November News from Information Security

We made it! October has passed, the change from Daylight to Standard time is coming, and November has arrived. Mid-semester exams have been completed, registration is coming, and we wrapped up a great Cybersecurity Awareness Month! I want to thank everyone who participated in any way with our Cybersecurity Awareness Month activities. Whether you completed your awareness training, reported a phishing email, dropped by our table in Krannert, worked your way through the Virtual Scavenger Hunt, or any combination of the four activities, you helped make this one of the most successful and exciting Cybersecurity Awareness Months we’ve had. This newsletter is going to be heavy on news from October and light on news for November, but we’ll work both in before we’re done.

I want to mention the most exciting aspect of the month (for me, anyway), and that was the incredible participation in cybersecurity awareness training. Our spring completion rate was less than 10%, and we shattered that number in October, even while adding the student body to those asked to take the training. Our overall completion rate was 53%, with over 50% of faculty and students completing the course. Our staff took it to another level, with over 60% completing the course.

While this is all great and I am very excited by the results, I do have to address some issues we encountered. It was reported that some users had technical issues with the course, and I apologize for any problems encountered. I will work with our training platform vendor to address these in the future. I heard from students there were rumors circulating that failure to complete the course would affect their ability to preregister or graduate. This is absolutely not the case and I apologize for any stress these rumors may have caused. Some of you were annoyed by the reminder emails, as there were some erroneous emails sent to people who had already completed the course. Again, I apologize for this and we’ll work to make these better in the future.

As a last note on training, one of the great features of the training platform is that it can report how long users took to complete the course. This measurement is somewhat inaccurate, but can indicate trends fairly well. I was startled to see that the average time spent on the course by the 1769 people who completed it was one hour and forty-nine minutes. This average can be affected by any number of variables, and it doesn’t take very many outliers to increase the average time, but we will look into potential reasons for this interesting statistic. If we find anything applicable, we will apply these lessons learned to reduce the average time spent to complete the course in future iterations. And of course, there will be future iterations. We will have cybersecurity awareness training again in the spring. For now, thank you to everyone who took the time to complete it last month.

The Virtual Scavenger Hunt was completed this year by four adventurous users. Many others attempted at least one week of the hunt. The winner of the grand prize drawing has been contacted and so have the weekly winners. Thanks for taking the time to chase down clues and answer the questions each week. We’ll do another hunt in the spring!

We also challenged everyone to “spot our phish”, or any phishing email, for the last two weeks of October. We had a great response to this and many of you were able to spot our test phishing emails. Over fifty were reported during that two week period, and over two hundred of you took the time to report a phishing email, whether it was a test email or a real phish. Our click rate, a measure of how many people were fooled by the test emails, was remarkably low. We sent out over 3000 emails and only twenty-six recorded a click. Congratulations on spotting those phishing emails! One lucky person who reported a phishing email won the waterproof Bluetooth speaker and case in the drawing. Thank you to everyone who reported a phishing email and thanks to those of you who came by our table in Krannert on the 27th of October. You were great at spotting the phishing emails and, as usual, had other great questions for us.

While on the topic of phishing, I’m sure most everyone has noticed an increase in the number of phishing emails coming to your Inboxes, and not just test emails from us. Slashnext.com, a security company covering email, browsers, mobile devices and more, recently released a report that determined there has been a 61% increase in phishing in 2022 over last year. The onslaught never seems to slow down. From “free pianos” to “documents shared with you”, the amount and variety of phishing emails has expanded noticeably. While our phishing test results were great, as mentioned above, we’re going to continue to test the community with phishing emails to see if we can maintain this level of awareness. To encourage participation in the process, we are going to hold a monthly prize drawing among those who report a phishing email for that month. Prizes are still being determined, so keep reading these newsletters to find out more.

That’s all I have for you this month. As the semester winds down, stay on guard against phishing emails and report them whenever you can. I know I have typed this a LOT this newsletter, but thank you all for your participation in the Cybersecurity Awareness Month activities. They are all designed to both inform and entertain. Be on the look out for new cybersecurity awareness posters coming out on Monday, November 7th. There will hopefully be information about the monthly prizes available on it.

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted.

Food For Thought

Our food for thought today again comes from CGP Grey and is on one of my pet peeves – traffic. While I disagree with his “final solution” (because I like driving, especially when there are no other “monkeys” on the road), it is probably the best solution, except that I work with computers, so I have a hard time trusting them with my life… With all that said, here ya go: The Simple Solution to Traffic

Featured Image: Berry Photos Collection/Sara Leimbach

Author

(Visited 54 times, 1 visits today)