purdue is legally liable to protect and retain Purdue records, including student information regulated by FERPA that may be conveyed in email and email attachments.

  • Purdue Email Policy: Users are reminded that any e-mail sent from a University Email Account or residing on University Email Services may be considered a public record under the Indiana Public Records Act (IC 5-14-3) and may be subject to disclosure. Users need to exercise judgment in sending content that may be deemed confidential or that they otherwise do not wish to be disclosed. Furthermore, email transmissions may not be secure, and contents that are expected to remain confidential need to be communicated via means other than email. Common examples of confidential contents include: student grades, personnel records, individual donor gift records, personally identifiable information, and data subject to federal and state laws or regulations, including but not limited to, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA) and the Gramm Leach Bliley Act (GLBA).

3. Using consumer email systems for Purdue email, when not contractually obligated to Purdue, causes Purdue to lose control of records, and circumvents Purdue access controls. Purdue has created access controls to protect and provide secure access to email. The security of 3rd party email systems cannot be guaranteed by Purdue.  While some email users may be able to safely forward their Purdue email to a non-Purdue email account, employees who handle official Purdue data are bound by Purdue policy to ensure that Purdue data remains protected in ways that comply with all applicable laws and regulations.

4. The Purdue records retention policy must be complied with even if Purdue email is forwarded to a non-Purdue server.

http://www.purdue.edu/policies/governance/vb3.html

5. Consumer email systems are typically commercial data-mining systems. Purdue students and employees may not consent to having the content of their email messages forwarded to, or entered into, a commercial data-mining system and tracked/indexed or potentially targeted with advertising, etc.

6. Caching a Purdue career account username password within a consumer email system (not an email client, but email systems/servers) that Purdue has not legally contracted puts Purdue systems and/or accounts at risk.  Some non-Purdue email systems will offer to log into your Purdue email account on your behalf and pull your Purdue email onto their servers.  It is OK for users to do this for their personally owned email and their own data, but this practice can put the data of students, and Purdue data in general, at risk.

7. When forwarding all Purdue email to a personal email account, a freedom of information act records request could impact someone’s personal account, and potentially bring personal email into litigation.  Or it could cause Purdue to become out of compliance with laws that require Purdue to control and access Purdue-owned data.

See: https://www.purdue.edu/legalcounsel/public/index.html

Purdue Hazard Communication Training – Mandatory for all Purdue Employees

Dear College of Education Employees,

As part of Purdue’s OSHA-mandated “Integrated Safety Plan” all paid Purdue employees (including student employees) are required to complete a one-time training called: Hazard Communication Training.

To complete the training, College of Education employees can watch the following 13-minute video:

Purdue Hazard Communication Training Video
https://www.purdue.edu/ehps/rem/training/hazcom/hazcomawarenew/HazCom_Awareness.html

…and then, after watching the video, take the short quiz here:

Quiz – Hazard Communication Training
https://purdue.ca1.qualtrics.com/jfe/form/SV_41PSiEg2K1KMVfL

Once you have completed the Quiz, you should receive an email confirmation message.  Please forward that message to your departmental main office.

Thank you!

Robert Evans
Chair of the College of Education Safety Committee
Co-Chair of the BRNG Safety Committee
bob@purdue.edu

Emergency Preparedness Video: Shots Fired on Campus Video

Below an article from the SecurePurdue web site that includes a link to a video:

http://www.purdue.edu/securePurdue/news/2010/emergency-preparedness-shots-fired-on-campus-video.cfm

“Shots Fired on Campus: When Lightning Strikes,” is a 20-minute video that illustrates what to look for and how to prepare and react, said Carol Shelby, senior director of environmental health and public safety. The video is available online at https://www.purdue.edu/securepurdue/police/video. A Purdue career account and password are necessary to log on to view the video. Its release to the Purdue community coincides with National Emergency Preparedness Month.

“This video stresses awareness, preparation and rehearsal, the keys to safety,” Shelby said. “Students, faculty and staff can take the training on their own and access it anytime they want, but some professors also may want to play it in their classrooms.”

The video was produced by the Center for Personal Protection and Safety, based in Spokane, Wash., and is being shown at several college campuses around the nation, Shelby said. The center is composed of former U.S. Department of Defense and FBI officials and is dedicated to researching and disseminating best practices in workplace violence prevention and travel safety. It is responsible for much of the federal government’s current teaching and training on crisis negotiations, workplace violence, abduction prevention and hostage survival situations.

Shelby said Purdue linked with the center through the university’s participation in the International Association of Campus Law Enforcement Agencies, an organization involved in safety and security on college campuses.

The Video:

https://www.purdue.edu/securepurdue/police/video

The Transcript:

http://www.purdue.edu/securePurdue/download.cfm?File=media/SFOC_Final_Transcript.pdf

New email header will alert individuals to probable phishing scams

Please note the following post from ITaP:

Due to the continual increase in phishing attempts targeting Purdue email accounts, ITaP has created a new email header that will alert Purdue mail users to probable phishing scams.

All individuals who use an @purdue.edu email address will be affected by this change. The alert will be added to the top of messages and will read as follows:

Please be advised that the email below contains a link associated with an identified phishing scam. Clicking on the link may harm your computer. If you believe your Purdue career account has been compromised, please contact your local academic IT support or the ITaP Customer Service Center at 765-494-4000 for help managing risk to you and the University.

For more information see:

http://www.itap.purdue.edu/newsroom/news/140114_phishing_header.html

Writer: Andrea Thomas, ITaP technology writer, 765-496-8204, thomas78@purdue.edu

Source: Mick Haberzetle, manager of messaging and application services, 765-496-1067, mick@purdue.edu

David Shaw, chief information security officer, 765-496-8289, shaw46@purdue.edu