Skip Navigation

Managing Records: Services for State Agencies: Newsletters

Newsletter: August 2008

Welcome to the August State Agency RMO Newsletter!

Workshops

The fall state agency workshop schedule is now available online!

Conducting a Records Inventory
Date: 09/16/2008
Location: Cultural Education Center

Files Management
Date: 12/02/2008
Location: State Records Center

Using State Archives Retention Schedules
Date: 11/05/2008
Location: State Records Center

Flooding and Other Records Disasters

No-one wants to think about their office being flooded, but with the heavy rains we’ve experienced here in the capitol region in recent weeks, we’d like to pass on some helpful information from our regional colleagues. Should your agency be involved in a flooding situation, your first priority should of course be personnel and their safety - after that here are some things to help you prepare for the worst:

  • Revisit your emergency plan to update phone lists and other contact information
  • Think about the location of your agency’s vital records and move any that might be at risk
  • Revisit facilities layout information with attention to evacuation routes, and locations of stairs and exit doors, fire hoses, water and CO2 fire extinguishers, emergency lights, alarm pull boxes, sprinkler shut off valves and first aid kits
  • Locate alternative power sources such as generators
  • Gather plastic sheeting to be used as covering for records stored in vulnerable locations
  • Think about alternate storage locations for any records that might be in risky locations

If you're affected by flooding, please contact Jennifer O’Neill at joneill@mail.nysed.edu or (518) 473-2112

For expert advice on salvage techniques, you can contact the State Archives preservation staff at:

  • Maria Holden: (518) 474-4856
  • Marie Culver:  (518) 473-7954
  • Susan Bove: (518) 408-1925

CSCIC Security Tips - Web Browser Attacks

What is a Web Browser?
The web browser is a software application that allows the user to view and interact with content on a webpage, such as text, graphics or other material.1 It is a very popular method by which users access the Internet. There are a number of different web browsers-- Internet Explorer, Firefox, Opera, and Safari are the most prevalent. Plug-ins, also known as add-ons, are applications that extend the functionality of browsers. Some of the more familiar plug-ins include Flash Player, Java, Media Player, QuickTime Player, Shockwave Player, RealOne Player and Acrobat Reader. Based on how a web page was designed, certain plug-ins, may be required to view some content.

How Can Your Browser Put You At Risk?
According to a recent study, approximately 45% of people surfing the Internet were not utilizing the most secure version of their web browser.2 Like other software, without the appropriate security patches applied, web browsers are vulnerable to attack or exploit. A fully patched web browser can still be vulnerable to attack or exploit if the browser plug-ins are not fully patched. It's important to remember that plug-ins are not automatically patched when the browser is patched.

Traditionally, browser-based attacks originated from "bad" websites but due to poor security coding of web applications or vulnerabilities in the software supporting web sites, attackers have recently been successful in compromising large numbers of trusted web sites to deliver malicious payloads to unsuspecting visitors.

Hackers add scripts that do not change the website's appearance. These scripts may "silently" redirect you to another web site without you even knowing about it. This redirect to another web site may cause malicious programs to be downloaded to your computer. These programs are generally designed to allow remote control of your computer by the attacker and to capture personal information, often related to obtaining credit card, banking information and data used for identify theft.

It's not just desktop or laptop computers that are vulnerable. As their popularity increases, smart phones such as Blackberries and iPhones may become targets of browser based attacks because of the built in browsers technology and Internet access.

What Can You Do To Protect Yourself From Browser Attacks?
There are a number of steps that we can take, most of which your IT Department should have implemented at work, but which also apply equally to your home computer.

  • Keep your browser(s) updated and patched.
  • Keep your operating system updated and patched.
  • Use anti-virus and antispyware software and keep them up to date.
  • Keep your applications (programs) updated and patched, particularly if they work with your browser such as multi-media programs used for viewing videos.
  • Install a firewall between your computer and the Internet and keep it updated and patched.
  • Block pop-up windows, some of which may be malicious and hide attacks. This may block malicious software from being downloaded to your computer.
  • Tighten the security settings on your browsers. Check the settings in the security, privacy, and content sections in your browser. The minimum level should be medium.

Consider disabling JavaScript, Java, and ActiveX controls.

Please note, a number of these tips may impede your use of the Internet or limit what content you can access. If you find that you really need ActiveX controls or you require JavaScript be enabled, set your browser to prompt you before running scripts. If you find that you need to lower your security settings to be able to access what you need, lower them temporarily, then reset them.

Training Opportunities

National Webcast Initiative: Voice Over-IP
Wednesday, August 20, 2008
2:00pm - 3:00pm (Eastern)
http://www.msisac.org/webcast/2008-08/index.cfm

PM Community Of Practice (PMCOP) Meeting: Confessions of a Non-Technical Project Manager in a Tech
Thursday, September 25, 2008
Albany NY
The meeting will address how a person without a technical background can successfully manage a technical project. http://www.nysforum.org/events/calendar/events.aspx?date=9%2f25%2f2008

That’s it for this month! Remember that we want to hear from you. State Agency Services is here to help make your job easier by answering questions, doing site visits, and providing training.

Jennifer O’Neill
joneill@mail.nysed.gov
(518) 473-2112

Sarah Durling
sdurling@mail.nysed.gov
(518) 473-6803

Have a great month!

To report technical problems with this web site, please contact the New York State Archives at ARCHINFO@mail.nysed.gov.

The New York State Archives is part of the Office of Cultural Education, an office of the New York State Education Department. Privacy Policy - Terms of Use - New York State