CARES Act Purchases Update

Dear Colleagues,

I want to provide you with an update on the technology equipment we secured through the CARES Act. Firstly, I want to thank SJSU’s academic leadership for helping us identify and define each college’s needs; thanks to them, SJSU IT was able to make more informed equipment purchases.

Vin, Charlie, Patrick, and I reviewed those requests and collaborated to purchase a wide array of general equipment as well as specialized inventory through the CARES Act. All general items that college deans have requested have been approved to order and will be on-hand and ready for the start of the Fall semester. The following have already arrived and are readily available through the SJSU IT equipment loaning service today:

  • Laptops
  • Hotspots
  • Webcams
  • Headsets
  • Tripods
  • Chromebooks

Other items will also be arriving in the next week or two and will be ready through the equipment loaning service as well. In the meantime, we do have extra, should our students need it now. These include:

  • USB Microphones
  • Adjustable Laptop Stands
  • USB Keyboard/Mouse Combos
  • USB Mice
  • Monitors

Team can put in a request by calling 408-924-2888. SJSU IT will manage, track, and distribute general items (laptops, hotspots, mice, etc.) and software licenses so that we can optimize limited resources and maximize utilization. College/unit-specific items, like Wacom Tablets and ProTools licenses, will go to the college/unit that requested it through your college techs. Similar to last semester, we plan to communicate to our students, faculty, and staff about our offerings.

We’ll also work closely with MLK Library so that they have an inventory of general equipment on-hand for students. Big thank you to Christine Mune for being so collaborative in support of our students.

Rather than buying all of the requested items at once, we’ll make an initial purchase, monitor inventory, and purchase more when inventory for an item is below a certain threshold. Due to budget constraints, we want to be sure that we don’t purchase excess inventory.  Therefore, keeping an accurate inventory is critically important to ensure that our students have access to the equipment they need.

Arranging this and getting everything ready in time for Fall start was a huge collaborative effort. I want to make sure that I thank all of the IT staff across the entire campus, both SJSU IT and the distributed IT staff. Without everyone working together and quickly, this wouldn’t be possible for our faculty, students, and staff.  I also want to thank Bruce Gardner, who has been coordinating the effort and helping manage questions from across campus. Lastly, thanks go to Vicky Van Leer, Jewel Rodeo, and Susan Huang, who are working days and nights getting our equipment ready. Jason Ferguson, Sharon Watkins, Brent Jones, Joseph Chou, and our entire IMS Team (Darlene Bargas, Devona Williams, Trevor Wylie, Daniela Zopiyatle, John Hanley, Cameron Myers, Fred Asuncion, Rod Maciel, Andy Yeung, Frank De Fanti, Phil Braverman, Danny Vo, Bruce Kelbert) put in a lot of work to get this ready for Fall. This group deserves our applause. 

You can view our inventory, request equipment, and get more information at http://sjsu.edu/equipmentcheckout. Because of the high demand for laptops, we’re asking folks to email classroom-support@sjsu.edu or call us at (408)-924-2888 to set up an appointment.

If you have any questions, feel free to reach out to me.

Regards,

Bob-

Critical Zoom Updates

Dear SJSU campus community,

As we move into summer and as we’ve mentioned in previous communications, SJSU IT is implementing improvements to Zoom. As usual, we hold off on any changes through finals to minimize any possible disruption for our faculty and students. Both of the items in this email will greatly enhance the security of Zoom for our university and both will impact how you use Zoom.

Authentication with SJSU

Your Zoom meetings have passwords by default, but anyone with the meeting link can still join your Zoom. That’s fine until your link gets shared with a malicious person outside your class or meeting. This is where authentication comes in, providing an additional layer of security on top of using meeting passwords.

Zoom meetings hosted by SJSU users can now require that all attendees be authenticated through SJSU’s single sign-on. Authenticated attendees are individuals who have signed in to Zoom and been verified as valid Zoom users. For SJSU authentication, this means they’ve logged in to Zoom using the SJSU single sign-on portal. SJSU authentication is a great security precaution when everyone in the meeting or class is an SJSU. We’re implementing this setting to enhance security at SJSU. Remember to double-check this setting whenever you schedule a meeting, as different Zoom clients have different default settings.

LEARN MORE

There are a number of cases where you may not need or want to use authentication and may consider changing this setting: classes with a visiting lecturer, meetings with off-campus vendors, or collaborative research discussions with other institutions, to name a few. To read about how to change this setting, please visit our Zoom Authentication website.

