A Sound Investment

Some of you may have noticed some inclement weather in the North East of Scotland these past few weeks leading to flooding, blocked roads and power cuts. A lot of this peaked on December 30th in the Garthdee area of Aberdeen, where the RGU Campus is. We didn’t get flooded, but there was quite a big power cut across the Campus.

Over the past few years we have moved all our core IT infrastructure into two new datacentres – sharing with the University of Aberdeen and North East Scotland College. One of them is on the RGU Campus so this power cut was a good test. Both datacentres are well equipped with battery backup, plus generator backup – but of course as much as you can test these components in controlled circumstances, there is nothing like the real thing.

In the event, when it became clear that there had been a power cut, I received an anxious phone call from the duty manager asking me if the data centre and our IT systems would be OK? By the time I received the call, the automatic alerts had already notified technical staff in IT Services and the Head of IT Operations and Support, Richard Lynch, was on his way to the Garthdee Campus. There he found that both the battery backup and generator had kicked in automatically as they are designed to when the power was cut. All our IT services continued without interruption and when power was restored the generator powered itself down again and everything settled back to normal.

Many if not most of the major incidents I have encountered in IT have been down to a loss of cooling and/or power in the datacentre. Incidents such as these demonstrate the value of investing properly in datacentre resilience. What ended up being a non-event could otherwise have been a a much more protracted IT recovery operation.

Web and Social Media

What do you think of the RGU Web Site? Do you use RGU’s presence on Facebook? Or LinkedIn? Do you follow any of RGU’s Twitter accounts, or bloggers {ha! If you are reading this then that question is answered}? What should the modern organisation project to the external world in terms of its digital presence and how should our key stakeholders be able to interact with us digitally?

These are questions we have been asking quite intensely over the past 6 months. Like many Universities, we have a web site (actually, quite a few web sites – that’s an issue) which had its last major development around 5/6 years ago, has had its content and some aspects of its look and feel spruced up incrementally since then, and was recently reworked to offer a “responsive design. We’ve also produced a set of guidelines to assist staff in the most appropriate ways to use the various social media channels.

In the intervening years there have been massive changes in the use of mobile technology in particular, and the way in which stakeholders now expect to be able to engage with organisations. It’s a while since we really took a long hard look at our external “digital presence” holistically, so we’ve asked We are AD – a digital agency – to work with us and look at our overall external presence as it is today, against best practice and our own strategic objectives as an organisation. We want to refresh our external presence to reflect today’s expectations from our stakeholders, and just as importantly set up our internal organisation so that we can keep our digital presence current in what we expect to be a continually changing technology environment.

They’ve been working with us since October, and have met with a cross section of stakeholders as well as doing an in-depth analysis of traffic to our web site and main social media sites. We expect to see their findings before Christmas, and in the early part of 2016 we’ll be preparing our plans to respond to these – will keep you posted!

Welcome Back!

Oops – seems like I have neglected the blog over the summer, so time to get it started again regularly with the new academic year under way. First of all a very warm welcome to all new students, and to those returning for another year of study – it’s great to see you all here and that includes those of you who are studying online. All the IT resources mentioned below are for you too.

Also a warm welcome to any members of staff who have started recently.

First things first – if you need any help with anything to do with IT, please do use the IT Help Desk resources, or contact them directly if you need further help. IT Services have updated a lot of the information available online, so even if you are a returning student it’s worth checking these links (if you need to sign in just use your normal username and password):

On Moodle, the IT Help Desk has a new page, with a number of short videos to show you the key IT Resources available to you and how to access them. They also show you how to connect these to your own devices.

On the Student Portal you’ll find additional information and more detailed documents if you want to refer to them:
Follow the Help Desk on Twitter – they use it regularly to give you updates on any changes to our systems, news, and links to helpful information.

Follow this blog – we use it to keep you up to date in a bit more detail on what’s happening, what’s planned, and items of interest.

