Improved Purchase Order Process!

In the first week of 2011, Vendor Relations processed a huge number of PO requests through FRED in record time. About 1,200 PO requests were processed in about 4 hours using the new Automated Fax PO process installed earlier in 10/11 school year.

Everyone is tickled with this new process and we wanted to tell you about it.

The previous process for PO requests involved these steps:

1. Find Service PO requests, process them 2. Print them (an average of 300 total POs per day with 600-1000 on peak days) 3. Manually fax each one to the vendor (deal with fax machine getting full/stuck etc) 4. Manually review confirmation reports 5. Re-fax or mail any that didn't go through 6. Shred all printed POs 7. Repeat for Product PO requests

The new process has been simplified:

1. Click one button which finds all Product and Service POs and electronically faxes them to the vendor 2. If a vendor does not accept faxes, their POs automatically print so they can be mailed 3. If a fax does not successfully send, an email notice is automatically sent to PO processors who then call the vendor to confirm their information 4. POs can be re-faxed at the click of a button and the fax will automatically include a note to the vendor that the PO is a duplicate

For those 1,200 POs, the new processed created savings in a single day of 850 pages of paper and the ink to print those pages. Additionally, significant staff hours to manually fax 850 POs to the vendors, review the confirmation reports, re-fax as needed, and then shred those 850 pages. This is literally hours of staff time saved in one day.

In addition to the vast reduction in paper, ink, and staff time, there are a few other improvements from this new process.

* Previously, the staff had very limited time/resources to follow up with vendors on bad fax numbers etc. The new process has provided ample time to get these errors corrected so the number of successful faxes has increased.

* When a PO is re-faxed, the automated note that is printed on the PO announcing it as a duplicate helps flag the vendor's attention and this helps reduce duplicate orders being sent by the vendor.

The  example of 1,200 POs on a single day is peak-volume for Vendor Relations, but even an average-volume day of processing saves 100’s of pages of paper, ink, and hours of staff time. Multiply this daily savings times 5 days each week and that’s a lot of savings of supplies, time, and money each month. Not to mention the morale boost from a huge increase in efficiency and ease of use!

Fake Security Alerts

Current alert and good general information

Microsoft is today(Jan 13, 2011) warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

Microsoft Email Security Updates Are a Scam

Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

This scam in particular takes advantage of Microsoft's well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft's Director of Security Assurance, Steve Lipner (who in fact does hold that role).
The recipient is then told to install the attached file, KB453396-ENU.exe (or a similar name), which is supposed to be the security update.

Worm, Virus Replicates Itself, Sends to Contact List

The email attachment (.EXE file) is actually a worm / virus, meaning that once it is installed on a users' PC, it will attempt to replicate itself by sending a copy of the infected attachment to all users on the host PC's contact list (address book).
The idea is to get the worm / virus on as many machines as possible in order to become part of a botnet. The botnet is then used to attack websites, corporate structures, and is even sold to other online criminals for their evil-doing.

Fake Alerts Contain Dubious Spelling, Dates

There are a variety of errors that reveal the message as a scam.
For example, the Microsoft update schedule is actually for the second Tuesday of the month, meaning the fake emails are a week early. More significantly, not only is the language of the email clearly not professional enough to be legitimate (suggesting it may be the work of people for whom English is not a first language), the writers have also misspelled the fake return address, writing no-reply@microsft.com rather than microsoft.com. (Source: networkworld.com)

Microsoft Security Checklist: How to Avoid Email Scams

Still, the sheer number of people using Windows means it takes only a tiny proportion of users to be fooled by such attacks to do a serious amount of damage. As a result, Microsoft has once again drawn its attention to a checklist for making sure a security email from the company is legitimate.
The checklist notes that Microsoft never includes attachments in an email. It also points out that any information it includes in such messages be duplicated on the Microsoft security site, so users should double-check to confirm this. To avoid confusion, the information always goes on the website before emails are sent out.
The company also advises that users do not click on links in security-related emails, but rather cut and paste the address into their browser. It also says that for added security it may be safer to visit the known home page of the site and navigate to the required information. (Source: microsoft.com)

ADDITIONAL INFORMATION

Legitimate security communications from Microsoft

• Legitimate communications do not include software updates as attachments. We never attach software updates to our security communications. Rather, we refer customers to our Web site for complete information about the software update or security incident.
• Legitimate communications are also on our Web sites. If we provide any information about a security update, you can also find that information on our Web sites.

Microsoft does not make unsolicited phone calls to help you fix your computer

In this scam cybercriminals call you and claim to be from Microsoft Tech Support. They offer to help solve your computer problems. Once the crooks have gained your trust, they attempt to steal from you and damage your computer with malware including viruses and spyware.
Although law enforcement can trace phone numbers, perpetrators often use pay phones, disposable cellular phones, or stolen cellular phone numbers. It's better to avoid being conned rather than try to repair damage afterwards.