Home → Policies & Security → Printer Friendly Version
Free services. Many Web sites carry paid advertising as a way to generate revenue. But many web-based services also require that you register, by supplying your name and e-mail address, before you can use their “free” services. Selling the information they collect is part of their business plan. And guess who buys that information? (The correct answer is “spammers”).
Newsgroups. Think twice before posting to a newsgroup. Spammers often release information-gathering programs called “bots” to collect the names and e-mail addresses of people who post to specific newsgroups. Bots can get this information from both recent and old posts. And, since many newsgroups are special-interest communities, spammers can learn what you’re interested in—which makes you a better target for spam.
How to protect yourself:
Never reply to a spammer. Replying to spam—no matter how good the offer sounds—will guarantee that you get more spam, because you’ve shown yourself as susceptible. Also ignore any offer to “click here to be removed from our list.” All your request does is tell the spammer the message arrived and that a live person is reading the mail at that address. Any response increases your value to list-sellers.
Surf wisely. Be sure to look for the TRUSTe “trustmark” included on many commercial Web sites. This logo certifies that the site owners follow their published privacy policy. Every policy is different, so you’ll still have to read each one carefully before divulging personal information. But at least you’ll be reasonably certain the site owners won’t sell your name if they’ve promised not to. Go to www.truste.org for more info on this service.
Use filters. Every e-mail program has some sort of built-in filtering system. Check your client’s online help section for info on setting up filters. Filters aren’t perfect, though, because you have to enter the spammer’s e-mail address, and the addresses change often and are commonly disguised. Another good use for filters: blocking messages from one person who keeps sending you unwanted (but not spam) messages.
How to complain
You can forward objectionable e-mail with full headers to abuse@uvawise.edu.
Be sure to include the "Internet Headers" when you forward a message. The "Internet Headers" identifies every computer that handled the message before it arrived at your in-box. We need this information to determine the origin of the message. Every e-mail client has its own way to show "Internet Headers"; click the online help section to learn more.
In Outlook, with the email open click the in the "Tag" section of the Ribbon to bring up the "Properties" box and to show the "Internet Headers" which you can then select and copy into your email.
To automatically clear private data in Mozilla Firefox:
1. Open Firefox.
2. Select Tools from the toolbar.
3. Select Options from the pull-down menu.
4. Select the Privacy Tab.
5. Click on the checkbox, to put a check mark, under Private Data section: “Always clear my private data when I close Firefox”.
6. Click on the Settings… box.
7. Make sure that all of the checkboxes are selected with checks.
8. Click OK.
9. Click OK.
10. Every time you close Firefox you will prompted to “Clear Private Data Now”.
The security and protection of the College’s resources is everyone’s responsibility. If you witness or know of a threat to or misuse of any of the resources on campus, large or small, whether that threat is internal (from someone on campus) or external (someone not on campus), then you have an obligation to report what you know to the proper authorities abuse@uvawise.edu. All reports will be investigated and the appropriate actions will be taken. You can make a difference. We are all working toward one goal and success requires the assistance and perseverance of every individual.
***All emails should be forwarded with full headers.
Threatening emails should be reported immediately. If you feel threatened by the contents of an email received through your uvawise.edu account during normal business hours (M-F 8:00-5:00) you can report it to abuse@uvawise.edu or (276) 376-4640 or contact the Campus Police anytime at 911 or (276) 328-COPS. Do not disregard a threat, take all threats seriously.
If you are receiving harassing emails to your uvawise.edu account please forward the email to abuse@uvawise.edu and/or call extension 4640 to report the abuse.
Pursuant to 37 CFR 201.38, UVa-Wise has designated the following person to receive notification from copyright owners of claimed infringement of copyright
Scott Bevins, Ph.D.
Associate Vice Chancellor of Information Services
Information Technology Center - Room 273
1 College Avenue
Wise, VA 24293
Phone: (276) 376-4578
Fax: (276) 376-1045
E-Mail: pb8q [at] uvawise.edu
All UVA faculty, staff, and other employees, including the Health System and UVa-Wise, must complete the Information Technology Security Awareness tutorial (ITSA) annually, as part of the revised IRM-002 – Acceptable Use of the University’s Information Technology Resources policy. For this year, we will send a reminder email to all UVA faculty, staff, and other employees to remind them to complete the training. The email reminder will be sent out in waves based on the "original hire date" (visible in Workday).
1. Visit Information Security Awareness Training (ISAT) in Workday and complete the ITSA, and
2. Contact the IT helpdesk (276-376-4509) during regular business hours, but no sooner than 24 hours after receiving this email.
