Premium Password Management for SJSU

Logo for LastPass

One of the driving goals of SJSU IT is to make San Jose State University the safest campus in the country. Our strategy for getting there is to make security easier. We use a layered approach to put extra barriers between attackers and your data. One of the simplest but most effective protections is good password management — having strong passwords unique to each site you use that you change regularly. But that can be a pain. With dozens or hundreds of accounts all over the web, it’s almost impossible for us to keep track of what passwords we’re using where and when we last changed them. A password manager simplifies that whole process for you, making everyday security easier.

I first let campus know about our plans to bring LastPass’ enterprise password management to everyone in our campus community at no cost back in October 2020. LastPass will suggest, store, and autofill extra-secure random combinations of numbers, letters, and symbols for all of your accounts. Because LastPass encrypts all of your passwords, it’s much more secure than keeping them on a notepad or Google Doc and more reliable than trying to remember everything. 

The SJSU IT Information Security Office will continue to keep you updated on when it’s ready for you.

I want to thank Ravi Pisupati, Michael Hastings, Nikhil Mistry, Tristan Orlino, Andy Trembley, Bruce Gardner, and Jason Ferguson for working on bringing LastPass to our community.

Best regards,
Bob Lim

Summer 2020 and the SJSU IT Recovery Plan

SJSU IT Colleagues,

I know It’s been a challenging two-and-a-half months for all of us, but you’ve managed to do some incredible work while telecommuting. Your flexibility, dedication, and positive spirit to SJSU have not gone unrecognized. I appreciate everything you’ve done and I know that all these changes to remote work will help protect you, your families, and the campus community. Thanks to your hard work, our students were able to connect with faculty and complete the Spring semester.

I also want to recognize the anxiety many of us are feeling. The state of California has reported a $54 billion shortfall, which will have consequences that impact all of us. I can’t speak to what that fallout will look like for our division or our campus, but I can tell you that SJSU’s leadership understands the important role technology plays for our campus and will play moving forward.

Now I want to share what’s coming next. There’s a lot of uncertainty about the “New Normal,” Fall 2020, and beyond. One of the biggest questions was answered when Chancellor White announced that all 23 CSU campuses will be a hybrid model and mostly online through Fall 2020. The Chancellor’s announcement is in line with the current digital transformation we’ve been engaging in for the last 3 years to allow our students, faculty, and staff to teach, learn, and work anywhere. This plan builds upon our 3-year journey of transformation by focusing on six key areas critical to SJSU’s ongoing success. The goal is to give us a roadmap for continuing to support the university throughout this crisis and beyond.

1. Online Transition and Process Improvements
First off, we’ll continue to provide the best solutions for students and faculty for online learning, for employees working remotely, or for those that come to campus. We’ve been successfully digitizing processes across departments, thanks to Ryan Campbell, Jocelyn Tom, and Leon Nguyen. The OnBase and DocuSign team has been doing great work in this area (they won the Team Sparta Award). We need to ramp up that collaborative spirit to help other departments operate remotely more efficiently.

2. Teaching and Learning
We are evaluating key technology solutions that enable a flexible approach, given our hybrid model. Faculty have done an admirable job with the sudden switch to online, including their ability to move the classroom experience online with virtual labs, thanks to the work done by Tristan Orlino. We’ll be looking into a number of tools to further enable that online teaching experience, including enhancing virtual labs. We’ll also be working very closely with Academic Affairs to expand PeopleSoft integration so our university can offer more online degree programs.

3. Customer Service
We’re enhancing our customer service model to improve hybrid teaching and telecommuting experiences. Thanks to the entire customer service team, including Jason Ferguson, Sharon Watkins, Mario Rivas, Alfred Eclipse, Bruce Gardner, Kirk Nguyen, Lor Vang, and Patrick Ho, who have already built some of this structure. Enhancing this area means expanding coverage hours with instant virtual communications and developing basic remote support for home networks and home devices. We’re also building on the success of our Personalized Zoom Security Checkup by expanding it beyond Zoom and opening it up to both students and faculty.

