Welcome to March and all that it means to our progress through this semester. This newsletter publishing during Spring Break is no accident. It is aimed squarely at faculty and staff. I want to take the opportunity to reiterate some cybersecurity awareness points I have been trying to make over the past few months. We’re not talking about good passwords or password managers or phishing. While all of those topics are important, I want to focus on two other very important topics: improper uses of your Berry College email account and the safe use of your Berry purchasing cards, or P-cards. Recent activity exposed by our cybersecurity systems show alarming practices that need to stop as soon as possible.
First, lets discuss improper uses of your Berry email account. I’ve generally always approached this from the other direction – what are proper uses of your account, but I now have to point out one particularly disturbing use of college email accounts. There have been numerous instances where college employees have used their Berry email account as the primary email account used in the purchase of a house or property. This is a terrible idea, not because it is not safe to use your college account for this activity, but because since this is a college account and could potentially handle sensitive college data, it is far more closely protected than most consumer email accounts.
One amazing aspect of home buying these days is the ability to get the mountain of documents that are required for these transactions signed electronically and immediately filed via any of the various document signing services. It is such a huge market there are document signing services that only handle property and home transactions. The college must be extremely careful with document signing requests. A massive amount of fraud is perpetrated via malicious document signing requests, so any such emails are closely monitored and deeply scanned by our cybersecurity systems. There is a high probability that a document signing request gets held up in our system. Sometimes the management of these security processes require the intervention of an actual human (that’s usually me). If you happen to be in the process of buying a house or property PLEASE DO NOT USE your Berry email account as your primary email contact. This is for your benefit. What if time is a significant factor in a successful transaction, i.e., you are in a competitive bidding situation? A delay could cost you that perfect house or property. Nobody wants that. The college will not be held responsible for any emails delayed by our cybersecurity systems. Use your personal email accounts when purchasing a new home or property.
The other disturbing practice, which I fully understand has been going on for years as “business as usual” is the submission of P-card information via unencrypted email. Those electronic forms you fill out with all of your P-card information and email back to a vendor to facilitate a purchase are P-card fraud waiting to happen. Even more egregious is simply putting your P-card information into a normal email and sending it to a vendor. If you then have a series of email exchanges back and forth with the vendor, the P-card information could be tagging along with every reply. This is analogous to putting on a blindfold and walking into I-285 traffic in Atlanta during rush hour. What happens when that email chain gets sent to the wrong person? It has already happened here, thankfully with no negative impacts (yet).
The era of sending P-card information via regular, unencrypted emails should be over. Reputable businesses should have a process where you can fill out a secure form on a website or provide alternative payment processes to complete a transaction. I realize that there are many entrenched providers for many departments and possibly no alternatives in some cases, but you should be insisting that your vendors take better care of your payment card information. When enough customers complain about insecurely sending card information, the vendor will eventually adapt. It may be that vendors you work with now via insecure means have a way to more securely handle your payment card information. Ask them. You won’t know until you ask, unless the company has been burned by fraudulent transactions and is now insisting that customers use more secure methods to pay for services and products. Either way, you have been entrusted by the college with this purchasing vehicle, so protect it as if it was your own.
I almost forgot! Please complete your cybersecurity awareness training as soon as possible. The intended due date for this is April 1st. Thank you to the 318 faculty and staff and 228 students who have already completed the training!
That’s it! A little heavy this month, I know, but I’ve seen enough of these two bad practices that it was time to address it. I hope everyone’s Spring Break is relaxing and/or productive, whichever way you are hoping it to be.
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn on MFA/2FA everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
Please continue to report those phishing emails! Avoid using “unsubscribe” links and report both spam and phishing via the “Report” button.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell me how I can help and inform you.
Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.
Food For Thought
I’m back to music this month because I was reminded of this song a couple of days ago. All you Gen-Xers out there should like this one. The Sundays, fronted by Harriet Wheeler, are one of my all time favorite bands. We’re closing in on the subject of this tune, one of my favorite songs, and this video is both beautifully shot and oddly weird, from the fruit on the walls to the mannequins in the tableaus. Enjoy!
And because their story is almost as incredible as their music, here’s bonus material about the band, because as many of you know, they produced three stellar studio albums, toured some (which was apparently not something they really enjoyed), and then just disappeared from the music scene in 1997. No farewell tours, no real goodbye.
Featured Image: Photo by Aleksandrs Karevs on Unsplash
February (2023) News from Information Security
