August News from Information Security

Is it really August? We’re not even close to fall weather and yet, the fall semester awaits, looming in the near distance, only days away (or if you are a student and don’t read this until you arrive on campus, maybe only hours away). Another academic year is beginning, one of both hope and hesitance. We hope for a “normal” semester, but hesitate as we hear the rising noise of COVID!, COVID!, COVID!. Add this on top of all the “normal” start of the academic year worries and stressors and it is easy to get distracted.

Distracted people are ripe targets for phishing emails, fake texts, fraudulent social media posts (not the “disinformation” type, the “de-fraudulent” type) and even just junk phone calls about your expiring car warranty or your nonexistent (for some, anyway) student loans. I continually get calls about fast ways to get rid of my student loans. I thankfully never had to take out any loans while attending Berry (I was very lucky), nor have I seen the inside of a classroom for a college class in over twenty-five years. I mention this only to be able to say that it is easy for me to dismiss these scam calls, but probably not so easy for others.

What can the distracted person do to defend against the attacks of cybercriminals? First, pause and take a breath. Once that is done, take another look at that email, text, or social media post, or carefully listen to the voice mail you unexpectedly received. You can attempt to analyze it many different ways, but the biggest question to ask yourself is “Does this message attempt to invoke strong emotion (any emotion, not just fear or anxiety) or does it attempt to manufacture a sense of urgency?”. If it does, be very careful with it. Examine it for poor grammar, misspelled words, and unusual word use. Make sure the sending address, NOT the sender name, which can be set to anything, is valid for that sender. Emails from Amazon should come from an Amazon address, not a Gmail address. Find more quick tips on spotting phishing in all its forms here at the Phishing Quick Info page on the InfoSec News & Alerts website. You can also see examples of phishing emails received here at Berry on the Berry College Phishbowl.

Distracted people also look to make things simpler. One of the ways we sometimes attempt to make things simpler is by reusing passwords for multiple accounts. You’ve probably read this on this website before, but let me just reiterate – don’t do this! If you want to simplify your password management (because we all know we have WAY too many passwords to deal with these days) get a good password manager. You can find out more about password managers and download a flyer with information on several good ones at the Password Manager Quick Info page here on the InfoSec News & Alerts site. For general information on good password guidelines, check out the Good Password Guidelines Quick Info page.

Now that I have given you more things to be distracted with, allow me to bring up a couple more items that you don’t have to worry about now, but that are coming in the near future. The first thing is training. Yes, training is coming to everyone now that the Office of Information Technology has been able to expand the cybersecurity awareness training platform to include all active members of the Berry community – faculty, staff and students. More information about cybersecurity awareness training will be coming soon.

Second, I want to take a second to talk about how, moving forward, we will talk about information security. I’ve already set you up for this change in the previous paragraph. You see a lot of different terms for the same thing – information security. I am the Director of Information Security, yet that term does not, in my opinion, fully encompass everything we do here in this office. Moving forward, I’ll use the more expansive term of cybersecurity or cybersecurity information when I talk about…the things I talk about. You’ll see more evidence of this change in terminology if you read further into this article.

Look for August’s cybersecurity posters in offices, residence halls, and Krannert. They will be out soon. Going forward, posters will be released once a month at the beginning of the month, so keep checking those bulletin boards and other locations where posters and flyers are placed.

The final item is really just an announcement that there will be more announcements. The Information Security office has hired both a student worker and an intern for the fall semester. Our intern also worked with us this summer to help with projects and develop new outreach materials. For the fall, both the intern and the student worker will be tasked with developing and getting information to you.

Whether it is through website articles, social media posts, scavenger hunts, poster, or other creative avenues, we want to keep you informed on what threats are out there, how attackers will try to fool you, and how to protect yourself, your data, and your digital life both at work and at home. Watch for more information by following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit) or by visiting this website on a regular basis. You can also sign up for email notices by using the link available in the right-hand sidebar on the current posts page of this site.

The Information Security office will be offering single session, specific, expert-led training on the basic cybersecurity topics we have already mentioned; recognizing phishing emails, and password managers and management. These events will be listed on the calendar here on this site, where you will be able to sign up for them. The format for these classes is, unfortunately, up in the air. I would love to be able to lead these trainings in person, but depending upon how things go with COVID!, COVID!, COVID!, they may be conducted over Zoom.

New or returning student, faculty, or staff, you should now have MFA enabled on your Berry account. The most secure way to configure it is to use the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource for cybersecurity information, so let me know how I can help and inform you.

Food For Thought

This month’s food for thought is a super cool YouTube video about metric paper…sort of.