We’ve talked about multifactor authentication a lot on this website. It gets mentioned every month in the newsletter wrap-up. We’ve discussed many different ways that multifactor or 2nd factor authentication can work. Last year for Cybersecurity Awareness Month, we turned it into a cheer. So what is new with multifactor authentication? What do you need to know about how we require its use and what factors we recommend as most secure? In addition to answering these questions, we’ll talk about making careful use of your Berry email account and what is and is not appropriate use.
Before we get to this week’s topics, I need to mention an issue with the Virtual Scavenger Hunt. The web page that was at one point available to allow you to find the answer for the third question for week 1 is now gone. If you were unable to answer the third question, please check the page for the correct answer and move on to week 2 of the hunt. Sorry about that, it was available when I first created the hunt. UPDATE: I forgot the first question was also based on the same missing report. The answer is 79%. You would use 79 as part of your mystery URL.
I’ve received only three entries into the Virtual Scavenger Hunt so far. What’s up with that? Don’t you want to win a Sony Bluetooth speaker? Or maybe one of our cool weekly prizes of a premium fidget spinner? If you haven’t started the Virtual Scavenger Hunt, why not? You can join the hunt at anytime, you just have to start at the beginning. Click on the banner at the top-right of this page to get going.
Now, on to our topics for this week. Multifactor authentication (MFA) is your best friend when a website gets hacked and your password exposed. Even with your password, the cyber-criminal can’t get into your account without the second factor. This is why we require MFA, sometimes call 2nd factor authentication, for your Berry account. We are preparing to remove the ability to use a voice call or text as a second factor. Once we make this change, you will have to use the Microsoft Authenticator on your phone or a hardware key as a second factor. We originally planned to do this last year, but implementation was delayed for various reasons.
Of course, we encourage you to use the Microsoft Authenticator as your second factor on any site that supports it. If a site says it supports Google Authenticator, it will most likely support the Microsoft Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
As a student, faculty member, or staff employee you are issued a Berry email account that grants you access to far more than just email. Almost all of your online resources you access use that username and password for authentication. An email account that ends with .edu is a valuable resource. It can provide you access to discounts and perks because of your involvement with education. For that reason, you should be careful to protect it and only use it for Berry work and to garner these perks and discounts. To protect both you and the college, you shouldn’t use your Berry email account as your primary email address, particularly for sensitive emails and accounts like financial or medical services. Why?
First, since this is a “business” email account, it will potentially be subject to legal hold and examination if for some reason the college is presented with a lawsuit or other action. That is just the way email accounts in an organization are handled, for a number of reasons, many of which are out of control of the organization. If/when you have to leave Berry, whether through graduation or moving to another job, you may not want to have to rely on an email from an organization you no longer have a direct association with. Berry currently allows students to keep their account after they graduate, but these accounts are monitored for activity and dormant accounts will be closed. Employees who retire from Berry have been allowed to keep Berry addresses, but this practice will most likely have to change in the future to meet legal requirements and provide for adequate information security controls.
I’ve written about this topic before on this site in March of this year and mentioned some alternative email account sources if you don’t want to get a free account from the major players – Google, Microsoft, and others. Whichever way you decide to go, find a solid email provider that you can use that has the features you want.
IMPORTANT: The roll-out of our fall 2024 cybersecurity awareness training was delayed due to technical difficulties. You should get an invitation via email this week to begin the training. Please make every effort to complete it as soon as you can.
That’s all for week 2 of Cybersecurity Awareness Month. Jump on that Virtual Scavenger Hunt and raise your cybersecurity awareness level. “See” you next week!
CAM Week 4 – Security Awareness Training and The Future of Connected Devices
