Check out our latest website launch!

FIS and the Committee of Research Administration (CoRA) have launched a new website to maintain information and events related to the recertification of research administrators. Features of the website include a calendar of training opportunities and conferences; recertification guidelines and tools; contact information; and the committee charge, members, and objectives.

The site is managed by Jennifer Weaver, Tom Berkhoudt, and Matt Weaver.

We are pleased to announce that Mathew Bell has accepted the Support Analyst position in FIS Technical Services, effective February 13, 2017. His responsibilities include analyzing and troubleshooting technical support requests, application testing, user documentation creation, customer training, and ITIL process management.

Mathew holds a Bachelor of Science degree in Communication Journalism.  He has most recently worked at EDMC as a Support Analyst II where he provided troubleshooting and help desk services to customers and managed their internal knowledgebase.  His experience and knowledge will be an asset to Customer Support.  Mathew will be located at 1917 Cathedral of Learning and will report to Carrie Armstrong.

Mathew, his girlfriend, Cynthia, and their Akita puppy, Rigby live east of the city, but his favorite restaurant is Meat and Potatoes located downtown. Mat also enjoys the Pittsburgh Pirates, Black Mirror, and Archer. If he could meet anyone he would like to meet Clint Hurdle or Andre the Giant.

Please join us in welcoming Mathew to the Technical Services team!

FIS is pleased to announce that Sean Estep has accepted a full-time Systems Engineer position in Technical Services effective February 13th.  Sean joined FIS as a Systems Engineer contractor on May 5, 2016 and was previously an Infrastructure Engineer supporting various technologies at Expedient.  His responsibilities will focus on systems deployments and administration, troubleshooting, and tier 3 support.

Sean has over 6 years of experience performing advanced systems administration, Windows Server management, VMware, storage, and supporting other core technologies.  Sean’s experience and knowledge will be an asset to Server Computing.  Sean will be located at 1917 Cathedral of Learning and will report to Daniel Mahaven.

Sean has grown up in Pittsburgh, graduated from Point Park University with a Bachelor’s in Information Technology and Management. He currently lives with his dog, Coco. In his free time, he enjoys off-roading, riding his quad and motorcycle, and gaming.

Please join me in welcoming Sean to FIS and the Technical Services team.

Congratulations to James Van Poolen for being selected as the 2017 HDI Midwest Regional Analyst of the Year Award Recipient!

James was interviewed and selected from support analysts across 14 local chapters within the Midwest region. This very prestigious award demonstrates James’ outstanding commitment to excellent service!  James will now move on to compete at the national competition, which will take place at the HDI Annual Conference & Expo in Washington D.C. from May 9-12, 2017.

Congratulations James and good luck in the national competition!

Multi-Factor Authentication

Over the past few weeks, many of us have begun to use Duo Mobile, the new Multi-Factor secure login solution now offered by Pitt through CSSD.  This new solution comes highly recommended by Pitt’s information security team.  FIS strongly encourages the implementation of this solution and some of our supported departments have mandated its use.  We would like to take a moment to answer some frequent questions and concerns that are brought up on Multi-Factor authentication.

What is Multi-Factor Authentication?

Simply put, Multi-Factor Authentication is a method for securing access to computer system which requires users to present different types of evidence to verify who they are before accessing the system.  There are three common methods, or factors, used to authenticate ones identity.  These are:

Something You Know

This factor includes usernames and password.  If you know the proper username and password combination you are granted access to the system.

Something You Have

This factor includes keys and tokens.  If you possess the right key you can unlock the door.  If you have the correct token you are allowed in the room.

Something You Are

This factor typically includes biometric data such as fingerprints, voice recognition, and retina scans.  Once very costly, this factor is now common.  Many models of smart phones, laptop, and tablets can now recognize faces and scan fingerprints.

In order to implement Multi-Factor authentication, a method from at least two of these categories must be used.  Allowing access after scanning a fingerprint and using voice recognition would not be multi-factor becomes both are from the “something you are” category.  Likewise, simply having two passwords would not be multi-factor as both passwords would fall under “something you know”.  However, if you first scanned in your fingerprint and then entered a password in order to gain access to a system, you would be using Multi-Factor authentication.