This change will go live Thursday, 5/28/2020. Take a moment before then to review our Zoom Authentication website so you’ll know the extra steps you may need to take before joining a class or meeting. It’s also a good idea to give yourself an extra couple minutes before meetings and classes once this change goes live, just in case.

Zoom 5.04

Beginning May 30, Zoom will require everyone to upgrade to the newer version of their client, Zoom 5.04. This new version has a handful of new features, but most importantly it uses a more secure encryption standard.

If you’re using a university machine, then the update will be automatically installed for you. If you’re currently working remotely on a home device, Zoom will notify you of the new version and help you download and install. You can update early by visiting Zoom’s Download Center and downloading and installing the latest Zoom Client for Meetings.

 

You’ll still be able to use Zoom without updating, but it will launch in the web interface. Zoom on the web is much less secure and has a very restricted feature set. That’s why SJSU IT is recommending that everyone update Zoom to this new version.
Student Conduct & Ethical Development
Lastly, I want to let you all know that we will be sending an email to students shortly informing them of our university processes around disciplinary action for Zoom Bombing. SJSU IT and the Office of Student Conduct and Ethical Development have been working closely on the issue of Zoom Bombing. Our university has only had a handful of cases, a testament to the integrity of our student population.
If you have any questions about the updating process or need help, please contact the SJSU IT Service Desk online or at 408-924-1530.
Thank you,
Bob Lim
VP of Information Technology and CIO

End of Spring 2020 Update

Dear colleagues,

As we close this historic semester at San José State University, I want to thank each and every one of you for coming together to support each other and our community. I know that for many of you, the online resources you’ve been relying on to work, teach, and research for the past two months were entirely new. We all face uncertainty as we look not just into summer, but into fall as well. That’s why I want to take a moment to share and provide clarity on the technology initiatives we have implemented and will be implementing in the next couple of months to support you as we prepare for the “New Normal,” whatever it may bring.

Accelerating & Extending Strategy

For the last three years, SJSU IT’s strategy has been to enhance the mobility and agility of our university, including enabling remote learning and remote working. To continue our strategy, we’re looking to accelerate many of the programs that were in the pipeline, providing even more support for the New Normal and, more importantly, creating a realized modern digital campus.

We’re moving projects up the priority list that will help maintain safe practices once a gradual return to campus is possible. We are working on developing a queue management system that will let people get in line virtually, ping them when it’s their turn at the window, and let them step back in line. We’re also looking into virtual event platforms for all the things Zoom and Hangouts Meet just can’t do — things like job fairs, onboarding, and commencement.

Another example of acceleration is how we’re ramping up our collaboration with other departments across campus. SJSU IT recently completed Phase I with University Personnel to digitize the process for managing and storing PAF. UP can now consolidate many existing documents into a single PAF document and enable review by chairs, admins, and individual faculty online. This will eliminate rows of documents in filing cabinets that would need to be hand-carried to reviewers across campus. Most importantly, the entire process can now be done anywhere, on or off campus.

In the past few years, SJSU IT has digitized over 65% of the university’s business processes online. Our goal is to be close to 100% within the next three years. If you have more ideas for digitization, please reach out to SJSU IT at it-solution-development-group@sjsu.edu.

Enhancing Security and Privacy

Security and privacy have always been a top priority. Maintaining our security and privacy standards while faculty, staff, and students are operating from locations across the country (and internationally), on home devices and home networks, presents new challenges.

We’ve opened up the option for SJSU students to opt into Multi-Factor Authentication (MFA) through Duo. Making Duo required for all SJSU faculty and staff immediately raised the security profile of our university and added convenience by extending password renewals from six months to two years. In January 2020, SJSU was the target of a concentrated phishing attack, with over 1,600 phishing emails detected. Because of Duo, there were no incidents on our campus. Our data also shows that 630 logins from this attack were denied access through Duo. We know that turning on Duo for students will have just as profound of an impact. We’re encouraging students to sign up by going to this page.

For the 600-plus folks using the VPN to connect to campus, we will be sending out another email soon detailing new measures to enhance VPN security even more.

Customer Service

The shelter-in-place order is changing so much about where, when, and how we work, learn, and research. Just because you aren’t on campus doesn’t mean we can’t be there to help. We’re building customer service models that will enable us to support your home devices and home networks. We also want to be available when you need us, so we’re exploring options beyond our normal support hours to provide 24/7 desktop and virtual classroom support.

Zoom Security

If you have any questions about Zoom security settings, you can always call the support desk for real-time help with Zoom. If you’re looking for some extra peace of mind, sign up for our new Personalized Zoom Security Check-up. Our SJSU IT service staff will work with you one-on-one remotely to ensure all your Zoom security settings are correctly set. Once you sign up, we’ll reach out to you to set up a specific time.

