February 2022

February 2022, LMS

Canvas and Blackboard and Moodle, Oh My!

We’re excited to announce that the LMS Evaluation project (click here for more information) is moving to a new phase – candidate demonstrations and evaluation.

Last Fall many of you were generous with your time and opinions about Moodle and your hopes for the future when it came to Learning Management Systems. With over 100 responses to our survey, and many departmental and student-group discussions, ITS and the LMS Evaluation Steering Committee, would like to say thank you! We’ve analyzed all of ideas and we’re currently preparing a short report to share the major themes of that feedback.

Based on that feedback, and on internal research, Clark is hosting two Learning Management System providers to offer virtual demonstrations to our campus community. These two LMSs are candidates for replacing Moodle as Clark’s LMS, phased in over the next 2 years, so we’re excited to see what they might offer you as you teach, learn and work with technology. Most of all, we’re eager to see if you think either of these systems have a place at Clark.

ITS is inviting you to attend these demonstrations. If your schedule allows, we recommend attending one demonstration from each candidate.

Click here to register to attend any of the candidate demonstrations. All sessions will be recorded.

Canvas

Canvas is an LMS offered by the company Instructure. It is usually cloud-hosted. It is currently the market leader in higher education with a share of 34% of US and Canadian institutions. Click here for more information on Canvas.

  • Student-focused demonstration: Thursday, March 17th, 3pm – 4pm
  • Faculty/Staff-focused demonstration: Wednesday, March 23rd, 1:30pm – 3pm

Blackboard Learn

Blackboard Learn is an LMS offered by the company Blackboard. Its current iteration is called Blackboard Learn Ultra and is usually cloud-hosted. Blackboard Learn (Ultra and previous iterations) have a 21% share of of US and Canadian higher education institutions. Click here for more information on Blackboard Learn.

  • Student-focused demonstration: Thursday, Thursday, March 24th, 3pm – 4pm
  • Faculty/Staff-focused demonstration: Tuesday, March 15th, 2pm – 3:30pm

Click here for more information on the LMS Evaluation process and timeline, and if you have any questions, please feel free to contact Joanne Dolan, Director for Academic Technology at jodolan@clarku.edu

Data Privacy and Security, February 2022

Phishing Simulations and Training from ITS

Approximately 90% of cyber attacks begin with a phishing email and all Clark community members can help protect our information resources by being able to identify and ignore suspicious emails. To support this, ITS has partnered with KnowBe4, a security awareness training and simulated phishing platform to offer an on-going security awareness campaign.

This campaign helps to educate the Clark community through a broader lens of understanding how hackers can steal your personal information, and track your movements. Our campaign works to encourage change across Clark while empowering and equipping users with the tools to protect the physical, and digital data of the University.

Through the KnowBe4 software, Clark members will be sent several ‘simulated phishing’ messages over the course of each semester. These simulated phishing emails are based off malicious emails that a hacker would send you.

Since launching the campaign in July of 2021, institutional risk related to users being ‘phish prone’ (those who are likely to fall for simulated phishing emails) has decreased by 13%.

What will happen if I open a ‘simulated phishing email’?

If you open an email which was sent through our KnowBe4 system, nothing dangerous will happen. It is up to you to report it using the Phish Alert button (click here to learn more about how to use the Phish Alert button).

However, if you click a link within the body of the message, download an attachment, or forward the email to someone else (including to the Help Desk), you will be directed to a landing page (similar to below) letting you know that this was a simulated email from KnowBe4. This page will alert you to why this email should seem ‘phishy’ to you, and what steps you can take in the future to more quickly identify it as malicious. Additionally, you will be asked to watch a 2-minute video about phishing.

In addition to the short video, you will automatically be enrolled into Clark’s Cybersecurity Training Course. This course which is also done through our KnowBe4 system, can be accessed using the link provided in an email that you will receive (similar to below)

What do I need to know about the training?

Training typically consists of two modules which take approximately 10 minutes to complete, and will provide you with tips and tricks to spot and avoid clicking on phishing emails in the future. Failure to complete the assigned trainings will result in continued notification reminders.

What happens if I click on more than one ‘simulated phishing email’?

Don’t worry, it happens to us all! With phishing emails getting more sophisticated and trickier than ever, we understand that you may accidentally click on one. If this happens, you will be auto-enrolled into another Cybersecurity Training. However, each time you are enrolled, you will be presented with a more detailed course. More than 3 incidents in one academic semester may result in a user having a conversation with their supervisor and/or ITS to help ensure we can best protect our information resources.

I reported the simulated phish by clicking the Phish Alert Button

Congratulations! You outsmarted the hackers. If you properly spot and report a simulated phishing email, you will receive a notification on a job well done, and a HUGE thank you from Clark ITS in helping to keep Clark safe from potential cyber-threats.

Data Privacy and Security, February 2022

Seems Phishy!

Email is a critical communication tool, and as a result, it’s important for all of us to be vigilant and able to spot phishing emails that attempt to compromise our personal and community information.

What is Phishing?

Phishing is the process in which malicious people try to trick you into giving out sensitive information or taking a potentially dangerous action, like clicking on a link or downloading an infected attachment. They do this using emails disguised as contacts or organizations you trust so that you react without thinking first. It’s a form of criminally fraudulent social engineering.

Phishing is one of the most common ways that attackers try to access our data and commit fraud. Phishers pose, usually via email, as a someone you know and lure you into revealing sensitive personal information, downloading malicious software or sending money or gift-cards.