If you have been notified to take the quiz then you must complete it, annually. The auditors are now requiring all University faculty, staff, contractors, and student employees to complete information security awareness training annually. The tutorial has changed from previous years and takes about 10 minutes to complete.
Yes! It’s not about where you are, it’s about your status as a faculty, staff, contractor, or student employee, and accessing any of UVA’s technology resources. State auditors are now requiring all University faculty, staff, contractors, and student employees to complete information security awareness training annually.
[See #11 below for variant on this question.]
If you have been notified to take the quiz, then you must complete it. The state auditors are now requiring all University faculty, staff, contractors, and student employees to complete information security awareness training annually. If you do not complete the quiz, you may lose access to University systems.
According to our records you are still listed as an active student employee. Any employee who is listed as active cannot be removed from the quiz. You should contact the department you used to work for and ask them to remove you from their payroll list.
If you do not work for UVA anymore, then there is no need for you to take the quiz. However, if you do not want to get further emails about the quiz, you need to contact your former department and get them to remove you from their rolls.
I am a wage employee but I don’t work for UVA any longer, can you take my name off the list?
According to our records you are still listed as an active employee. Any employee who is listed as active cannot be removed from the quiz. You should contact the department you use to work for and ask them to remove you from their payroll list.
If you do not work for UVA anymore, then there is no need for you to take the quiz. However, if you do not want to get further emails about the quiz, you need to contact your former department and get them to remove you from their rolls.
Once you have completed the quiz you will come to a screen that shows a certificate of completion.
In addition, you will also receive an email stating that you have completed the tutorial. This email will provide you with some links that were referenced in the tutorial. These links will also help you expand your knowledge of information security.
Based on our records, you still have access to UVA systems (including email). You may not use this access, but you still have access therefore you are required to take this quiz.
No, this is a legitimate email. If you are uncertain, please call IT Security at (276)376-4640.
Complete the quiz and then contact Access Management (434-924-0817) during regular business hours, at least 24 hours after you have completed the quiz.
HSVPN is another high security network similar to the JointVPN. You would know if you have HSVPN access, so since you don’t know what HSVPN is, you do not need to worry about it.
Yes, you still need to complete the ITSA tutorial for faculty and staff (https://quiz.its.virginia.edu/itsarc). We apologize if you were directed incorrectly to complete the RCQ. If you can let us know who directed you to take the RCQ, we can contact them to prevent this mix-up in the future, hopefully.
As you may have noticed, the RCQ is geared specifically to students. The ITSA tutorial has security awareness information for faculty and staff, so we hope you find that more useful than the RCQ. Again, we apologize for the mix-up. Please let us know if you have any further questions.
NetBadge Resets/Duo Instructions - Students
For First-Time Account Activation:
Please visit UVA’s First-Time Account Activation Guide and follow the instruction on the screen.
**Your Jenzabar ID Number is your activation code and can be found on your CAVScard. It will likely appear in the format 000012345601. Your Jenzabar ID Number is found by removing the initial zeros and the last two digits (in the example it would be 123456).
Seeing an error message?
If the message says:
You may have already completed the account activation process. You will need to:
You will need to:
NOTE: If you have changed cell phones you need to download the Duo Mobile app and contact NetBadge@uvawise.edu from your @uvawise.edu email account and request that your Duo device be "reactivated".
NOTE: If you have a new cell phone number you will need to send an email to NetBadge@uvawise.edu from your @uvawise.edu email account and ask that your phone number be changed in Duo.
NOTE: If you are a returning student and remember your password and you do not fall into one of the previous NOTE categories you should be able to login to NetBadge protected resources without further action, however if you do not remember your NetBadge password you will need to follow the steps below:
You will need to visit the Create or Manage Your UVA Computing ID and Password page in your browser to reset your NetBadge password:
Click on “Reset Your UVA Password” (***this is the same thing as NetBadge)
Choose “Option 3: Request a PIN sent to your recovery email or mobile number”
A NetBadge is an electronic identification "badge" that is issued to your Web browser when you log into the NetBadge service. NetBadge verifies your identity as a valid user of the Web resource you are trying to access, using your University computing ID and password credentials.
"Enhanced" NetBadge is a higher-security edition of NetBadge that will look slightly different from the "original" NetBadge and increase protection of your sensitive personal data (i.e. no longer use SSN). To use "Enhanced" NetBadge requires verification of identity through a process known as Identity Verification.
