Welcome to October! The temperatures are changing, the leaves will change, we’ll celebrate Mountain Day, and get a couple of days off. What more could you ask for?
Cybersecurity Awareness Month, of course! Yes, October is Cybersecurity Awareness Month and we have a slate of activities prepared for everyone. There will be a scavenger hunt, cybersecurity awareness training, phishing tests, a table in Krannert with a “Spot The Phish” game, and of course, informational articles right here on this site about the topics of each week.
Those topics this year are:
- Passwords and password managers
- Spotting phishing emails
- Multi-factor authentication
- Updates, updates, updates!
But wait, you say, what’s this about a scavenger hunt? Yes, for the third year in a row, we are offering a virtual scavenger hunt, hereafter known as the VSH. The VSH will have you trekking through the “Interwebs” to find answers to four questions each week, all of them related to the topic of the week. There will be drawings for prizes each week for those who participate, and a grand prize drawing that will include everyone who completes the entire VSH. More information is available on the start page for the 2022 CAM VSH. You should know that we have not yet decided on the grand prize and you can make a difference in what that prize will be. See the start page linked above for more information.
Cybersecurity awareness training has become another one of those things “that must be done”. We depend on the Internet, including email, social media, company websites, company apps, and all manner of other ways to connect. Unfortunately, the cyber-criminals out there are also connected to this wonderful Internet and they leverage that connectivity to attempt to steal, defraud, scam, and ransom everything they can. We have to #BeCyberSmart to defend ourselves. This October, starting on the 10th, mandatory cybersecurity awareness training will be available for everyone, students, faculty, and staff, to complete. You will receive an email with a link to start the training. It will take approximately twenty minutes to complete and does not have to be done all at one sitting. If you have any issues accessing that training, please contact me directly at infosec@berry.edu.
New for this Cybersecurity Awareness Month and for the community as a whole, is simulated phishing tests. This involves the devious minds in the Information Security office making up some fairly convincing fake emails and sending them out to the community. Our goal in this activity is not to shame, berate, or punish those who do not spot these emails, but to test the effectiveness of our training and outreach. If you’ve never reported a phishing email before (because you simply delete them), I encourage you to do so in October. You can do this using the Phish Alert Report button in your Outlook client, in the Outlook app on iOS and Android, or on the web via mail.berry.edu. Everyone who spots and reports one of our test emails will be entered into a drawing for a prize, which is also being determined at this time. All prize information will be posted here on this website and sent via social media and email once our decisions are made.
During the week of October 17th, we will have a table in Krannert with information, a “spot the phish” game, and CANDY. Drop by the table, try to spot the phishing emails, and ask any questions you might have about cybersecurity. And get some candy…
Now to our topic for this week. While it seems like we talk about passwords and password managers a lot, it’s only because we are stuck with them for the foreseeable future. Therefore, we have to make sure everyone knows how to create strong passwords and how to properly manage all of their website logins, store accounts, financial institution accounts, and any other accounts that require them.
How many accounts do you have? Now, how many passwords do you have? Those numbers should be roughly equal. Yes, you should use a unique password for every account you have. This keeps your other accounts safe if one of your passwords is stolen in a data breach. If you are like me, you probably can’t count on your fingers and toes all of your accounts. How will you ever remember that many passwords?
Thankfully, you don’t have to. If you use a password manager, you can have a strong, completely random password for every account you have. The password manager will create, encrypt and store, and allow you to use these passwords with ease. There are password managers for every operating system and phone in common use. At the very least, most password managers will allow you to access your passwords via a web page. You just create an entry in the password manager for every account you have and it will create a strong, unique password for it. You just have to remember one good, strong master password. For more information, check out the Quick Info page on password managers here on the Cybersecurity News & Alerts site.
But, you say…that’s a lot of passwords and sensitive information all in one place. What if someone guesses my master password? This is where the Quick Info page on strong passwords will come in handy. It will give you ideas on creating a strong, memorable password or passphrase. One that is 15-25 characters long, doesn’t include your birthday or name or pet’s name or other findable or guessable information. One that is easy to remember. Check out the hints there, create yourself a good strong master password, and pick a password manager to use it with. Maybe not in that order…
And that’s October’s newsletter, but wait…there’s more! There will be an article every Monday morning this month (except for the 31st), explaining the topic of the week, giving some hints for the scavenger hunt, and hopefully, entertaining you. Here are some big hints for this week’s scavenger hunt.
The NIST document can be found here if Google fails you: https://pages.nist.gov/800-63-3/sp800-63b.html
The PC-Mag article is here, again, only if Google fails you: https://www.pcmag.com/picks/the-best-password-managers
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.
You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.
Food For Thought
With the abject failure of my attempt to embed a Twitter video into this page, I will be avoiding them. But I’ve found another wonderful video on YouTube by a channel I’ve pulled from before – CGP Grey
This video really is some food for thought…
Feature Image Courtesy of National Cybersecurity Alliance
CAM Week 2 – MFA and Securing Devices
September News From Information Security