How can I spot Phishing?

While Clark’s advanced security will do much to prevent many phishing emails reaching your inbox, it’s up to each of us to remain vigilant. Phishing emails can look like any other email. Some claim to offer free drinks from your favorite coffee shop, while others may pretend to be from a familiar department on campus.

Phishing emails often have the following characteristics:

  • They will often appear to come from a Clark email address, but instead will be ‘spoofed’. Spoofed email addresses look similar but are actually different – similar to presidentsoffice.clarku.edu@gmail.com.
    • For Staff and Faculty: Look for the [EXT] label in the subject which indicates an email was sent from outside Clark. If you see an email that looks like it came from a member of the Clark community, but has the [EXT] label, be cautious.
  • Make requests for personal information (usernames, passwords, account numbers)
  • Alarming and urgent statements instructing you to act immediately
  • Slight alterations of well-known organization names (e.g. IT department, instead of ITS)
  • Awkward writing style, misspelled words, or poor grammar are common, but phishers are becoming more sophisticated and polished in their writing.

What do I do if I suspect a message is a Phishing scam?

If you receive an email from someone that just feels out of place then you should report it. It is always better to ask ITS to investigate the email (by using the Phishing Alert button – see below), than open a malicious one that can spread malware and infect your device and even steal your information.

In a change to our previous advice, we ask that you no longer forward suspected phishing emails to anyone, including the Help Desk. Instead, please follow the instructions below to report the email in the most secure way.

Outlook on Windows or Mac

  • Click on the Phish Alert Report button in the top right of the email window.

Desktop & Phish Alert

Outlook Online

  • Click on the More Actions (three dots) button in the top right
  • Click on the Phish Alert V2 option

Outlook App on iOS or Android

  • Click on the More Actions (three dots) button in the email
  • Click on the Phish Alert button
    • Note that on Android you may need to scroll down to see this option as it’s below Delete

What does ITS do to help prevent phishing?

You are a critical step in helping to protect our shared computing resources. Security is best deployed in layers, so if one layer is breached, others can help protect those critical resources. In addition to the great work we do as a community by reporting and ignoring the requests in phishing emails, ITS has deployed tools and techniques to aid in your ability to detect a phishing message, and also prevent these messages from reaching your inbox. In February 2022, approximately 20% of all email sent to members of the Clark community were automatically kept from reaching your inbox. That’s almost 700,000 messages we didn’t have to delete! Some of these techniques are:

  • We partner with organizations like Microsoft, Palo Alto Networks, and REN-ISAC to help us identify attributes of messages that we know are malicious, and we send those messages right to your Junk Email folder. With Microsoft as our email provider we are part of a large global community, potentially learning about malicious content after it impacts other users, and before it impacts Clark.
  • If a message has a known malicious attachment, that attachment is replaced with a notice that an attachment was removed from the message before it is delivered to your Inbox.
  • When you click on a link in most email, in real-time the link is scanned to see if it is sending you to a known malicious website. If it is, then you are redirected to a warning page notifying you the link was malicious.
  • Faculty and staff may notice [EXT] appended to the subject of an email that originates from outside of Clark’s email system. If you see a message that looks like it may have come from a member of the Clark community, but it has the [EXT] tag in the subject, be suspicious, and maybe reach out to them in a new email (not a reply to that potentially fraudulent email) sent to their Clark account.
  • Clark uses technology like SPF and DKIM to help identify legitimate messages that do originate from outside our email system.

February 2022, Get to Know Us

Get to Know Us: Chris Naples

[Looking for Lisa Demings profile? Click here]

This month, we meet Chris Naples, Endpoint Administrator. Chris joined our growing Endpoint team in October 2021 and helps to prepare the computers that end up on your desk. As he says “the computer you receive when you first start your job doesn’t come ready to use out of the box”. Chris and his team helps set up and deploy your computer to be ready with the applications and other preferences you and Clark require.

Chris was born and raised in Central Massachusetts and prior to Clark, worked at Assumption University. He and his family (his wife and three young children) enjoy the beach, the mountains and theme parks – particularly Disney where they travel each winter. Chris is well known among ITS as having a green thumb, and loves growing (and trying to grow) exotic plants, fruits and vegetables. He also enjoys watching Disney’s new series The Book of Boba Fett, reading thrillers, or grilling with his family.

Interested in learning about how to work regular back-ups into your schedule (something Chris loves to talk about)? Click here for contact information.

February 2022, Tool Spotlight

Tool Spotlight: Microsoft Forms

Have you ever wished that you could quickly collect information from your class, student group, department or others? If so, you’ve probably dabbled with Qualtrics, our survey tool. While Qualtrics is a sophisticated, market-leading survey tool, it can be a little complicated for basic information collection.

In cases where Qualtrics is ‘too much’, consider Microsoft Forms, available now to all staff, faculty and students. Forms allows you to quickly and easily create short online forms to collect information from groups, and offers common question types including multiple choice, short and long text entry and Likert-scale. Additionally, it is very easy to restrict participation to users with Clark credentials, and export responses as Excel files or as a graphical report.

Access Microsoft Forms by clicking here: https://forms.office.com/ or in your Microsoft 365 portal, by clicking the “Waffle icon” (9 dots) in the top left of your screen. If you don’t see Forms there, click All Apps.

Click here to access a Microsoft Forms Essentials Course in Linked in Learning (click here to learn more about LinkedIn Learning at Clark).