Why is Multi-Factor Authentication Being Implemented at Pitt?

Traditionally, your Pitt account has been protected by a single factor, Something You Know, which is your username and password.  While this does provide some level of protection which gets better the more complex your password is, it is susceptible to a social engineering attack which is growing in popularity – Phishing.  We have all received suspicious emails informing us that we must change our password immediately or verify some setting with a link that bring us to a fake page asking us to enter our credentials.  The hackers are hoping that a few people they attack will enter their credentials, which can then be used to access the Pitt system when the hackers decide to do so.

Duo-Mobile, the new Multi-Factor solution that Pitt has implemented, adds a second factor, Something You Have.  This is done by connecting a specific phone number to the account.  When the username and password is entered for that account a notification (either a call or an application notice) is sent to a specific phone number.  In order to log in, the user must possess the phone associated with that phone number.  Even if the hackers know the phone number it does them no good if they do not possess the physical phone.  The owner of the phone and account will be notified as soon as any unauthorized access is attempted as well.  Then the password can then be immediately changed, making the Something You Know factor secure once again.

Due to the increasing popularity of Phishing and other Social Engineering attacks targeting usernames and passwords, the University has concluded that implementing Multi-Factor Authentication is not only prudent, but necessary.  An account with Multi-Factor Authentication applied is exponentially more secure than one without.

How Do I Set Up Multi-Factor Authentication and How Does It Work?

Computing Services and Systems Development provides an excellent set of instructions on how to set up Multi-Factor Authentication for your account which can be found at by clicking this link. As always, FIS Customer Support would be happy to assist with setup and any issues that may arise while using the Duo Mobile Multi-Factor Authentication solution.  We can be contacted at 4-FIS1 or via ticket submission at the FIS Support Portal.

Once you have Duo Mobile Multi-Factor Authentication set up it will add an additional action to the login process each time you access a secure service with Pitt’s Single Sign On solution.  After putting in your username and password you will either receive a notification on your smartphone or tablet via the Duo Mobile application or an automated phone call from the Duo Mobile service.  The application will give you a button to press to approve the log on and the automated phone call will prompt you to press 1 on your phone to approve the log on.  Once Due Mobile receives approval via application or phone call your login will complete.  Using the mobile application adds 5 to 10 seconds to the login process while using the phone option typically adds about 15 to 20 seconds.

Duo Mobile supports the option to add a secondary authentication device and we strongly recommend that a secondary device be set up.  This means that if a smartphone is lost or left at home for the day a second option is available from the authentication screen, such as your desk phone number.  You can simple click a button and Duo Mobile with authenticate via your secondary device.

dscf0121

Allan (Stu) Stewart has accepted a Client Computing position in FIS Technical Services.  He will join us as a Systems Administrator effective January 31, 2017.

His responsibilities will focus on managing and troubleshooting client computers, software deployment, and client management.  Stu holds a Bachelor of Arts in Communication from Clarion University and has the CompTIA A+, Security+ and Network+ certifications. Stu has worked as a contractor for FIS since August 2015. He has previously worked as a Break-Fix Technician at Chevron and has over 17 years of experience performing desk-side support and client management.

Stu and his wife, Erica, have a son Austin (4.5), daughter Amelia (9months), and a Boston terrier, Roxy. Stu hobbies include racing and mechanic work. His favorite cartoon character is Ren and Stimpy and his is currently watching Silicon Valley. If you were to look in Stu’s fridge, you would find insulin, tombstone pizza, and jello pudding.

Stu’s experience and knowledge will be an asset to Client Computing.  Stu will be located at 1917 Cathedral of Learning and will report to Anthony DiGregorio.

Please join us in welcoming Stu!

james-award

Congratulations to James Van Poolen for being the recipient of the prestigious Pittsburgh HDI Analyst of the Year award! This award recognizes a help desk analyst that exemplifies the best qualities among the practitioners in our region who possess the knowledge and skills required to provide quality service and support for customers.

