November News from Information Security

Welcome to November! The end of the semester is vaguely in sight, but we have Thanksgiving coming before that happens. I hope everyone enjoyed the Halloween weekend, avoided eating too much candy, and are ready for the time to change this coming weekend. Yep, it’s coming…

Cybersecurity Awareness Month has ended and I want to thank everyone who participated in the Virtual Scavenger Hunt, took a second to look over the awareness posters in the dorms and offices, and came to this site to read the articles. We had two winners of the Oontz waterproof Bluetooth speakers and four weekly winners. I hope they all enjoy their prizes. There will be another Virtual Scavenger Hunt in the spring semester if you didn’t get a chance to participate in this one, with more exciting and fun prizes. Be sure to check back here regularly for more information.

The last week of Cybersecurity Awareness month focused on making cybersecurity a priority. One way we will do this is by extending to everyone the ability to take cybersecurity awareness training. We are still working out the details on how frequently to offer the training sessions and how long those sessions will be. Ideally we would have training every quarter, as this allows for keeping up with current phishing trends, new threats that emerge (almost daily) and keeps cybersecurity “in front” of everyone. If we went with this quarterly schedule, the training would take no more than fifteen minutes to complete. However, if we decide to go with an annual schedule, then the training would have to take between thirty and forty-five minutes.

I have asked for feedback on this decision from you before, and I have gotten a few responses, but I am going to make it even easier to for you to respond this time. At the end of this article there will be a three question survey. Please take a moment to complete it so I have some idea of the community’s preference.

Some of you may not submit a response, maybe because you don’t think this is important, but I assure you it is. Over the past few months we have had multiple instances where a Berry account was hijacked and the result of that account compromise meant that hundreds of spam emails went out to the community from a “trusted” Berry sender. If the motive in these attacks was not simply to spam us, but to attack our network and servers, we could have potentially joined the growing ranks of other schools and businesses who have suffered a ransomware attack. We would have had an unavoidable interruption of normal operations, meaning classes and other services may not have been available. We would have had to devote time and effort to recovering our systems, dealt with the threat of exposure of sensitive and private information, and potentially lost a number of admissions candidates, who may prefer to attend a school that could protect their information. This is why cybersecurity awareness is so important and this is why I need you to fill out the quick survey at the end of this article.

In addition to the survey, it is imperative you complete the cybersecurity awareness training once you receive the notice that you have been enrolled. This won’t happen until we determine, based on survey input, at what frequency and for how long the training sessions will last. Survey responses will be accepted until Thanksgiving break in late November and we will make the decision in December. We don’t expect to send out training until January since once December arrives, the semester will be over quickly and everyone will be working hard to make that happen smoothly.

Now that you have MFA enabled on your account, you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted.

Now here is the survey.

Training Survey

    1. How often would you prefer to take cybersecurity awareness training?

    2. Please rate yourself on your ability to spot phishing emails
    I believe everythingI don't fall for ridiculous scamsI can recognize most phishing attemptsI'm a pro, nothing can fool me

    3. In addition to regular computer-based training on cybersecurity awareness, is there any topic on which you would like additional training? Choose all that apply.

    Featured Image: Rette Solomon/Berry College

    Author

    (Visited 61 times, 1 visits today)