Security and authentication updates

When we posted our last security-related article in October of 2019, many of us had never used Zoom, rarely logged into a VPN, and hadn’t given much thought to how to host an online-only class or event. Of course, much has changed since then, forcing us to adapt very quickly to our new virtual settings.

Now that we’ve settled into our “new normal”, it’s important that we’re not only making use of the tools available to us, but using best practices as well. This post will outline some timely security practices, as well as highlight some new web features that have been put in place to make your work processes more streamlined and secure.

Zoom meetings and virtual office hours

Zoombombing

One website feature many departments are making use of is our faculty and staff listing template in Cascade. The template allows you to publicly share information on faculty and staff members, such as a photograph, contact information, and office hours. In light of our current situation, nearly all faculty office hours are being hosted virtually, through systems like Zoom.

Although it may seem convenient and helpful, please do not share office hours or other Zoom links publicly on the Millersville website. Posting this information provides opportunists with an easy way to create disruptive meeting intrusions known as Zoombombing. Oftentimes this means inserting obscene material into the meeting with the goal of disturbing or shutting down the Zoom. You can learn more about Zoom best practices on our University wiki.

Collecting form data

example of a web formWeb forms are a handy way to collect information from both internal and external audiences. In our current virtual environment, more web forms are being created than ever. When using forms to collect data, please keep the following in mind:

Use Millersville-approved form-creation tools

Use of un-approved form tools such as Google Forms can leave data stranded, or even worse, publicly exposed. This can result in a lack of trust, legal consequences, and security issues. Approved tools available are:

  • Microsoft Forms: For forms meant for internal audiences, Microsoft Forms is likely your best bet. With this application, forms can be password protected, allowing access only to those with a Millersville account. This prevents spam, guarantees authenticity of form data, and auto-fills fields like name and email to make things easier for the end-user.
  • MachForm: Forms that need to be publicly available can make use of MachForm to create easy-to-use web forms that can be embedded on the Millersville website. MachForms must be created by IT or Marketing, which is easily done by submitting a Help Desk ticket or a Marketing service request.
  • Qualtrics: Surveys and polling forms are best served by making use of Qualtrics. Qualtrics was specifically designed for handling this type of data and presenting it an easy-to-understand manner. You can get started with Qualtrics by contacting the Institutional Research department.

Don’t collect more than what’s needed

Filling out web forms can be tedious. Users are more likely to abandon long forms. Additionally, sensitive user data (such as ID numbers) should only be collected when absolutely necessary.

Only keep data as long as necessary

Legal regulations such as the GDPR state that form data should not be stored for a longer period than what is necessary for the purpose the form was created. Removing old forms and form data minimizes security risks associated with data-pirating.

Authentication updates

Millersville login screenAs part of our continued efforts to improve the usability of Millersville’s many applications and systems, we’ve made some upgrades to our login screens. This change brings with it many welcome improvements, including added security, a new look and feel, and more seamless integration with other applications used at Millersville. A single login will now give you access to Cascade, D2L, Wiki, and Zoom, with many others to come!

If you have questions regarding the new login screen or web-security best practices, please contact the Help Desk.

The content of this blog entry was accurate at the time of publication. You can find the most current information about security, authentication, and other Cascade-related topics in our Cascade wiki documentation.


Virtual training sessions

Although we are not currently offering in-person training sessions, remote training is available upon request. Please submit a Help Desk ticket to arrange a time for your training.

Comments are closed.