Category Archives: Uncategorized

Ransomware – One Year Later

It was one year ago today that we experienced the ransomware event that challenged all of us and changed the way we think about technology.

As I look back at this event and the corporate response, I feel a combination of pride and thankfulness for the way everyone pitched in to get us past the initial attack: the support and kindness offered to the OIT team members while they dealt with this difficult situation, everyone’s willingness to figure things out on the fly until systems were restored. Without your help and support, getting things back to normal would have been more difficult, maybe even impossible.

The reality is that an event like this never completely leaves us and could happen again. The folks in the black hats never stop trying and due to the complexity of technology in the 21st century, there are more ways than ever to attack.

What has changed? Today, we have better software on our computer to detect and remediate the malware designed to steal or destroy our institutional information. We hired a security specialist to spend more time watching for and dealing with these attacks. We’re using encryption on more devices to protect the information stored on them in case of an attack. And, we are putting more time and effort into educating everyone on the possibilities of another attack and how prevent it.

Even with all these changes in place, our best hope for keeping the bad guys out is you. You do this every day by being vigilant against all forms of attack. You do this when you “Don’t Click” an attachment or link in an email you were not expecting. For all of this I say, “Thank you.”

I want to offer a special thanks to the people in OIT who work hard every day so that systems run, email messages (the right ones) are sent and received, checks are cut, POs generated, networks network, and computers, those infernal machines that they are, connect to give us the ability to create and share. I specifically want to thank the OIT team for getting us back to our new normal. It was a Herculean task and I am thankful for what they accomplished.

Now, we look forward. We look to newer, better, faster things than we have had in the past: better classrooms, better applications, better security, better experiences. We ask for your help in this next phase of our technology journey. It will not be easy and we will hit a few bumps in the road. With your help, we can get there.

Microsoft 365 Office Suite Available for Free Download

Current students of Sul Ross State University have access to the Office Suite, Word, Excel, Powerpoint, and other applications through a download link in Microsoft 365 ( Only current student, those that are actively attending classes (does not include those auditing a class), are licensed for the download.

Under the agreement between Sul Ross and Microsoft, you are allowed to download and install any of the Microsoft Office applications on as many as five devices, including desktops, laptops, tablets and smart phones.

Here are some resources to assist you in the download and installation processes.

Follow the link below (requires login) for a video to that shows how to download and install the applications you need.

Additional information from Microsoft is linked below:

To download and install on PC or Mac

To download and install on a mobile device

If you have any questions or need help with this process, please call us at 432-837-8888.

Like us on Facebook @sulrossoit

Follow us on Twitter @srsuoit

See us on Instagram @srsu_oit

Zoom: Is It Safe to Use?

I want address some of the hyperbole around Zoom and the recent issues that have surfaced as Zoom has become a considerably more popular and widely-used application during the COVID-19 pandemic. 

Updated 4/9/2020:

Here are a number of updates from our contact on Zoom. This is a list of features they have updated over the last week or so.

Security Toolbar Icon for Hosts

  • The meeting host will now have a Security option in their meeting controls, which exposes all of Zoom’s existing in-meeting security controls one place. This includes locking the meeting, enabling Waiting Room, and more. Users can also now enable Waiting Room in a meeting, even if the feature was not turned on before the start of the meeting. For more information, please visit this recently published Blog.

Invite Button on Meeting Client Toolbar

  • The button to invite others to join your Zoom meeting is now available at the bottom of the Participants panel

Meeting ID No Longer Displayed

  • The meeting ID will no longer be displayed in the title bar of the Zoom meeting window. The meeting ID can be found by clicking on Participants, then Invite or by clicking on the info icon at the top left of the client window.

Remove Attendee Attention Tracking Feature

  • Zoom has removed the attendee attention tracker feature as part of our commitment to the security and privacy of our customers. For more background on this change and how we are pivoting during these unprecedented times, please see a note from our CEO, Eric S. Yuan 

Removal of the Facebook SDK in our iOS client 

  • We have reconfigured the feature so that users will still be able to log in with Facebook via their browser

File Transfers

  • The option to do third-party file transfers in Meeting and Chat was temporarily disabled. Local file transfer is available with our latest release. Third-party file transfers and clickable URLs in meeting chat will be added back in an upcoming release

New Join Flow for the Web client

  • By default, users will now need to sign in to their Zoom account or create a Zoom account when joining a meeting with the Web client. This can be disabled by the Admin or the User from their settings page

Join Before Host Emails Disabled

  • Notifications sent to the host via email when participants are waiting for the host to join the meeting have been disabled.

Setting to Allow Participants to Rename Themselves

  • Account admins and hosts can now disable the ability for participants to rename themselves in any meeting. This setting is available at the account, group, and user level in the Web portal.