4. Engagement
The goal for engagement is to create and expand a digital communications platform that supports both on-campus and remote engagement. Thanks to Andy Trembley’s work as our Google and Zoom admin, we’ve been able to finish the semester with Zoom and Hangouts Meet. As we look forward, we need to provide even better tools to replace at least part of the campus experience. That means looking into virtual event management platforms for things like job fairs, onboarding, commencement, and more. Joel Johnson and his team are looking into queue management systems to let people get in line virtually, ping them when it’s their turn at the window, and let them step back in line. This has obvious uses in light of COVID-19, but would be a useful tool when we’re back on campus well.

5. Information Security
We’ll also be continuing to increase layering beyond our campus walls to enhance the information security program for remote learning and remote working. Cybersecurity is going to be a very large part of our behind-the-scenes work, and we’ve already made lots of progress thanks to Michael Hastings and Janice Lew. We need to extend our strategy to be even more comprehensive and think about how we can help protect our students, faculty, staff, and researchers beyond the workspace and into their homes. For summer, we’ll be looking to use Okta single sign-on in more places and start rolling out Duo for students, a project being coordinated by Maggie Panahi.

6. Hardware, Software, and Infrastructure
We’ve made great strides in this area thanks to Cuong Doan, An Nguyen, Sean Davis, Steve Chang, Tam Vu and the entire infrastructure service team. But obviously, we never expected our new infrastructure to be utilized so heavily and so quickly. Like in every other area, COVID-19 has changed everything in this area. We are accelerating our existing technology and infrastructure strategy through innovative, cutting-edge solutions. We’re expanding our virtual storage environment, our licenses, and our Desktop-as-a-Service capabilities.

As you may have noticed, a lot of these projects are just building on what we’ve already been doing. Our strategy has always been to increase the agility and mobility of our university. Now we need to amplify and accelerate that strategy to support SJSU moving forward. Folks across the university will be looking to SJSU IT to provide innovative solutions that enable their success. Let’s show them how we’re building on the success we’ve already achieved.

I hope you all continue to stay safe. Please reach out to me or to your manager if you need anything.

Thank you.

Best regards,
Bob Lim

End of Spring 2020 Update

Dear colleagues,

As we close this historic semester at San José State University, I want to thank each and every one of you for coming together to support each other and our community. I know that for many of you, the online resources you’ve been relying on to work, teach, and research for the past two months were entirely new. We all face uncertainty as we look not just into summer, but into fall as well. That’s why I want to take a moment to share and provide clarity on the technology initiatives we have implemented and will be implementing in the next couple of months to support you as we prepare for the “New Normal,” whatever it may bring.

Accelerating & Extending Strategy

For the last three years, SJSU IT’s strategy has been to enhance the mobility and agility of our university, including enabling remote learning and remote working. To continue our strategy, we’re looking to accelerate many of the programs that were in the pipeline, providing even more support for the New Normal and, more importantly, creating a realized modern digital campus.

We’re moving projects up the priority list that will help maintain safe practices once a gradual return to campus is possible. We are working on developing a queue management system that will let people get in line virtually, ping them when it’s their turn at the window, and let them step back in line. We’re also looking into virtual event platforms for all the things Zoom and Hangouts Meet just can’t do — things like job fairs, onboarding, and commencement.

Another example of acceleration is how we’re ramping up our collaboration with other departments across campus. SJSU IT recently completed Phase I with University Personnel to digitize the process for managing and storing PAF. UP can now consolidate many existing documents into a single PAF document and enable review by chairs, admins, and individual faculty online. This will eliminate rows of documents in filing cabinets that would need to be hand-carried to reviewers across campus. Most importantly, the entire process can now be done anywhere, on or off campus.

In the past few years, SJSU IT has digitized over 65% of the university’s business processes online. Our goal is to be close to 100% within the next three years. If you have more ideas for digitization, please reach out to SJSU IT at it-solution-development-group@sjsu.edu.

Enhancing Security and Privacy

Security and privacy have always been a top priority. Maintaining our security and privacy standards while faculty, staff, and students are operating from locations across the country (and internationally), on home devices and home networks, presents new challenges.

We’ve opened up the option for SJSU students to opt into Multi-Factor Authentication (MFA) through Duo. Making Duo required for all SJSU faculty and staff immediately raised the security profile of our university and added convenience by extending password renewals from six months to two years. In January 2020, SJSU was the target of a concentrated phishing attack, with over 1,600 phishing emails detected. Because of Duo, there were no incidents on our campus. Our data also shows that 630 logins from this attack were denied access through Duo. We know that turning on Duo for students will have just as profound of an impact. We’re encouraging students to sign up by going to this page.

