August News from Information Security

Posted by Dan Boyd Posted on August 21, 2023 0 Likes 622 Views
Posted in Newsletter Tagged , , ,

We’ve arrived. The last month of summer. It doesn’t mean the heat is going away any time soon, just that the semester is starting, and the campus has welcomed a new freshman class and returning students. I am sure the fall semester holds opportunity and adventure for all of us. I wish you all good health, good grades, and good fun as we begin the journey together.

This newsletter is intended to present useful and timely information to the college community, and this month is no exception. With changes in our cybersecurity awareness training, a change in how to report phishing and spam emails, changes in our wireless network, and changes in our computer configurations, there are LOTS of changes for returning students and for faculty and staff. New students are entering the college at a time when we have significantly improved our information security stance.

Let’s get the big, giant, massive, imposing, and scary elephant in the room out of the way first. Cybersecurity awareness training for the fall 2023 semester will be mandatory. Faculty and staff, you were not dreaming when Dr. Briggs announced this from the podium at the faculty and staff convocation. Yes, this is a change from previous years when this training was highly recommended, but voluntary. All faculty, staff, and students must complete the training during the prescribed time, which will be expanded to make sure everyone has the opportunity to do so. The training course will be available starting the week of August 21st, through both September and Cybersecurity Awareness Month in October, and will close on November 10th.

The material will cover cybersecurity awareness information like using strong unique passwords, spotting phishing and social engineering, and basic data security concepts. The estimated time to complete the course is 20-25 minutes and it does not have to be completed in one sitting. You will receive an email the week of August 21st inviting you to take this course. Reminders will be sent out every other week until October, when they will be sent weekly, and finally, in November, they will be sent daily. Completing the course will mean you no longer receive any reminders.

“Why is this mandatory?” is the question on everyone’s mind. Cybersecurity awareness has become a necessary life skill, like being able to change a tire on your car or operate a smartphone. We (“we”, as in, society in general, not specifically “you”) have adapted to changes over the years as we came to understand the dangers inherent in our activities. Robbers (or worse) could come to our house as we sleep, so we lock our doors and windows at night. Using the Internet unsafely could result in you losing your money, your job, your reputation, or any combination of these, which is why you must be aware of the many ways cyber-criminals can attack you.

In addition, government laws and regulations require us to meet certain levels of security readiness. For you, as a user of the college information systems, this means strong passwords, multi-factor authentication AND cybersecurity awareness. Since over 70% of breaches begin with some form of social engineering, users must be educated and aware of the common risks. This is why cybersecurity awareness training is now mandatory.

If you have any difficulty using the link in the email invitation to the training, simply go to https://myapps.berry.edu and click on the “Berry Security Awareness” app.

Got yet another phishing or spam (junk) email? If you are using the Outlook client or the Outlook app on your mobile phone, you can easily report that email to us. When viewing the email in the Outlook client, simply click on the “Report Message” button, choose whether the email is phishing or junk and then click “Submit”. If an email is in your Junk folder and you don’t want it to be marked as Junk, you can also do that from this button…just choose “Not Junk”. From the mobile Outlook app, simply touch the three dots menu when viewing an email, touch “Report Message”, choose Phishing, Junk, or Not Junk, and then submit it. If you are not using the Outlook client or Outlook app, you can still report the message by starting a new message, addressing it to “phishreport@berry.edu”, attaching the offending email to it, and sending it. Be sure to report your phishing and junk email…monthly drawings will be held for small, but neat prizes. To get in on the drawing, simply report a phishing or junk/spam email during that month. We’ll start in August!

UPDATE: I have late-breaking information about a phishing email that was sent on Friday. A user account was compromised and used to send out a fake HR email. Within minutes of it going out, over 30 people had reported it as phishing. That is amazing and a positive indicator of our security posture here at Berry. Thank you so much for reporting this email…all of you who reported it are entered into the drawing for August.

Our Network Operations team has been hard at work this summer working on the wireless network. The result of this work is that student residence halls have new network configurations that isolate student traffic from the campus network. This should not look any different for returning students, however, if you notice that there are network resources you no longer can access, please contact us and let us know.

If you are a student and need to print, please utilize the web-based print interface located at https://print.berry.edu to print documents to either the printers in the Memorial Library or Krannert. Once you log in, click on “Web Print” on the left side of the page and follow the wizard to print. There are both black-and-white and color printers available for your use. You can also see your printing allocation balance in that interface.

Faculty and staff may notice that there are changes with their Berry issued computers. The college is moving away from the Sophos anti-virus software for Windows computers to Microsoft Defender. Apple Mac computers are also moving away from Sophos to JAMF end-point protection. These changes are in progress and will continue until every machine is switched over. Also, we will be enforcing periodic reboots of all machines to allow updates to install. Please be sure to save your work before you leave for the day, as these reboots will occur during the evening and early morning hours. If you encounter any issues, or have questions, please contact us via our TeamDynamix support portal or by emailing (computing@berry.edu) or calling the support desk (x5838 or 706-238-5838).

Another change in end-user computer configurations helps us align with best practice security standards, and that is the removal of administrative rights on user computers. Having admin rights on a computer and logging in with those rights to do everyday work is very insecure and prone to exploitation. It is best practice to do normal work with as few rights and permissions as possible. This way, if you inadvertently click on a dangerous link, or open an infected attachment, the damage caused will be less than if you had admin rights to your machine. If you have questions about this change, please let me know by emailing (dboyd@berry.edu) or calling me (x1750 or 706-236-1750). This change should not affect the majority of users, but again, if you run into issues please report them via the methods mentioned above.

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

Please continue to report those phishing emails! Once the fall semester starts, we are holding a drawing at the end of every month for a small prize and all you need to do to enter the drawing is to report a phishing email.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the website.

Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.

Food For Thought

Magnets help us to do all kinds of things every day…listen to music, travel, move objects around, and generate power. Watch as the Slo-Mo Guys pit powerful magnets against each other in this amazing video.

(Visited 291 times, 1 visits today)
Post Views: 244