May News from Information Security

The theme for this newsletter is UP! I’ll warn you up front, there will be some minor wordplay in the following missive, so brace yourself.

I am tackling two different major themes in May – both of which have the word “up” in them. They are data backUPs and UPdating software. These two ideas are reflected on the monthly poster, which can only be seen this month in Krannert and various departmental offices around campus. If you don’t see the poster, talk to your departmental secretary, administrative assistant or office manager. Ask them to request a copy of the monthly cybersecurity awareness posters to display on the departmental bulletin board or in the mail room, break room, copy room, or whatever room you might spend time in besides your office (even the bathroom – the Stall Wall Weekly has always been a great idea). You can do that by emailing and letting me know how many copies you need and what campus box to send them to. With that upfront shameless plug out of the way, let’s get to the topics at hand.

First, let’s talk about backups. Why do you need them? They prevent data loss from accidental deletion of files. They also protect against intentional deletion or loss of data, via hacking or malware/ransomware infection. Backups also protect against equipment failure and other physical events like fires, water damage or stolen devices. It’s just like putting physical documents or items in fireproof safes or in a safe (or safety) deposit box at a bank.

What is the best way to perform data backups? Follow the 3-2-1 rule.

  • Have 3 copies of your data, in whatever format is required – text, image, database, etc.
  • Use 2 different storage methods or types. Keep a copy on your local hard drive, plus on an external hard drive or in a cloud storage service like Dropbox, Box, Google Drive, OneDrive or a more security oriented service like SpiderOak. If you don’t currently have a cloud storage service, this excellent article provides snapshots of 21 different offerings.
  • The 1 stands for the fact that you need to keep at least one copy geographically separate from the other two copies. Using a cloud storage provider gives you this capability automatically. If you don’t want to use cloud storage, then your options mainly involve keeping a USB drive, external drive, or memory card with a friend, relative, or in a bank or storage facility.

What should you back up? This is the hardest question and the least fun part of this process. Determining what to back up can lead to digital hoarding tendencies and unintentional mass duplication of files, possibly wasting precious storage space on your local hard drive, and other negative results. Be judicious. If you already pay someone like H&R Block or Intuit to store copies of your tax return documents, maybe you don’t need another copy floating around on your backups. Digital images that you already pay Apple or Google to store for you might also be skipped, but if you are like me, you probably want “one more copy” beyond your phone and “the cloud” just in case. Financial documents, personal creations like writing or original digital artwork, bills, contracts, and anything else you would stash away “someplace safe” if they were physical items should be backed up. Finding your comfort zone for backups is key and will determine how much money and time you will put into the process.

Let’s now turn our attention to the topic of updates. Nobody (including myself) wants to wait around for the computer to update, but this critical action can have many positive effects:

  • It will improve security of the software and operating system you use, as updates fix flaws in software and systems.
  • It could increase performance for some applications and operating systems. While admittedly, this is less probable than security fixes, it does happen occasionally. The reboot that is required for some updates will also tend to fix minor issues in applications and systems. It is why the first question you should hear from the Technical Support Desk if/when you call them is “have you rebooted your computer?”, especially if the issue is in an application or some function of the operating system.
  • In some cases you will get new features. Microsoft and Apple add features to their operating systems all the time, and these “feature updates” are what provide them to you.
  • All of these reasons culminate in making it harder (usually) for hackers to infect or take control of your computer.

So, how do you install these updates? For the most part, you don’t have to do anything other than restart your computer regularly. For updates to Chrome or Firefox browsers, just restarting the browser will do the trick. Other applications, like Java and Adobe Acrobat Reader will prompt you to install updates when they are available, and if you are running the Adobe Creative Cloud applications, those applications will update automatically, unless you turn this functionality off.

Pro Tip #1 – Don’t do this!

Pro Tip #2 – As annoying as the Java updater is, don’t turn it off either, as Java provides a rich environment for hackers to attack your machine. Take time to update when it prompts you to do so.

On the topic of updates, the Office of Information Technology will utilize the power of our new managed security system to find the computers on campus most in need of updates. During the week of May the 9th, the primary users of these computers will be contacted and asked to reboot them as soon as possible. Machines that are not rebooted manually by the end of the week will be rebooted remotely to allow updates to install.

IMPORTANT: Don’t forget to update your mobile devices!

Has some random person emailed you about a free piano? If not, you will probably get an email offering a “free piano” sometime in the near future. The college has been assaulted by waves of emails offering “free pianos”. Sometimes the piano is a grand piano, sometimes it is just a baby grand. Sometimes a spouse or relative died and left it, sometimes the owner is just downsizing and can’t fit it into the new place. I was admittedly baffled at first as to what the “hook” was on this phish, but the Internet, as usual, saved the day.

If you respond to the email, or call the provided number, you will end up conversing with “the shipping company”, who will ask for payment up front, usually via a nonrefundable method. They are particularly fond of online payment services like Zelle, Venmo and others that are harder to get a refund from than PayPal or credit card companies. They say that other people are interested and that they will deliver the piano to whomever pays first. With that touch of urgency added, along with the potential for a free grand piano, some will willingly pay the delivery charges, which usually range from $200 to $800 depending on how fast you want it, but no piano will ever appear. As usual, if it seems too good to be true, it probably isn’t.

Speaking of phishing, the Office of Information Technology will be conducting the first simulated phishing exercise for the community in the next few weeks. This is exactly what it sounds like – we will send out a fake phishing email (is that a double negative?) to faculty and staff, measuring to see how well we have succeeded in teaching about phishing emails over the almost four years of work we have done in cybersecurity awareness. Let me be real clear here: There is no penalty for “missing” the email by clicking on a link or opening an attachment. This is strictly to see where we are in regards to awareness.

REPEAT: There is NO penalty for falling for the fake phishing email. There will be no strongly worded emails, no walls of shame, and no follow up calls from the Director of Information Security. NOTHING!

We have to do this as part of following “best practices” in cybersecurity. We don’t know what to emphasize in future training if we don’t know what might convince a user to behave in a risky manner.

Lastly (I know this has been a lengthy newsletter), I want to mention that May the 4th is Star Wars Day…no, wait…that’s important for other reasons, unrelated to cybersecurity…sorry…

I want to mention that May the 5th is World Password Day. This day is set aside to remind everyone that if you haven’t changed passwords on your accounts since last May 5th, you probably should take a few minutes to do that, at least on important ones like bank and financial accounts, email accounts, and especially your Berry account! So, happy? World Password Day, and get busy changing those passwords!

With MFA enabled on your Berry account, you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.

Food For Thought

This is a text-based Food For Thought. With only 12 months to choose from, many, many causes are celebrated each month. May is no exception. Here are 16 designations for May to help you remember, celebrate, or be aware of something in May:

  • Bladder Cancer Awareness Month
  • Better Speech and Language Month – we should all strive for this…
  • Ehlers-Danlos Syndrome Awareness Month – was not aware of this…
  • Asian American and Pacific Islander Heritage Month
  • Prader-Willi Syndrome Awareness Month – not aware of this either…
  • Cystic Fibrosis Awareness Month
  • Lupus Awareness Month
  • National Military Appreciation Month
  • National Deck Safety Month
  • National Bike Month
  • National Lyme Disease Awareness Month
  • National Get Caught Reading Month – this will be easy…
  • National Hamburger Month – my favorite!
  • Golf Month
  • National Photography Month
  • National Barbecue Month – seems a little early…

Have fun picking which one to remember, celebrate or be aware of…

Featured Images:

Photo by Andrew Neel on Unsplash and Photo by Szabo Viktor on Unsplash

(Visited 196 times, 1 visits today)