Nobody likes email retention, especially me. Believe me. No … really. Why on earth would I ask you, a productive researcher with no time for chit-chat, much less time to police your email, to spend time looking at your email, pondering it, and (hopefully) deleting a bunch of it? No sane person would do that.
As it turns out, email retention, while it can be painful, is actually a good thing, for you and for the agency. There are two main risk-related reasons to implement email retention.
Risk Reduction
First, email retention policies, “…are driven by the risk of TPIA requests, litigation subpoenas, and discovery requests, along with the requirement to eliminate transitory information and to properly maintain other state records,” says TAMUS General Counsel Brooks Moore, who is our System expert on this topic. “An automatic delete policy is a best practice,” he states. Furthermore, researchers that are reticent to implement email retention, “have [probably] not been involved in the voluminous email and document production from a number of TTI open records requests and discovery requests/subpoenas (guardrail litigation, etc.). In my experience, once a researcher has experienced this, they become an advocate for automatic delete policies.”
“An automatic delete policy is a best practice.”
Brooks Moore, TAMUS General Counsel
Retention Compliance
Second, retention of important information, i.e., state records, should not be maintained in email, “but should be retained in approved systems for electronic files and state records. An automatic delete policy encourages compliance with these requirements by forcing employees to properly file emails outside of email for continued preservation.” What are those approved systems? For TTI, OneDrive, mainly. On the flip-side of this argument, most emails are NOT considered state records, but transitory information. Transitory information should NOT be kept as it is not subject to records retention. Keeping it incurs risk as noted above.
Reducing risk and increasing retention compliance are a one-two punch that helps keep us safe and secure.
As we return to the office, cyber threat actors are changing their tactics as they did during the work from home transition. Here at TTI, we’ve seen a number of these sophisticated attacks that attempt to redirect victims to a site to enter their credentials. But the site is NOT our Microsoft login site.
The latest scam includes pelting recipients with emails purportedly from their CIOs or other highly placed executive welcoming employees back into offices. Threat Post indicates that the fake CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. However, if a victim decides to interact (click) on either document a login panel appears and prompts the recipient to provide login credentials to access the files.
What can I do to stay safe?
Whenever you enter credentials in a browser window, be sure that the address of the site is login.microsoftonline.com/… AND that there is a lock icon next to the address, like this:
When logging on, be sure that the address of the site is login.microsoftonline.com/…
I don’t remember it being this cold ever, and I’ve been living in Texas my whole life. Like you, I’ve been adapting to the cold weather over the last several days. My numerous cats (I won’t say how many) are doing gymnastics in the upstairs classroom, my chickens are getting warm bowls of water every few hours, and my dog is enjoying the relative warmth of the laundry room. Candles have been collected and dusted off, ready for use this evening. Dinner will be a quick Mediterranean shrimp stew using a cast iron skillet and my propane stove. All in all, we are comfortable, not too inconvenienced.
One area this doesn’t extend to is work. I live in the country and so have very poor network connections. My house uses DSL from Centurylink (wouldn’t wish it on my worst enemy). Until recently, this was the best game in town. But my local co-op electricity provider has decided to provide fiber-based broadband to its subscribers. It advertises speeds up to 1GBps – we’ll see if they can deliver. After a series of scheduling fiascos and installing the fiber box in the wrong location, they were due to install it last Friday before all of this bad weather hit but didn’t quite make it. So it looks like I missed it by a few days. Rats!
Even so, I had purchased wireless hotspot service on my mobile phone to use in emergencies. While the service can provide speeds up to 10 MBps, that requires a good wireless signal, and my house doesn’t always get that signal.
I started out naively using my normal desktop workstation in my home office, but the constant on and off of the power made it clear that using the DSL/desktop solution wasn’t going to work. So, with a few rerouted wires, I hooked up my laptop to an external monitor and fired up my mobile phone hotspot – voila! Now I’m “immune” from rolling power outs although throughput is limited. When the power is out, the battery in my laptop and phone keep things going. I was sure to also hook up the chargers so that they would charge when the power was on.
