November News from Information Security

Well, this has never happened before. This is the fifth year we’ve had a virtual scavenger hunt for Cybersecurity Awareness Month, but the first year that NO ONE completed it. I’m positive there are a myriad number of factors contributing to this outcome. It’s an election year, one that is wildly contentious. A classic match-up in the World Series stepped all over the third and fourth weeks of Cybersecurity Awareness Month, in a good way, not a bad one. You’ve been apprehensive (or annoyed) about our semi-annual cybersecurity awareness training (more on that below). We’re approaching the holiday season. Classes and tests keep everyone busy, both students and faculty. I get it. Now that it is November, the pace of everything starts to accelerate.

With all of that in mind, I am extending the Virtual Scavenger Hunt another week to allow SOMEONE to finish it and be eligible to claim the grand prize of the Sony Bluetooth speaker. The banner is still available on this site to start and you can run right through all four weeks with no waiting. I’ll even toss in another weekly participation prize for this extra week. While it won’t be a premium fidget spinner, it will still be cool. Click on the “Start Hunting” button and get going!

While we may not have wrapped up the Virtual Scavenger Hunt, Cybersecurity Awareness Month is officially over. We covered four major topics given to us by the National Cybersecurity Alliance during this month, including passwords and password managers, multifactor authentication, software and operating system updates, and how to recognize and report phishing emails. We also covered passkeys, proper use of your Berry account (which we are revisiting in this article), safe and ethical use of generative artificial intelligence, and reviewed “popular” phishing emails received by Berry users. I hope the articles were informative for you.

The technical difficulties preventing us from experiencing the semi-annual cybersecurity awareness training have been partially resolved. There will be an email sent out this week inviting you to take your training. Remember: if you do well with the pre-assessment, you will be able to skip part or all of the course. If you haven’t seen an email by Wednesday, November 6th, check your Junk folder or email infosec@berry.edu to let us know.

On to our November topic!

We’re revisiting a collection of topics we’ve addressed in the past. They cover the proper use of your Berry email account, whether you are a student, faculty member, or are on staff at the college. The first topic is about what types of communication are and are not appropriate for use with your Berry email address. You should not use your Berry email account for personal business, including correspondence with financial institutions like banks. You should also keep as much of your medical and insurance correspondence as you can on your personal account. There are some aspects of our insurance benefit that must be done through your Berry account, but for everything else, you should use a personal account. This recommendation also applies to things like utilities, household accounts, and other websites and services that are of a personal nature. By all means, if you receive some kind of discount for a particular service by using a .edu account, then do so, otherwise please keep all of that stuff in a personal account.

Why would this be a concern? While we like to think of ourselves as contributors to the academic world, which we are, we are also a business. Businesses get sued, audited, and involved in legal activity that may require the production of business records, including emails. It’s better that no personal information of yours is caught up in a legal exposure of Berry email.

This office takes the security of our information systems seriously, and we use a lot of automation to help protect us from cyber-attacks. Cyber-criminals like to use VPNs, anonymous IP addresses (if you don’t know what that is, don’t worry), and other methods to disguise their origin and prevent us from defending ourselves. The security systems we utilize here watch all login attempts on accounts, and when anomalous behavior occurs, action can be taken without requiring any human interaction. That action may disrupt attackers by resetting passwords or locking accounts it has deemed are under attack. It can also disrupt your valid use of your account.

All of this to say that if you use a personal VPN, such as NordVPN, Private Internet Access, the VPN capabilities of a tool like Norton or a similar product, including Apple Private Relay, you may lose access to your account. When the security system detects anomalous behavior from your account, like logging in from another country or completing “impossible travel” where you are logging into the system from one city, then logging in again from a city that is too far away to get to in the time between logins, it will take action to secure the account. This could include resetting the password, or locking the account entirely, cutting off your access to the account in the process. If you use a personal VPN, please exclude any connections to Berry resources, especially to your email or Office 365 programs from using the VPN. If you have no idea what I’m talking about, you more than likely are not doing this, so don’t worry. We’ll try to post a list of addresses to exclude from your VPN in the next few days.

Finally, as you use your Berry email account, we require you to do this as securely as possible. You agreed to this as part of the Acceptable Use Policy that was presented when you first logged in, whenever that was. This means you should use Outlook on your desktop or laptop, the web interface at https://mail.berry.edu, or the Outlook app on mobile devices and tablets. This allows the college to provide security for your email experience. It also allows you to easily report to us phishing and junk emails, or emails that are not junk that mistakenly get classified as such, so we can take appropriate action. Other clients will not allow you to do this. This also means you should not set all of your Berry email to forward to a personal email account. While this might simplify your email handling, it can potentially expose sensitive information and breaks some of the security we have carefully wrapped around the email experience. If you have questions about this, please let me know. You can email me at infosec@berry.edu or give me a call via the number listed in the “About” section on this website.

Welcome to November!

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

Please continue to report those phishing emails! Avoid using “unsubscribe” links and report spam via the “Report message” button, just like you would a phishing email.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the website.

Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.

Food For Thought

It’s amazing what just a few tweaks to a piece of music can do. This Food for Thought may not appeal to many of you, but I found it irresistible to post once I discovered more of the story behind this piece of music. The first video is an audio only exposition of a song called Let The World Hurry By, created by a group called Pretty Lights. You don’t have to listen to all of it (it is 7+ minutes long). It’s a fairly chill techo/dance track. It’s not the stuff of Top 40 radio, but it appeals to many, including me. The second video is a remix of this song by Ki: Theory called Cloverland, which was used in the soundtrack of the CBS/Paramount show SEAL Team during the first episode of season three. The chill dance song is now a throbbing, bass-heavy, he-man/superhero intro track you might hear at a UFC or WWE event, or at any event where you want to emphasize that what is coming next is straight-up awesome. Check it out! You might find your next two favorite groups (or at least a couple to add to your already eclectic collection of music).

Author

(Visited 94 times, 1 visits today)