Information Technologies & Services

"Inside ITS" Newsletter - Vol. 15

August 27, 2015

Welcome to this edition of Inside ITS! Inside ITS keeps users informed about technology services available at Weill Cornell.

In this issue:

Ask the CIO 

Have a burning question about tech? Now you can ask our own Dr. Curtis Cole, CIO of Information Technologies & Services, by sending your query to its-communications@med.cornell.edu. Here are the latest answers Dr. Cole has for you!

What can we do to reduce the amount of spam in our email?
It is no secret that the amount of unsolicited junk email has been rising. We just switched to a new system that is much better at detection and easier to control. Most of the feedback we have received has been quite positive, but a few people have been put off by the need to re-train the system to categorize addresses in whitelists and blacklists.

My recommendation is that you spend a full week carefully reading the summaries and accepting or rejecting the system's decisions. After one week, it will know your preferences very well and then you will find the false positive rate is well below 1% - better than the old system and easier to see when it does make a mistake.

Why are the URLs sometimes rewritten in my email?
Our new malware detection system not only blocks spam, it protects against "phishing." These are attempts to trick you into giving away your private information, like your password, by sending an email that looks legitimate. Commonly, you might see one claiming to be from IT saying your mailbox is full (our mailboxes are now unlimited) or claiming to be from a bank saying you need to verify something in your account. The system swaps these URLs and redirects them to a safe server. If you click on a known bad link it will block it. If it isn't sure, it still adds some protection by looking for unusual behavior in the link you clicked.

Phishing is the way many of the biggest security breaches in recent years have occurred. High profile cases, like the data breaches of Anthem and JPMorgan Chase, have compromised the personal information of millions of customers. We are still working with the vendor to tweak the URL feature, as it is not consistent in all email clients. It works best in Outlook and Apple Mail. We also have a tool to decode the URL in the rare instance you need to see the original. We will be making that more freely available soon.

Why are new email names weird combinations of letters and numbers while some (like yours) are names?
In the past, Cornell and NYP had separate email and security systems. In the late 1990s, we synchronized our users names and started sharing an email system. When New York Hospital merged with Presbyterian Hospital, we also needed to synchronize our namespace with Columbia. There are now more than 60,000 names in our shared directory. Initially, this caused a lot of overlapping names. Therefore, we had to agree on a shared namespace, so the new 3 letters + 4 number CWID (e.g. abc1234) was invented. Non-overlapping old addresses like mine were grandfathered in.

In some instances (e.g. the Dean), we do allow people to request vanity addresses. The CWID remains unchanged and is still needed for some functions. However, requests need to be reviewed by all three institutions so it is not done very often.

Avast! First-year students "pillage" library for clues during annual Treasure Hunt

After a long week of orientation, the first-year medical students had a little friendly competition during the Samuel J. Wood Library's annual Treasure Hunt. On Friday, August 21, nine teams of students scoured the library for clues using their newly-issued iPads and QR codes, each clue bringing them closer to the grand prize - lunch at the Griffis Faculty Club. 

Teams were given a map and initial clue, which guided them to various stations within the library. Staff members at each station pointed out various services, resources, or policies that new students should be aware of during their studies at WCMC, such as helpful mobile apps and using the 24/7 study area. The event is both a highlight for students after a hectic week and also a way for them to learn about the extensive library resources they have available.

Team #7 was victorious, completed all the clues and scoring the highest on a final quiz administered by the library staff. Congratulations to Julio Alvarez (Team Captain), Nathan Liu, Zhenzhen Shi, Alejandro Garcia, Paul Barone, Olivia Sutton, Christopher Xanthos, Lisle Winston, Emily Lebowitz, and Debby Abramov!

Teams #9 and #1 placed second and third respectively, winning t-shirts from the Cornell Store and iTunes gift cards.

The library's Treasure Hunt has been a tradition since 2006.

Duo: Two factors are better than one 

Best practice data security is kind of like getting dressed on a crisp New York fall day - the more, layers the better.

In a push to offer an extra layer of security for WCMC students, faculty and staff, ITS has teamed up with Duo Security: an easy-to-use two-factor authentication system. Passwords alone sometimes aren't enough to keep your information safe, especially in the face of increasingly sophisticated hacking techniques. Two-factor authentication leverages your mobile device (or landline or tablet) to provide an extra layer of security on top of your password.

How does two-factor authentication work?
Two-factor authentication just means that you have to enter two distinct identifiers (password + unique code) in order to access certain sites:

  • Step one: Enter your username and password for a site as usual
  • Step two: Use your phone to verify your identity, and you're good to go.

 

This security best practice is used by a plethora of other major sites, including Gmail and Tumblr. It makes it much harder for a remote attacker to access cloud services armed with a password alone. Also, with Duo you'll be alerted right away on your phone or other registered device if someone tries to log on to your account as you.

For now, only select WCMC sites will require Duo authentication in the fall. These include:

And the best part? Duo will be available at no additional cost to all faculty, staff, and students. Stay tuned for more information in the coming weeks about how you can enroll in Duo. If you have any questions, please contact its-support@med.cornell.edu

New emergency alert system to better protect faculty, staff, and students on campus 

For the most part, daily life at Weill Cornell runs smoothly. Students attend classes, and faculty and staff perform research, provide patient care, and other tasks that keep the college running. But every so often, an electrical outage, storm or other emergency, can put a damper on things.

To help everyone on campus be better prepared for emergencies, ITS has been working with Environmental Health & Safety (EHS) to expand and enhance Weill Cornell Alert, the emergency notification system used by WCMC. Weill Cornell Alert is able to contact everyone who studies or works at WCMC, or even just a subset, with important alerts and instructions via phone, text, and email. The system has been upgraded to integrate with information within the Online Directory, giving us a better, more updated list of contacts.

Getting alerts
EHS will be sending out alerts only in emergency situations. For examples, see their website. Make sure you log into the Online Directory at directory.weill.cornell.edu and ensure that your contact information is up to date. You can find more info about updating your profile at the Cornell Emergency site.

Quarterly alerts
Once a quarter, the system will be tested by emailing and calling you. Please follow the instructions to acknowledge receipt of the alert.

If you're worried about being bombarded with alerts, don't be! In the last five years, EHS has sent fewer than 10 alerts, reserving this system for strictly emergencies. Plus, these alerts can help keep you levelheaded and safe during an emergency with instructions on getting you away from danger.

For more information about safety procedures on campus, visit cornellemergency.org.

 

Reminder: September Coaching Lab

Need some help with a particular ITS service? The next ITS Coaching Lab is Wednesday, September 16 from 10:30 am - 12:30 p.m. Feel free to stop by any time during this time slot to get some one-on-one help from our trainers. Some services we can assist you with include: 

  • Outlook
  • Lync
  • File Transfer Service
  • ServiceNow
  • lynda.com
  • Citrix
  • JIRA
  • Employee Self-Service
  • And more

The Coaching Lab is held in two locations: 

  • 1300 York Avenue, Library Computer Lab
  • 575 Lexington Avenue, 9th Floor Training Room (922) 

If you have questions, please feel free to contact its-training@med.cornell.edu. Hope to see you there! 

Need Help?

myHelpdesk
Open a ticket
(212) 746-4878
Monday-Sunday
Open: 24/7 (Excluding holidays)
SMARTDesk
WCM Library Commons
1300 York Ave
New York, NY
10065
M-F
9AM - 5PM
Make an appointment

575 Lexington Ave
3rd Floor
New York, NY
10022
Temporarily Closed