And of course, if you need to contact the help desk directly you can do that too:

Email: ITHelpdesk@rgu.ac.uk

Telephone: +44 1224 262777
In Person at the Learning Centre located in the Aberdeen Business School building

Opening Times are:

MON to THU – 8am to 8pm
FRI – 8am to 5pm
SAT – 10am to 2pm
SUN – 12noon to 4pm

I’ve called my dog @ff43z*;

If you search on the internet “someone figured out my password”, and look for “images” – you should see a few examples of a poster with a picture of a forlorn looking dog and the caption “Someone figured out my password, now I have to rename my dog!”. Cats don’t find this funny either.

Trying to get people to take IT Security seriously is like pushing water uphill sometimes. . . until something happens. I stopped by the reception desk in one of our buildings this week and whilst I was there, somebody came along and handed over an iPhone that had been left on a chair. The receptionist said that this was a regular occurrence – I hope at least it had a pin number on it. Then, she produced a biscuit tin full of USB sticks that have been found lying about. How many of these contain the only copy in the world of somebody’s dissertation, or worse some confidential information?

USB sticks in a biscuit tin - is yours there?
USB sticks in a biscuit tin – is yours there?

Recently, the worst passwords of 2014 have been announced. The good news is that the word “password” has at last been knocked off its perch as the most common password. The bad news is that it has been replaced by “123456”.

Poor password control puts University systems at risk. Consider this – you have some kind of personal online account with a username and a poor password. You’re human, and remembering all these passwords is such a hassle – so you just use the same one at work – for your e-mail, the University finance system, whatever. Your personal account gets hacked and somebody knows your password. {Easily done – you may received one of these urgent emails which look as if they come from the IT Help Desk and ask you to “click here” to confirm your account or something like that. You’ll be amazed at how many people click the link, but not you of course.}

They make a guess that you might, just might, use the same password at work – bingo, they’re into the University finance system. Far fetched? Well, something very similar to that scenario happened in one organisation that lost a 6 figure sum of money as a result.

Now that I’ve kept your interest to this point, I’ve just revised the University’s policy on use of IT Facilities. Please read it – it’s there to help everyone use our facilities safely and fairly, there’s a very short introduction to the key points, it’s not rocket science and it won’t take you more than a few minutes.

Student Facing Review

Wow, where does the time go? I’ve been quiet on the Blog since start of January, so am picking things up again.

I thought I would share a bit about our student facing review of IT Resources, but first an update on WiFi. In any case, WiFi came up regularly as a topic when we met with student reps. IT Services, along with the manufacturer, have completed a substantial programme of work in January and February to look at the WiFi system and reconfigure it to resolve the key problems people have been experiencing with connections. I’m pleased to say that most if not all of the feedback now is that this has brought a substantial improvement to both staff and students. The IT Help Desk are now getting hardly any calls, and we can see a steady high load of successful connections to WiFi across the Campus. As ever in these situations, there can still be a small “tail” of people who might have unusual problems, or something specific to their IT Account – if you are still experiencing any difficulty with WiFi access please do contact the Help Desk. Don’t be stuck – they are there to help you!

Back to the Student Facing Review. As part of our ongoing programme of quality enhancement, the University engages with students to take their input to help us improve non-academic support services in the University. This year, we decided to involve students in looking at IT resources across the University and we have also involved SPARQS (Student Participation in Quality Scotland) who are helping us in our approach and also keen to see how we get on.

We kicked the process off with a series of focus groups in December involving student representatives, and we also attended a meeting of the “Big Student Forum.” It’s been great meeting up with them – we have very committed and involved student representatives, and the feedback from each of the focus groups has been consistent which has helped us to draw up some priorities.

We also held a couple of further focus groups in February to involve the student reps in designing possible solutions to some of the suggestions they had made. Next step is to bring all of this together into our forward planning to create an action plan.