Language for Directory and Company Directory (please note, this does not impact your account)

  • Domain contacts: For free Basic and single licensed Pro accounts with unmanaged domains, contacts in the same domain will no longer be visible. We’ve also removed the option to auto-populate your Contacts list with users from the same domain. If you would like to keep those contacts, you can add them as External Contacts.

Change in visibility of contacts with same domain (please note, this does not impact your account)

  • For Basic and single licensed Pro accounts with unmanaged domains, contacts in the same domain will no longer be visible under ‘Company Directory’ in the ‘Contacts’ tab. Consequently, for the single Pro accounts with unmanaged domains, we’ve removed the option in the admin experience to populate Company Directory with users from the same domain. If these affected users would like to keep contacts with the same domain, they can add them as External contacts. This change will not impact paid accounts with multiple licenses and all accounts with managed domains.

Growth of this magnitude for any technology product attracts legitimate users and also the attention of malicious actors who seek to abuse or compromise the platform.  This attraction, particularly by those with mal intent, is the same faced by any technology company, including Microsoft, Cisco, Blackboard, Ellucian (Banner) and many others.

It is difficult for any vendor to anticipate every fracture that results from heavy and continued usage, particularly by those with evil intentions.  All technology at some point will fail: some is small ways, others in more pronounced ways .  The challenge for any technology organization, whether that is Zoom, Microsoft or OIT, is how to react to the failure. 

Zoom has experienced issues in recent weeks.  Zoom Bombing, that is interrupting a class lecture or a meeting by hijacking a meeting to display inappropriate, vulgar or racists material on the Zoom connection, is the most pronounced and obvious way the Zoom meetings have been attacked recently. 

As these events occurred and were discussed in the media, Zoom provided solutions for the issues and communicated to their customers in a matter of hours.  And Zoom continues to provide fixes for their software to ensure all of us have the best  and safest experience possible.  See this article,, authored by security professionals for a perspective on Zoom’s response to recent attacks.

Additionally, here is a message from the CEO of Zoom detailing the approach they took when this all started, including actions taken by Zoom and what they continue to do to ensure the best experience possible:

Allow me to address some of the more talked about issues that you may be aware of.

  1. Zoom Bombing: Most of the attention surrounding Zoom currently is focused on Zoom Bombing. Zoom’s product is designed to be very flexible and to be able to easily accommodate attendees from outside of your organization. That flexibility provides the host of a meeting a great deal of flexibility in how strict or lax they want to be in protecting their online meeting. Here is an article that provides guidelines provided by Zoom to help prevent Zoom Bombing:  Those of you hosting classes in a Distance Education Room need to contact OIT for assistance as those spaces require special handling in regards to managing your guests.

One action you can take, if you are concerned about Zoom Bombing, is to password protect your meeting.  This is done by selecting the Require Meeting Password checkbox on your Zoom MeetingID setup and supplying a reasonably complex password.  Share this password with your students or other staff members so they can attend the meeting.

  1. Zoom Encryption: Encryption is defined as providing cryptographic assurances that only the individuals that are supposed to see a message can do so.  End-to-end encryption (E2E) describes a system where content is encrypted when it is stored (sitting on a hard drive or server) and when it is being transmitted (sent over the internet or a network). Zoom does guarantee E2E for every device attached to a Zoom meeting that is using their software for a connection.  If you use the Zoom app on a desktop, laptop or mobile device to connect to Zoom, your connection is end-to-end encrypted.  If you use one of the Distance Education rooms to connect to Zoom through a Conference Room Connector (CRC), which is what we do with our DE rooms at Sul Ross, the connection is end-to-end encrypted as well once it connects to the CRC in the cloud.  One device that is never E2E is a telephone connecting over a traditional land line.  As state in the article on encryption, Zoom’s goal is to “keep data encrypted throughout as much of the transmission process as possible.”  If you would like more information on encryption methods used by Zoom, see this article:   
  1. Zoom Privacy: Zoom sharing usage data with Facebook has been a recent headline. The Facebook sharing was limited to the IOS mobile app, involved aggregate metadata only, meaning there is no evidence that identifiable or sensitive information is being shared without user consent, and was removed after the PR backlash that resulted from this awareness.  Zoom addresses where they share data with third-parties in their privacy policy at

My intention is not to convince you to use Zoom.  If you are uncomfortable using Zoom for your classes or your meetings, I encourage you to look at one of our other supported applications such as Blackboard or Microsoft Teams.  My goal here is to break through much of the hyperbole in the media and to assure you that while some issues surfaced recently with the Zoom product, it is a good solution for your meeting needs and comes with a great deal of usability, stability and security.  I am comfortable recommending the use of Zoom for any of your classes or meetings.

