Skip to main content

Category: Tips

  • Public O365 Groups, Teams, Sharepoint

    As of 11/20/2023 any Office 365 Group, Team or Sharepoint site that has visibility set to Public will be changed to Private due to the risk of accidental exposure of confidential data and other unintended consequences (e.g., unauthorized data modification) If you would like assistance with using Office 365 for secure document storage and collaboration, please consult with your departmental IT or help.unc.edu to review… Read More about Public O365 Groups, Teams, Sharepoint.

  • Chat icon

    Research Position Scam

    Key Takeaways Always be suspicious of unsolicited emails.  A UNC employee or department should never advertise a job via a non-UNC email address. Student work opportunities are posted at https://studentwork.unc.edu/students/finding-job/ and UNC job opportunities are posted at https://hr.unc.edu.  For external organizations, use their official website to find job postings. Closely inspect the From field and the External label (i.e., “You don’t often get email from…”) for… Read More about Research Position Scam.

  • National Cybersecurity Awareness Month: Phish Resistant MFA

    Key Takeaways: UNC is rolling out Phishing-Resistant MFA through the CarolinaKey initiative.  Setting up CarolinaKey will increase your security posture and reduce the number of times you have to type a password + approve an MFA push. You are 99% less likely to get hacked if your account uses MFA.  Enable MFA wherever it is available, especially your personal email and financial services. Any MFA… Read More about National Cybersecurity Awareness Month: Phish Resistant MFA.

  • National Cybersecurity Awareness Month: QR Code Scams and Phishing

    October is Cybersecurity Awareness Month. All month long, ITS News will highlight how ITS — and you — keep the University safe. In this guest post, Drew Trumbull with the Information Security Office, shares how malicious actors are using QR codes for scams and phishing campaigns. Check out all Cybersecurity Awareness Month events, or for year-round tips on staying cybersafe, visit Safe Computing at UNC…. Read More about National Cybersecurity Awareness Month: QR Code Scams and Phishing.

  • Consultation

    Tech Support Scam and Browser Lock

    There have been several reports of Tech Support Scams that begin with a “Browser Lock” pop-up malware notification that opens in full screen view, making it difficult to close.  The pop-up displays a telephone number to call which will lead to the scammer directing you to setup remote screen sharing access through a tool such as teamviewer or logmein.  From there the scammer will try… Read More about Tech Support Scam and Browser Lock.

  • DocuSign Themed Phishing

    We’ve recently seen a number of DocuSign themed phishing messages targeting UNC email inboxes. DocuSign provides guidance on How DocuSign Users Can Spot, Avoid and Report Fraud. Here are some key takeaways: Who sent the email?  Legitimate DocuSign messages should come from an email address that ends with DocuSign.com or DocuSign.net. Hover to discover!  Always check where a link goes before clicking by hovering your… Read More about DocuSign Themed Phishing.

  • Website Hosting Guidance

    There are a lot of options for creating and deploying websites. Here is some guidance to help highlight some of the options provided by UNC and to ensure University data is protected when deploying websites for university business.  We also have guidance on handling secure file uploads in a separate post. Consider ITS Managed Services UNC ITS supports two Software as a Service (SaaS) options… Read More about Website Hosting Guidance.

  • Guidance on File Uploads

    Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation). Carefully consider the type of data you intend to collect and the… Read More about Guidance on File Uploads.

  • There’s a new way to report phishing!

    Starting this fall, you may see a new functionality in Outlook that will allow you to report phishing and junk with a quick and simple click of a button. This functionality will exist in the web, desktop and mobile versions of Outlook. You can report the message using the steps below. The message will be removed from your inbox and analyzed to better protect the… Read More about There’s a new way to report phishing!.

  • Understanding Sensitive Information

    If you’ve ever been asked whether or not you work with sensitive information, you may wonder what the University defines as sensitive information. The University maintains an information classification standard that provides detailed guidance on what is considered classified information and what is not. This information is helpful when determining the best path forward in the event of a malware infection, determining requirements for research… Read More about Understanding Sensitive Information.

Last updated: September 6, 2023
I-T-S