The key topics that have emerged in our discussions so far have been:

1) WiFi – and hopefully we have made good progress in addressing that now.
2) Printing support. Students like our print solution, but are looking for more rapid support, information and help when there are problems with the printers.
3) Access to Computing Facilities. Across the Campus there are open access facilities, and also IT labs which are partially timetabled and available outwith that. Students want better information on which IT spaces are free and when.
4) Information and Communication. Some students were unaware of valuable IT facilities available to them, and overall induction and communication emerged as a key theme which probably applies beyond IT.
5) Storage for student files, and how best to access such storage on Campus and off Campus.
6) Access to help and support. Students give great feedback on Help Desk support but they find it restrictive having it physically in one place on Campus (other than peak times when we do “popup” help desks). We’ve discussed a number of possible options to create more flexible access to support.

There’s lots more I could say on each of these topics even at this stage, but we’ll take some time to shape them up in more detail and then share progress on the blog.

Moving On, travelling light . . . ?

Well, today is the last day that IT Services will be in St Andrew Street. Tomorrow, we move down to the main Garthdee Campus of the Robert Gordon University. The last 12 months have been an exceptionally busy time for us as we have been fitting out new buildings and helping to move many other Departments in the University. Not to mention two datacentre moves into the bargain! And then of course, we have all the work to reconfigure the University’s voice and data network so that we can “unplug” the St Andrew Street Building.

I’ll be downsizing too – I think my new office is quite a bit smaller than my existing one. That said, it was interesting going through my filing cabinets, desk and cupboards. With very little hesitation I emptied more than 50% of the contents into two confidential waste bags for secure disposal. The rest I fitted into two cardboard boxes (for files) and two blue boxes (books, photos, memorabilia and some IT stuff). Clearly over the last decade there’s been a huge shift away from paper to electronic and you see that manifesting itself when you have so little physical belongings to move. When I get down to Garthdee at least one of the boxes is earmarked for further pruning, and hopefully shredding!

office

Next blog post will be from Garthdee, meantime I’m off to a cake cutting ceremony!

cake

Start of Semester

First of all, a big welcome from IT Services to all new students who have joined the University this year and welcome back to all students who are returning after their break over the summer. For the IT people, this has been overall the busiest summer we can ever remember, with all the preparation to install the network infrastructure for the opening of Riverside East, refurbishment of the Aberdeen Business School, and rolling out as part of that new Windows 7 desktops, a new printing solution, new audio visual facilities, a new WiFi system and moving one of our datacentres. I’ve written in more detail about these in various other posts over the summer and you can look over them for a bit more background.

We’ve done our best to test all of these over the summer, but it’s not until the start of semester when students return that everything really gets put to the test, and there have been a few teething problems this year. WiFi I know has been difficult in some parts of the Campus. In Riverside East, we put a new WiFi system in, based on “Eduroam.” This is working very well and the great thing is that once you have set it up on your tablet or smartphone, it connects automatically so you don’t have to keep on entering your username and password. The old Wifi system is still around in the rest of the Garthdee Campus and we had originally planned to rollout Eduroam to the rest of the Campus over the next few months. However, we’ve experienced a number of problems with the old WiFi system. We have a temporary solution in place which will keep the old system available, but we are now going to speed up the rollout of Eduroam to the rest of the Campus. This will consist of two phases:

First of all, we will replace all the existing WiFi access points on the old system with new Eduroam ones. That will be fairly quick and we hope can be done in the next 2-3 weeks. However, these access points do not currently cover the whole campus – they mainly cover the more heavily used public areas and teaching spaces. So the next phase will be to add additional access points to bring WiFi to as many as possible of the areas not covered by the current system. This will take a bit longer, as it takes some time to plan the optimum location of new access points.

We’ve had good feedback about the new Windows 7 desktops and those of you who were here last year should see a noticeable improvement. Some people have reported that some of the new desktops “freeze” from time to time for a few seconds, – IT Services are aware of that and are working on a solution along with our supplier.

