January News from Information Security

UPDATED: See paragraph at the bottom explaining some of the discounts available to .edu address holders.

Welcome to a new semester and a new year! I hope this newsletter finds you settling in for an exciting season of learning, educating and working. We have a number of topics to cover, but they are pretty straightforward so this shouldn’t be a long newsletter, but be sure to read to the end for all of the new changes, important information, and suggestions on how to work, learn, and operate on the Internet more securely.

The first item on our list is a reminder that the “Phish Alert Report” button is gone. I say “good riddance”. While it performed its primary function well, it never wanted to play well with appearance changes or proper naming. Your new best friend as far as reporting phishing and spam emails is the “Report Message” button, which allows you to report an email as phishing, or as spam, or to mark it as something that should NOT be marked spam. You can make this last designation with another button in Outlook and the Outlook app (and on the web). It is labeled “Junk” and is tucked near the “Delete” and “Archive” buttons on the Outlook toolbar and in the three dots menu in the app and on the web.

One bonus in using the “Report Message” button is that if you have emails, say from a mailing list, that you have marked as “Not Junk” multiple times and the Microsoft algorithm hasn’t figured it out, you are welcome to email me and request I put the mailing list address on an exception list, which should prevent them from being sent to Junk. The best way to do this is to flag the email as “Not Junk” using the “Report Message” button, then immediately email me and let me know that you’re still receiving these in your Junk folder.

Our second topic is one that I know will elicit groans from many of you, but it is a fact of life when you spend time on the Internet. I’m talking about cybersecurity awareness training. We took all semester (and more) to complete the Fall 2023 training course, but here in the Spring we will take four (or maybe six) weeks. The course will come out in February and we will ask everyone to complete it by the end of March. The spring course will be about the same length as the fall course (maybe a little shorter) and dwell on two primary topics instead of trying to cover five or six. Be looking for an email inviting you to take the course. We are hoping to incentivize the completion of the course in some way this semester, maybe through some friendly competition between departments and classes. More details to come in the February newsletter and the invitation email.

I’ve mentioned our next topic before, but want to revisit and clarify our position on this subject. Here in the third decade of the 21st century, email addresses are plentiful and free. I want to encourage you, particularly faculty and staff, to keep only items related to your Berry work in your Berry email account. To be clear, you shouldn’t be using your Berry email account for regular communication with your personal banks, medical establishments, services and utilities, or other personal business.

There are two primary reasons to do this. First, you have to realize that all Berry email, particularly employee email, may at some point be involved in a legal dispute and subject to subpoena. This reality potentially exposes your personal information to entities that truly have no need to see it, and since there is no practical way to separate emails in an account between personal and work, it is better to simply keep personal activities out of your Berry email. This is not to say that you can’t use your Berry email to get discounts or access to services that are exclusively for people with .edu email addresses, because there are a lot of those and there’s no reason to prevent you from taking advantage of these offers. However, general day to day personal business should be moved to non-Berry accounts, particularly, as I have already mentioned, banks, utilities, medical facilities, and other potentially sensitive accounts.

Second, our security systems watch all email and files coming and going to our system for malware, spam, and other issues, including what is called data loss prevention or DLP. The purpose of DLP is to make sure that potentially sensitive data doesn’t leave our system via email or file shares (like in OneDrive). We get hundreds of DLP event notifications every week, and while most are benign in regard to college data, the process of sifting through those benign emails and events generated by personal business conducted via Berry email accounts is onerous, prone to false positives and worse, false negatives. False positives and false negatives both contribute to inaccurate security alerts and raise our risk profile, potentially making it more difficult to obtain cybersecurity insurance. Help yourself and help us by moving your personal business to a personal email account.

One final item I want to mention is Data Privacy Week. This is the last full week of January, the 22th through the 26th. The theme for this Data Privacy Week is “Take control of your data”. I will be posting one or two additional short articles that week highlighting some resources you should take advantage of. Be on the lookout for those right here on this site.

What discounts can I get with my .edu account?
Realize that a lot of the discounts in these two articles are primarily designed for students, but a good portion also include faculty and staff explicitly, and others don’t require enrollment verification through any of the verification services like Sheer.id, ID.me, Unidays, or Student Beans.

That’s it! As always, I would love any feedback about these newsletters. Are they helpful? Do you disagree with anything in them? I am eager to have a discussion about any cybersecurity topic you might have questions about.

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

Please continue to report those phishing emails! We hope to restart the prize drawings for those who report phishing emails, but don’t have a firm start date.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the website.

Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.

Food For Thought

Today’s Food For Thought is a video of a cover of a song that was written before some of you were born. It was originally written and sung by Tracy Chapman in 1987, released on her 1988 self-titled album, was nominated for three Grammy Awards and won one, then remained a favorite of that generation. After a couple of successful electronic dance remixes of the song, and a revival of it in the UK by Michael Collings in 2011, it was re-introduced, along with some controversy, to this generation by country artist Luke Combs, resulting in Tracy Chapman being the first Black woman to win the Country Music Association Award for Song of The Year. This video features neither Tracy Chapman nor Luke Combs, but Mary Spender, a British singer/songwriter who does a remarkable stripped down, but accelerated tempo cover of the song in the video below. You can also find the original Tracy Chapman version on YouTube if you want the full effect, and I highly recommend it. Enjoy.

Featured Image: Photo by BoliviaInteligente on Unsplash

(Visited 158 times, 1 visits today)