We’ve updated our SJSU Zoom Security Checklist website so you can quickly check your security settings. Here are just some of the key tips:

Scheduling Hosting
The Do’s

  • DO keep meeting passwords on.
  • DO use automatically-generated meeting IDs.
  • DO keep meeting links private if your meeting is private.
  • DO control who you distribute classroom meeting join links to.
  • DO verify your Google Calendar sharing settings.
  • DO set your meeting to mute new people on entry if you’re running a large class or meeting.
  • DO enable registration if you’re running a public meeting or event.
  • DO enable the waiting room if you’re running a public event or a large class.
The Do’s

  • DO use your waiting room to welcome attendees if you have enabled it.
  • DO disable annotation in your meeting.
  • DO consider locking your meeting or class after everyone has joined.
  • DO become familiar with the security options on the toolbar.
  • DO use the “On hold” and “Remove” features when necessary

The Don’ts

  • DON’T use your Zoom Personal Meeting ID (PMI)
  • DON’T host alone if you’re running a large meeting or class.
  • DON’T enable Screen Sharing unless necessary

I’m sure you’ve all seen some of the SJSU IT communications about Zoom from the past two months. Enabling remote modalities means making sure the tools and online resources you’re using are secure as well. You may have seen that Zoom has upgraded to 5.02 and included a slew of additional security features. SJSU IT will be requiring this latest version for all SJSU-connected devices to take advantage of Zoom’s newer security encryption. SJSU IT will also be expanding Zoom’s security even further. We’re going to be turning on the option for Zoom meetings to require SJSU authentication through single sign-on. This feature will be implemented after finals have been completed.

Thank You

Thank you all for your patience as the entire university tries to move forward in a way that provides some stability. We’ll be sure to keep you up to date on what’s happening over the summer. Lastly, I want to take a moment to thank all of my colleagues in SJSU IT, all the IT staff across campus, and the multiple SJSU IT consultation boards who have helped shepherd the transition to remote modalities.

I hope you all stay safe and stay healthy.

Best regards,

Bob Lim

Vice President of Information Technology and CIO

Alert: COVID-19 Phishing Scams on the Rise

Dear SJSU faculty and staff,

The COVID-19 pandemic has impacted almost everything about our lives, changing how we work and interact every day. It’s also created a rapidly-changing environment where hackers and scammers are trying to capitalize on our fears and anxieties. Attacks related to COVID-19 started circling as early as January and have only proliferated since.

COVID-19 Phishing
The most recent trend has been focused on the upcoming stimulus package, with emails featuring subject lines like “URGENT: COVID-19 stimulus check delivery blocked. Please accept delivery here to continue with shipment.” Other recent email attempts include:
  • Posing as the government and asking you for banking information before sending your stimulus money
  • Posing as aid organizations and accepting donations, but taking your money instead
  • Sending links to “information” about COVID-19 cures/vaccines that install malware when you open them

This type of attack, called “phishing,” is an attempt by criminals to gain access to your SJSU and personal accounts. As many of you are currently working and lecturing from home, it’s especially important to be vigilant. Home computing devices and home networks do not have the security defenses of our campus network and systems. Duo Two-Factor Authentication can effectively help protect your account from these kinds of attacks. Students, faculty, and staff can also download Sophos Anti-Virus for free on home computers.

Reputable Resources
  • The Federal Trade Commission is a reputable source of information on this topic and has multiple posts about how to identify and avoid COVID-19 scams.
  • Additionally, the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency and United Kingdom’s National Cyber Security Centre issued a joint activity alert titled, “COVID-19 Exploited by Malicious Cyber Actors.” The alert discusses the exploitation of virtual private networks, phishing emails and text messages about COVID-19, and websites deceptively advertised as COVID-19 sites.
  • For more approachable security awareness content, NINJIO is offering a series of 10 free videos about being data secure while working from home.

Phishing Awareness Program
You can also visit SJSU IT’s  How to Spot a Phishing Attempt page to read about our ongoing Phishing Awareness Program. As part of this program, you will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to give you a realistic experience without putting you or the university at risk for a security breach. If you fall for our fake messages, there’s no judgment. We’ll just send you tips and tricks to improve your phishing recognition skills. We have run this program many times over the last few years and the response has been great.

If you ever receive a request for your login information, you can always contact the SJSU IT Service Desk at (408) 924-1530. Visit our blog or website for more information on How to Spot a Phishing Attempt or sign up for our ongoing phishing education program. You can also visit Google’s site to see how reporting phishing emails in Gmail helps prevent future attempts. For tips on how to use Zoom securely, download our Zoom FAQ PDF.