If you have questions, feel free to contact me directly.  If you need assistance with any of the configuration items in Zoom, please contact my staff at the Helpdesk and we will guide you through those discussions.

Applications Update – July 2019

This blog lists the applications and services that are now available for your use. If something is missing or needed, please contact me or LTAC and we will add to the list.

  • Banner 8 and 9 (only available on campus)
  • LoboOnline (Banner Self Service)
  • Blackboard
  • ImageNow
  • mySRSU
  • Email
  • Evisions Suite (Argos, Form Fusion, Intellicheck)
  • DegreeWorks
  • Office 365, including Sharepoint sites, OneDrive and Teams

Applications and Services we are working on at this time

  • Network Shares – once the network shares are available, we will encourage each individual and department that has a network share to migrate their data to Office 365.

You may contact LTAC at, 432-837-8888, x.8888, or toll free at 888-837-2882.

Like us Facebook SRSUOIT

Follow us on Twitter @SRSUOIT

Phishing Attempts: Internal Communications Work

I’m not the most consistent blogger around. And when I do blog, it is typically meant for the internal audience at my institution. I’m usually try to tell them about a new feature we’ve implemented or warn them about an issue we see that could impact our computers, network or servers.

In this post, however, I want to turn my attention to those outside of the institution and, in particular, to those inside the various IT organizations, such as CIOs, ISOs, Comm Managers (if you are lucky to have someone like that in your staff), generally anyone that has responsibility for communication from IT to your institution/organization centered on IT opportunities or issues. And, my message is very brief: Communications work!

As the CIO/ISO for my institution, I have responsibility for much of the communication outside of the Office of Information Technology (OIT). When we have a new offering or see an issue on the horizon, I sometimes blog about it, put it in social media (or have my assistant do that), and often wonder if it makes a difference. I also email the campus on a regular basis (at least monthly) and use the various venues I have to speak to the campus about these things. But, still, that small voice in the back of my mind ask that question again, “Does it make a difference?”

I say it does make a difference and encourage you to start or continue your communications practices because they do work. It is also safe to say that if you don’t communicate then you will have no positive impact whatsoever. That much I can assure you of.

Our campus constituencies often see stories on TV, on social media, and other venues that inform them about a major breach, virus infection, or new opportunity from Microsoft, Google, Amazon, or Facebook. My job and a primary reason for the communication from my office is to let them know that I am also aware and that my staff is keeping their eyes on things. The worst thing I can do is leave them wondering if I know or care. I see the same things they see and I want them to know that I am aware and am concerned.

How do I know communication works? As I walk across campus and meet people on the sidewalk, they like to say things to me such as, “I didn’t click today!” which is an obvious reference to the number of phishing attempts we all see on a regular basis. I might also hear a thank you for letting them know about that new software feature or that opportunity to learn more about this or that.

Today, I received another phishing attempt. This one was in Italian. Thankfully, I can still read a few words of Italian from the time I lived there many years ago and knew it was an attempt to get me to follow a link in the message. But, here is the great thing I realized. Due to the communications I have sent over the last few years and the speeches I have given about being careful on the internet, I feel that most of the people at my institution are aware of these opportunities and know not to click. I recognize that not everyone will get it and sometimes people just forget. Stuff will happen. But, I feel better knowing we have communicated to and educated the Sul Ross institution and have confidence that our risk is lowered by taking time to educate our members. And that helps me sleep better at night and have a more relaxing weekend (I’m writing this in Saturday morning after all).

My encouragement to you is to communicate or continue to communicate if you are already doing so. Does it work? Absolutely. Is it a panacea for all our IT problems? Absolutely not. But, I assure you, it helps our institutions and it helps the CIO and the ISO to sleep a little better and enjoy their time off a bit more. And there is nothing wrong with that.

Thanks for reading.

Access to Office 365 and OneDriveforBusiness

We changed the way you access Office 365 and OneDrive for Business.  In the past, it was common to go to the Sul Ross Home Page (, and click on Office 365 in the Quicklinks menu.  That link has been removed and access to Office 365 and OneDriveforBusiness is now through mySRSU, the Sul Ross portal.  View these quick videos below for how you access these two helpful web applications today.

Open Office 365

Open OneDrive




Sul Ross Live Streaming Capabilities

Over the last few months, a team of us here in OIT have been working on the capability to live stream some campus events. Largely, this has involved athletic events as these are the most prevalent events on most college campuses. In the coming months, we will continue to stream athletic events and also look for other opportunities around campus. If your organization or group has an event they want to stream or capture, contact OIT at x.8707 and we’ll be happy to assist.

You can see some of the events we have recently streamed (although we don’t leave athletic events available for a long period of time) at