The new printers are working well and successfully processing thousands of print jobs every day. As it’s a new system, we’ve had a number of calls to the Help Desk for people asking for help and advice, and a small number of specific issues, but hopefully that will settle down now as everyone adapts to the new system.

Talking of the Help Desk – the start of Semester is always a really busy time for the IT Help Desk. There’s normally a steady stream of people who have forgotten their passwords (not you though?) and this year there have been many additional calls from people asking how to use some of the new facilities such as printing and Eduroam WiFi. The graph below shows you clearly how the number of calls to the Help Desk have spiked just over the last 2-3 weeks, so I hope you understand it will take a little bit longer for non-urgent calls to be answered at the moment. Remember that you can find information on how to solve the most common queries on the IT Help Desk pages on RGyoU so please look there first:

You can also find information on the IT Services pages on the main University web site.

20131013-231008.jpg

OOPS! – Working from Home

There is a cracking article in a recent edition of “The Economist”, which is available online and in which Yahoo’s new Chief Executive, Marissa Mayer, appears to be driving Yahoo employees to come in to the office unless they have a very good reason to work from home. The memo from the Human Resources Manager is addressed to “Yahoos”. If you are cringing already, read the article!

This is contrary to the direction that most enlightened organisations are travelling in – the ability to work from home or anywhere else off Campus for that matter is increasingly one aspect of a more flexible approach to working life. Of course, there are occasions where face to face contact and participation cannot be easily replaced, but equally there are many activities which can be easily carried out anywhere.  An important aspect of our IT Strategy is to ensure that access to our core IT services can be provided easily to any location, on any device, whilst maintaining security of information and access. A key part of that is the MyApps service, which I have mentioned before and which gives  you access to your University IT resources from anywhere – at work, at home, on the move, on a Pc, on an iPad – even on your phone if you can cope with the small screen size.

The great thing about MyApps is that information and data never leaves the University servers. This is important if you are working from home and relieves you of many responsibilities. Did you know that if you use your personal e-mail account for work then these e-mails are covered by the Freedom of Information Act? Likewise, if you store University documents on your home computer, or take paper documents home, you could be personally liable for any breaches under the data protection act? There are a few things to think about if you are working from home – have a look at the page on the Staff Portal if you want a very comprehensive guide:

We’ve also published an interactive guide to data security for mobile devices under the banner of “OOPS” – “Out Of Protected Spaces” and if you are a member of staff you will already have received that guide in hard copy as well as interactively. We’ve had really good feedback from that – with many people making positive suggestions and asking very relevant questions about particular situations and also requests for additional copies. We did have one person who returned the printed cards with an anonymous note saying “waste of money”. That’s a real disappointment and completely out of step with all the other feedback we have received. Given the amount of press coverage of authorities being fined 6 figure sums of money for data protection breaches, and given the fact that this whole issue is important enough to grab the attention of the University’s Audit Committee, I hope that person has a change of heart on further reflection.

Here is the “OOPS” guide:

OOPS

What kind of paper should we use in our printers?

Last summer, I wrote a post about our planned print strategy. This is now well underway – most staff areas now have multifunction devices (i.e. MFD’s, i.e. combined photocopiers/printers/scanners) which are networked and which they can now access using the “PrintAtRGU” print queue. Students at the moment use a separate fleet of printers, but largely the same system. Over the summer the University will move to a single fleet of printers for both staff and students – anyone will be able to print to any printer anywhere on the campus. We are just now at the point of looking at how this print fleet will be supported across the organisation.

One issue that has come up is our choice of paper. Throughout 2012 and into 2013 the Waste Management Group has worked with Departments to trial the use of 100% recycled paper.  As well as being 100% recycled, the paper is not bleached, nor does it contain optical brightening. This means that its natural colour is off-white (similar to paperback books) which makes a visual statement that the University is making a commitment to the environment.