Brian Samec was also nominated for the Pittsburgh HDI Desktop Support Technician of the Year award. This award is given to a desktop support professional who responds to incidents escalated by the service desk that are related to customer equipment where additional skills, knowledge, tools, or authority are required.

James will now move on to compete for the regional award. Please join us in congratulating and wishing him luck with the regional competition!

Do you do your holiday shopping online? There are a few easy ways to protect yourself online whether you are purchasing items for yourself or for the University with your P-Card. Follow the tips below for a safe experience:
1. Shop with reputable merchants. Only purchase from online vendors that you are familiar with, or do some research first. If you are not familiar with an online store, use caution. Just because the website looks professional, it doesn’t mean the vendor is trustworthy or has proper security controls in place. Check an independent source that allows customers to rate their shopping experience with a vendor such as Reseller Ratings. You can also refer to the Better Business Bureau to see if there are any complaints listed. You should also be aware that in some cases, you may be purchasing from an individual rather than business, and your legal recourse may be different in the event of a dispute.

2. Check the merchant’s customer information and return policies. Before ordering, be sure to read the terms of sale, return policies and fees, shipping methods and prices, and guarantees. Make note of vendor’s policies for storing and distributing your personal contact information. If you do not want to be included on mailing lists or have your contact information made available to third parties (spam lists), look for an option on the web site to indicate your preference. Do not provide vendors with sensitive personal information, such as your social security number or bank account numbers. Basic shipping and credit card information is all that should be required to make a purchase.

3. Be sure the transaction is secure. When you are in the checkout process, the web site should be using encryption called SSL (Secure Sockets Layer). SSL ensures secure transmission of your credit card information across the internet. You can tell if the web site is using SSL by looking for “https://” (rather than “http://”) at the beginning of the web site’s address in the browser. Another sign is the presence of a padlock symbol in the address bar of the browser. In Internet Explorer, the padlock symbol will appear on secure pages in the address bar, located to the right side of the web address. You can click on the lock symbol to verify the security of the site.

4. Never send credit card numbers via e-mail. Although it is generally safe to enter your credit card number on a secure web site, it is not safe to send it through e-mail. E-mail is sent through the internet in clear text (non-encrypted) format, so it’s possible for someone other than the vendor to see it. Sending a credit card number through e-mail is the equivalent of writing it on a postcard rather than mailing it in an envelope.

5. Keep a record of your transaction. Before you leave the transaction page of the web site, print a copy of the screen and keep it for your records. Check your credit card statements to verify you were charged the proper amount. Also, keep any e-mail confirmations about your order for later reference.

6. Use Identity Finder to protect your data. All FIS-supported computers have a program called Identity Finder installed. It will search your files, e-mails, databases, websites, and web browser data for Social Security numbers, Credit Card numbers, Bank Accounts, Passwords, etc. so you can then take steps to remove the sensitive data from your files. This program is also available for home use by contacting FIS.

7. Keep a record of your transaction. Before you leave the transaction page of the web site, print a copy of the screen and keep it for your records. Check your credit card statements to verify you were charged the proper amount. Also, keep any e-mail confirmations about your order for later reference.

8. Take action if there is a problem. If you do have a problem with an online vendor, first attempt to work it out with them directly. Don’t just rely on e-mail; call them as well. If you cannot resolve the problem to your satisfaction, you should contact your bank and ask them to stop the payment. If that’s not possible, you can use an online service such as SquareTrade to resolve your dispute. You can also file a complaint to the state Attorney General’s Office, who will investigate the case. You should also post your experience on a site like Reseller Ratings so other customers can be warned. While you may also wish to contact the Better Business Bureau, note that they have no authority over the vendor. They will simply accept your complaint and allow the vendor to respond.

 

Secure your home computer to help protect yourself, your family, and our organization!

secure-your-home-network

Get ahead this fall and follow this Digital Spring Cleaning Checklist!!

digital-spring-cleaning-checklist


1 2 3 4 7
Archives