Best regards,

Hien Huynh
Information Security Officer
Division of Information Technology

SJSU IT Update During Shelter-in-Place

Campus Colleagues,

I want to take this opportunity to provide you with a technology update.

Thank You
Before I begin, I want to thank you for your patience as we worked out the final details over the last couple of months.  We’ve been building our digital transformation Work Anywhere infrastructure and systems over the last three years and the last four weeks’ smooth operation has been a small silver lining for what we’ve all been going through.  Below are some questions we are receiving and I thought it would be good to share with all of you.  

Laptops and Accessories
The SJSU IT Equipment Loaning Program continues to support the needs of students, faculty, and staff.  We have loaned out over 120 laptops and other accessories over the last month.  If you or your student have an urgent need for a computer,  please contact us on this website.   

We are monitoring inventory and planning on keeping up with any new demand, but there is some risk for supply due to the high demand for PCs worldwide.  

Cybersecurity
We are also starting to see an uptake in cybersecurity-related events, which often happens during crisis events. In the next couple of weeks, we will be more intentional on relaunching our training offering on our cybersecurity program again. We wanted to wait until the campus was in a good place before proceeding.

Manage Your Voicemail
Checking and managing your campus voicemail from home is easy. We’ve posted the process to the Work Anywhere website as well.  Here’s how: 

  • Step 1: Dial the Main Number (408) 924-6800 (or 4-6800 from on-campus).
  • Step 2: When the greeting begins to play, press *.
  • Step 3: Enter your extension number, then press #.
  • Step 4: Enter your password, then press #.

Add Voicemail to Email Services
We can also help you set up email forwarding of your voicemails so you don’t have to dial in. Get an email transcript from the message left in your voicemail box.  Just submit a ticket in iSupport asking for the service to get started. 

Desktop-as-a-Service (DaaS)
If you need to use a virtual lab for instruction, you can access Virtual Desktop Infrastructure (VDI) at https://desktop.sjsu.edu using your SJSUOne ID and Password. After logging in, you’ll see the labs, desktops, and applications relevant to you. If it’s your first time using VDI, you’ll be asked to install the Citrix Receiver. Accept the default options and complete the installation. 

VDI allows students to access labs or software, anytime, anywhere, from any device. VDI is cheaper and faster to set up than a traditional computer lab and gives our students the flexibility to access lab-grade tools from off-campus. 

Currently, the College of Engineering, College of Social Science, and College of Business have deployed VDI to many of our on-campus computer labs as well as virtual labs for online classes. 

For more information, please read the instructions at How to connect to your SJSU virtual lab. If you have any questions, please contact Atul Pala.

Customer Service
It’s also more important than ever that SJSU IT delivers effective and efficient support. I am very pleased to say that despite the huge changes we have experienced since transitioning to online modality, our overall customer satisfaction remains very strong. For March, SJSU IT Support closed 2,369 tickets, with an average resolution time of less than 2 days and our average customer service rating improved to 4.7 out of 5 (compared to 4.53 over the last six months). I want to recognize all the student assistants, the staff, and the management team in the IT Division. Without their hard work and commitment to SJSU IT’s digital transformation initiatives, we would not be where we are today. 

Zoom FAQ
SJSU IT and eCampus have created an extensive Zoom FAQ, attached to this email, answering questions found on various websites and forums. Ongoing training for Zoom on security, privacy and Do’s and Don’t are available from eCampus.  We are also attaching a quick-reference Do’s and Don’ts sheet. While we use Zoom as part of our CSU-provided and vetted set of online tools, it is up to individual community members to decide if Zoom is the appropriate tool for their needs.

Personalized Zoom Security Check-up
If you’re feeling uncertain or would like to ensure that all of the Zoom security features are set correctly, we are offering a new service:  Personalized Zoom Security Checkups for all faculty and staff.  We will have one of our IT service staff work remotely with you to ensure all your Zoom security settings are correctly set.  

Quick Snapshot
I wanted to give you a quick snapshot of the SJSU IT current usage for some of our key systems. Also, I want to share with you some details about SJSU IT Support to give you a sense of the quality of work that is being done, despite the challenges.  

As you would expect, we are seeing big increases in our external tools and decreased usage of the internal network and systems. Below is a table that highlights some of the largest changes.  

A quick look at some of the statistical changes around COVID-19's shelter-in-place

As always, you can go to the Work Anywhere website to find information and resources to support working, learning and teaching from home. 

 

Thank you,
Bob Lim
Vice President of Information Technology
and Chief Information Officer