Things are still not working as well as I would like. For one, even with the hotspot connection, DNS lookups (i.e., website locations) fail regularly, the hotspot has a tendency to disconnect, and sometimes the throughput crawls to 10KBps making even simple tasks such as loading and sending email difficult.
What’s the lesson learned? Connectivity counts! TTI has a small task force working on connectivity recommendations post-COVID. I’m looking forward to implementing those recommendations as we move forward.
During the pandemic, my observations of employees’ productivity while working from home (WFH) have varied. Some are more productive – some less. What I crave are facts supporting or refuting TTI’s productivity.
For example, is our increase in research expenditures this year indicative of increased productivity in WFH? Have time-off requests changed during the pandemic and what do they say about productivity? Are particular job roles more or less conducive to WFH? What kinds of social factors (e.g., family, community, health) affect productivity? What kinds of environmental factors (e.g., technology, office space, furniture) are relevant? I’m sure you have similar questions.
I came across an article this morning that reports decreased productivity, at least in the finance industry:
Productivity slipped when JPMorgan Chase & Co.’s employees worked from home (the article doesn’t specify HOW they measured productivity)
Work output was particularly affected on Mondays and Fridays
WFH affected “organic interaction”
Younger workers may be affected to a greater extent because they “could be disadvantaged by missed learning opportunities” by not being in offices
Overall, [CEO Jamie Dimon] thinks a shift back to the office will be good for the young employees and to foster creative ideas
As I’ve reflected on our WFH experience so far, the best productivity solution seems to be a hybrid model of work that combines WFH with WFO and takes advantage of both environments. The right mix is likely different for different people. But the bottom line is that we currently have very little in the way of supporting data to formulate a policy which is in keeping with the perspective of our Agency.
TTI is partnering with Global Knowledge to host an ITILv4 Managing Professional Transition course on October 12-16, 2020. This is an online course offering. The purpose of the course is to transition those of you with ITILv3 Expert certification into the new ITILv4 Managing Professional certification.
The cost of the five-day course is $2,300. The format is online. The cost includes a Global Knowledge instructor for five days, printed courseware, and a voucher to take the certification exam. A retake of the exam is not included. This is a 30% discount off of the regular course price ($3,250) and you don’t have to pay for travel.
I’ll admit it. As much as I like my office and my TTI fam, my boss told me that I’m “not part of the skeleton crew.” and so I need to work from home for the duration of the COVID-19 situation. I thought I’d share my thoughts and trials of becoming a TTI Ghost so you, too, can share the fun.
Voice
The first thing I did was make sure when people call me, they get me. After all, they don’t know that I’m sitting in my backyard watching the chickens dig for worms.
This is actually pretty easy. I headed over to our Cisco Unified Communications Page and logged in using my TTI username without the @tti.tamu.edu extension and my regular password. From there, I selected “Call Forwarding”, checked the box that read: “Forward all calls to:” and entered 9 and my 7-digit mobile number with no parentheses or dashes.
I tried to enter my number with the area code included and that didn’t work. I found out that there are three different use cases with different patterns of digits:
For TTIHQ, use 9 and your 7-digit number (e.g., 95555555)
IF your area REQUIRES 10-digit dialing such as Austin, use 9 and your 10-digit number (e.g., 95125555555)
IF your number is NOT in the same area code as your TTI number, email the Service Desk at helpdesk@tti.tamu.edu. This requires an exception to forward to a “long-distance” number.
One more thing. Since I transferred my TTI line to my personal line, I changed my mobile voicemail message:
Howdy! You’ve reached David Sweeney with the Texas A&M Transportation Institute. With the Covid19 situation, I’m working remotely. It appears that I’ve missed your call, so please leave a message and I’ll contact you as soon as I can. Have a great day, and good health!
Team Communications
Since I’m not going to be in the office, communicating with my team members is an issue. WebEx has a texting application called WebEx Teams. This app is integrated tightly with the main WebEx application and allows you to do much more than just individual and team messaging.
WebEx has a COVID-19 Resource Page with great information about how to work remotely using their tools.