This paper is being promoted throughout the public sector for its environmental credentials and other users include the NHS and some Scottish Government departments. Feedback during the trial was both positive and negative but in overall terms concluded that the grade of paper trialled was suitable for internal use but might not be suitable for official documents, some external correspondence, or colour prints where high quality colour definition is important. Documents printed on this paper are reported to be easier to read for those with, for example, Dyslexia.

Some of the feedback also raised interesting questions. One person observed that “Tipp-ex” correcting fluid showed up starkly on the off white paper. Others found that when photocopying the paper, because it is off-white the photocopier tries to copy the darker background copy of the paper as well as the text – using more toner. I have no idea why we are still using “Tipp-ex” or photocopying documents that can more easily be reprinted from the electronic original (or better, not printed at all!) but that’s for another day.

This recycled paper is already widely used across the University and as we are now moving to one shared printer fleet across all staff and students, it will be important to minimise the different types of paper in use across the organisation. At present, some staff areas use the recycled paper but student printers still use regular white paper. It will be confusing in future if staff or students have to think which printer or printer tray to use in order to get which type of paper. There will always be a need to keep stocks of regular white and headed paper, but it will be less confusing if other than that the paper choice can be standardised as much as possible across the University. That discussion is about to start and any comments or suggestions would be very welcome!

 

 

No Phishing!

Security is always an issue with IT – ever more so these days with the explosion of connectivity, mobile devices and so on. Organisations often test their IT security by arranging with a specialist company to carry out an external “penetration test”. Effectively, that’s asking a friend to see if they can get past the organisation’s security controls by exploiting any weaknesses. If they can, then they let the organisation know and it can then plug the weaknesses.

In the past, these specialist companies have focussed on the technological defences. Increasingly, however, they are looking at the softer weak points – i.e. people. One company I spoke with carries out tests on datacentre security – they might be asked to see if they can gain physical access to an organisation’s datacentre. For obvious reasons I won’t tell you how they might try to do this, but it’s designed to test how good the access and security protocols in practice. On one occasion they did indeed manage to get into the datacentre – except it was the wrong one!

The other growing area is what they call a “social engineering” penetration test. To put it unkindly, this is to test how gullible the employees in an organisation are. You have probably all at some point seen an e-mail in your inbox offering you the chance to inherit somebody’s fortune if you can only help by supplying your bank account details. Or an e-mail from your bank telling you that there is a problem with your account and asking you to give them your password or PIN number so that they can check.

These e-mails are getting more and more sophisticated, and they steal branding and corporate images to make them look completely genuine at first glance. I have seen e-mails claiming to be from the RGU IT Help desk asking users to hand over their password so that their account can be reactivated, and these e-mails can look very convincing. Sometimes they ask for information, and sometimes they just try to coax you to click on a link for further information. That link, of course, will install some nasty software on your computer and from then on they can do anything – maybe steal confidential information (including any passwords you type in) or hijack your computer to get it to send out thousands of other e-mails to other people.

Have a look at the Wikipedia entry for more background.

I learned of one organisation recently where somebody thought one of these e-mails were genuine, clicked on the link, and before long their organisation had suffered a major security breach. These e-mails are therefore a real threat to security in any organisation, and not just a minor nuisance.

So remember:
– No legitimate organisation (internal or external) will EVER ask you to e-mail to them any confidential information, whether that’s a password, PIN number, date of birth or whatever.
– If you receive an e-mail that you were not expecting, and if it has a link to another web site, don’t click. Be very careful of unusual e-mails from people you know – especially if it’s little more than a link to some web site and a subject line saying “check this out”. It probably means their e-mail has been hacked and is being used to send out SPAM.

So, what’s a “social engineering” penetration test? That’s when we agree with an external company that they can send into the organisation lots of “phishing” style e-mails and then see how many people get tricked into responding. That’s not to catch people out, but to help educate and test the level of awareness across the organisation. I might just look at that . . .