At UVa, there are 3 levels of identity assurance, depending upon the sensitivity of the data you are attempting to access. Systems which require “Enhanced” NetBadge now or in the near future include Oracle; the Integrated System; and UVa’s Student Information System. Other systems which require NetBadge login include, but are not limited to: on-line training modules Security Awareness, Search Committee, Preventing Sexual Harassment, and Preventing Employment Discrimination.
Once you have downloaded and installed Duo Mobile from your Apps store
Allow notifications
Open the text message for activating Duo Mobile
Tap the link
Open the link in Duo Mobile
Should say “adding account”
If this does not happen then try to login to NetBadge and tap the + on the Duo Mobile screen.
But stop on the screen that asks you to authenticate by Phone call or code… now read this next section carefully to set up the automatic “Push” feature…
If your administrator enabled self-service device management, the Duo Prompt displays a "My Settings & Devices" link on the left.
If you enabled the option to automatically send you an authentication request via push or phone call, you'll need to cancel the push or phone call in progress before you can click the "My Settings & Devices" link.
To manage your devices, choose an authentication method and complete two-factor authentication (you may need to scroll down to see all authentication options). You can't get in to the device management portal if you do not have access to any enrolled devices; you'll need to contact your Duo administrator for help.
After authenticating you'll see the device management portal. This is where you can enroll a new device by clicking Add another device and following the device enrollment steps, or reactivate, edit, or delete your existing devices.
To exit My Settings & Devices, click the Done button below your listed devices or click your organization's logo on the left (or the Duo logo if shown).
Default Authentication Options
If you authenticate with more than one device, you can specify which you would like to be the default. Click the Default Device: drop-down menu and pick your default device for authentication. Click Save if you're done making changes.
If this is the device you'll use most often with Duo then you may want to enable automatic push requests by changing the When I log in: option and changing the setting from "Ask me to choose an authentication method" to "Automatically send this device a Duo Push" or "Automatically call this device" and click Save. With one of the automatic options enabled Duo automatically sends an authentication request via push notification to the Duo Mobile app on your smartphone or a phone call to your device (depending on your selection).
Manage Existing Devices
Click the Device Options button next to any of your enrolled devices to view the actions available for that type of device. You can Reactivate Duo Mobile for an enrolled smartphone, Change Device Name for any type of phone, or delete any authentication device.
Reactivate Duo Mobile
Click the Reactivate Duo Mobile button if you need to get Duo Push working on your phone, for example, if you replaced your phone with a new model but kept the same phone number. After answering some questions about your device, you'll receive a new QR code to scan with your phone, which will complete the Duo Mobile activation process.
Change Device Name
Clicking Change Device Name will open up an interface to change the display name of your phone (hardware tokens can't be renamed). Type in the new name and click Save.
After successfully modifying your phone's name, not only will you see this from now on when managing devices, but it will also be how your phone is identified in the authentication dropdown.
***Please note that questions regarding any of these policies should be directed to the Helpdesk, (276) 376-4509.
It is against policy and against Virginia Law to knowingly (and sometimes unknowingly) illegally use, misuse, interfere and/or modify network systems. Depending on the violation, the person is guilty of a Class 1 Misdemeanor up to a Class 6 Felony. 1
1 Va. Code§§ 18.2-152.1 to-152.15,§ 19.2-249.2
UVAW – 1 |
|
UVAW – 2 |
|
UVAW – 3 |
Information Sensitivity Policy – administrative data, access, ownership, data responsibility roles |
Appendix A |
|
Appendix B |
Roles and Responsibilities Related to College Administrative Data |
UVAW – 4 |
Encryption Policy – where and when to use encryption, type of encryption to be used |
UVAW – 5 |
|
UVAW – 6 |
|
UVAW – 7 |
|
UVAW – 8 |
Physical Access to Sensitive Data Systems – access controls, data retention |
UVAW – 9 |
|
UVAW – 10 |
Periodic Testing of Security, Systems, and Processes – scans, penetration testing, IDS/IPS |
UVAW – 11 |
|
UVAW – 12 |
|
UVAW – 13 |
|
UVAW – 14 |
|
UVAW – 15 |
|
Appendix A |
|
UVAW – 16 |
|
UVAW – 17 |
*All UVa-Wise IT policies and standards that apply to The University of Virginia’s College at Wise are defined, approved by management, and communicated via the OIT website to the Wise Campus and Community. The CIO, IT Managers, and the IT Security and Policy Coordinator will meet annually to review, revise and approve all new and revised policies which will then be presented to the Senior Staff for approval. All approved policies will then be posted on the IT website within a week of approval.