The next problem was meetings. Obviously, WebEx was the solution, but how would I use it? I’m used to opening Outlook and using the Webex Button to schedule meetings. When I click it, it adds a little WebEx thingy at the bottom of the meeting request.
Outlook for the Web doesn’t have the WebEx add-in. Was scheduling a WebEx meeting possible in Outlook for the Web? Sort of. I found a “hack” that works relatively well. Basically, I created a WebEx “boilerplate” that I could paste into meetings created and/or managed through Outlook for the Web. Here’s how I did it:
HOWTO create a WebEx Meeting using Outlook Online
Documents
What about documents? Because I’m a relatively new employee, most of my documents are in Microsoft OneDrive. Even so, I found this great video from the LinkedIn Learning library about using One Drive. As you may know, LinkedIn Learning is a service that TTI pays for. I’ve embedded the introductory video to this course below. You can access the full course by clicking on the link below it and signing on with your TTI credentials. This video taught me everything I needed to know about OneDrive (except one – see below).
How I Added My TTI OneDrive Files to my Personal Computer
On my home computer, I don’t normally have access to my TTI OneDrive files. This is one task that is NOT in the OneDrive course video referenced above. So here’s a little instructional video about how I did this.
HOWTO add TTI OneDrive files to your Personal Computer
Installing OneDrive
How do I install OneDrive. It turns out that if you have Windows 10 on your computer, OneDrive is already installed and integrated. Even so, if you have problems, you can install the OneDrive app by clicking here.
Using TTI’s Remote Desktop Protocol (RDP)
So, there are a couple of programs on my TTI desktop that I don’t have on my laptop. To use these programs, I can use Remote Desktop Protocol (RDP) to connect to my desktop computer. When I do this, it’s as if I’m sitting at my computer in TTIHQ. While the connection does “jitter” a bit because I don’t have a great network connection from my home, it works pretty well in a pinch.
I was surprised to find out that, of the services that I set up so far, only forwarding my phone required the use of VPN. Another significant resource I found that required VPN was accessing shared files that were within the TTI domain and NOT on OneDrive. I was able to copy the files I needed to work with from those drives to OneDrive using the tutorial referenced above.
While VPN may be required to connect to some IT resources within the TTI domain, all of the main communication components could be used without it. Even so, NIS has a document on using the VPN here. To install the Cisco VPN client on my personal computer, I downloaded the file from https://vpn.tti.tamu.edu and then followed the instructions in the first link.
When Nick McLarty resigned as TTI CISO in December, it was a significant blow to NIS because Nick was (and is) a valued and highly skilled team member. While I’m proud that Nick went on to become an Assistant Information Security Officer (ISO) for the TAMU System, I’m now tasked with providing a quality level of agency security in his absence.
I had heard about a number of TAMU system schools (5) that had engaged in the System contract to provide ISO services – the so-called “CISO In a Box.” After talking with my colleagues in some of these schools, I learned that the service was both economical and effective. One colleague told the story of how their contracted ISO recently lead them through a TAMUS Security Audit with a highly favorable outcome (i.e., Level 2). Of course, I asked Nick’s opinion, and he enthusiastically recommended it. After these communications, I wasn’t totally sold on the service as a permanent solution but thought it would be worth a try as a provisional one.
To this end, we contracted under the TAMUS master contract for ISO services in December. I intend to revisit the service in May and make a decision whether or not to continue the contract, or hire a new CISO. The decision will be based upon a set of performance metrics that Nick and the System Security group are helping me to identify.
While we are still working out the workflows, the results have been promising. The contractors are reviewing and maintaining our security framework, providing consulting on security issues, and will soon take on some of the operational work Nick was doing for us. These are things like security investigations and responses.
To our customers, the change will be completely transparent, I will ostensibly be the “Interim CISO” for the Agency, but our contractor will take care of the heavy lifting. 90% of our security infrastructure is automated, so the contractor will act in persona Nick and soon be responding to any security incidents that may arise. As they begin to respond to customers, I’m very interested in your feedback about the job they are doing.