For the 600-plus folks using the VPN to connect to campus, we will be sending out another email soon detailing new measures to enhance VPN security even more.

Customer Service

The shelter-in-place order is changing so much about where, when, and how we work, learn, and research. Just because you aren’t on campus doesn’t mean we can’t be there to help. We’re building customer service models that will enable us to support your home devices and home networks. We also want to be available when you need us, so we’re exploring options beyond our normal support hours to provide 24/7 desktop and virtual classroom support.

Zoom Security

If you have any questions about Zoom security settings, you can always call the support desk for real-time help with Zoom. If you’re looking for some extra peace of mind, sign up for our new Personalized Zoom Security Check-up. Our SJSU IT service staff will work with you one-on-one remotely to ensure all your Zoom security settings are correctly set. Once you sign up, we’ll reach out to you to set up a specific time.

We’ve updated our SJSU Zoom Security Checklist website so you can quickly check your security settings. Here are just some of the key tips:

Scheduling Hosting
The Do’s

  • DO keep meeting passwords on.
  • DO use automatically-generated meeting IDs.
  • DO keep meeting links private if your meeting is private.
  • DO control who you distribute classroom meeting join links to.
  • DO verify your Google Calendar sharing settings.
  • DO set your meeting to mute new people on entry if you’re running a large class or meeting.
  • DO enable registration if you’re running a public meeting or event.
  • DO enable the waiting room if you’re running a public event or a large class.
The Do’s

  • DO use your waiting room to welcome attendees if you have enabled it.
  • DO disable annotation in your meeting.
  • DO consider locking your meeting or class after everyone has joined.
  • DO become familiar with the security options on the toolbar.
  • DO use the “On hold” and “Remove” features when necessary

The Don’ts

  • DON’T use your Zoom Personal Meeting ID (PMI)
  • DON’T host alone if you’re running a large meeting or class.
  • DON’T enable Screen Sharing unless necessary

I’m sure you’ve all seen some of the SJSU IT communications about Zoom from the past two months. Enabling remote modalities means making sure the tools and online resources you’re using are secure as well. You may have seen that Zoom has upgraded to 5.02 and included a slew of additional security features. SJSU IT will be requiring this latest version for all SJSU-connected devices to take advantage of Zoom’s newer security encryption. SJSU IT will also be expanding Zoom’s security even further. We’re going to be turning on the option for Zoom meetings to require SJSU authentication through single sign-on. This feature will be implemented after finals have been completed.

Thank You

Thank you all for your patience as the entire university tries to move forward in a way that provides some stability. We’ll be sure to keep you up to date on what’s happening over the summer. Lastly, I want to take a moment to thank all of my colleagues in SJSU IT, all the IT staff across campus, and the multiple SJSU IT consultation boards who have helped shepherd the transition to remote modalities.

I hope you all stay safe and stay healthy.

Best Regards,
Bob Lim

Phishing

We would like to remind you of a security threat that is never far away: Phishing. During a phishing attack, a scammer disguises their email to look like a legitimate message from a colleague or company in an attempt to trick you. The goal of the phishing email is to have you click on a link or open an attachment that will ask you for sensitive or confidential information. Find information on how to spot phishing emails on our safe computing pages.

Signing up to use two-factor authentication with Duo helps keep your account safe. With Duo, you’ll be protected when somebody attempts to use your account through Okta single sign-on or other Duo-integrated apps (such as a VPN client). You can learn more about Duo and sign up for it early here.

Impersonation alerts are another useful feature, available on the Gmail website and in the Gmail apps for iOS and Android. These alerts will help remind you to be vigilant about suspicious emails, but they work best when you’re using your SJSU email account for university-related communication. If you see this alert, take a moment to review the details of the message, referencing our safe computing tips.

The single best way to protect yourself is to stay vigilant and use common sense. Oftentimes, phishers will impersonate figures of higher authority. But if you ask yourself, “When’s the last time the President emailed me directly?” and the answer is “Never,” that should raise a red flag. If you ask yourself, “I thought the President had better grammar/punctuation/spelling?,” that should raise a red flag. If you see these kinds of suspicious emails, use the Report Phishing feature in Gmail.