July News from Information Security

We’ve crossed the halfway mark for the year, and while the rest is technically “downhill”, it’s probably going to be a rough ride. Welcome to July! I know, we’re in week two and all of the festivities of the Fourth are over. I hope everyone had a great time relaxing in whatever way made you happy. As we charge toward the fall semester, I want to continue discussing a topic we’ve hit a number of times already and preview a change in email security that might affect how you handle Berry emails.

I’ve written a number of articles about artificial intelligence (AI), specifically generative AI, and how it can and will change how we work now and in the future. Generative AI relies on files called models to accurately answer questions and generate content. These models must be trained using data. Many current models have been trained by “scraping” data from publicly accessible websites on the Internet. This has led to a number of lawsuits over copyrighted material, but this is not our focus.

There are a number of security implications in using generative AI that are obvious, but one not-so-obvious security risk is the fact that, according to an article in The Hacker News, 7 of the top 10 most commonly used AI applications may use your data to train their models, including allowing human review and sharing with third parties. (NOTE: The article does not point fingers by naming any of these applications, nor does the website that conducted the original research – Wing Security. So unfortunately, I can’t tell you what they are, therefore, apply caution when using any applications with integrated AI.) The issue is that we gave them permission to do so by accepting the Terms & Conditions of using the applications. These permissions to use your data were (probably) just buried deep in the fine print.

The article continues by explaining the four specific risks of allowing these companies to use your data to train their generative AI models. The first risk is the exposure of intellectual property and/or sensitive data leakage. Potential exposure of business insights derived from your data is the second risk. This is a result of changing product features (based on AI model retraining) to take advantage of this insight. Companies will also share your data with third parties collaboratively to drive innovation, at the risk of exposing your data. Finally, there are concerns about compliance with data storage, usage and sharing rules that may be breached by the use of your data to train AI models.

How do you prevent companies from using your data to train their AI models, particularly if you have used a product in the past (pre-AI integration)? First, don’t give them your data. Don’t use the AI capabilities of certain products to analyze business or work documents. When this is not practical, you must make an effort to find the correct method to opt out of data usage for AI model training. Sometimes, this is in the settings. Many times, this requires a paid subscription to the service to opt out. Some companies require you to contact them via email to opt out of data usage.

If you have questions about any of your products that are now touting AI integration, please let me know. There will be more information about very common products with AI integration, like Windows 11 and Adobe Acrobat in future newsletters.

I’ve written a few times about the need to separate your work and personal activities, especially in relation to email. I’m revisiting this topic because the Office of Information Technology is preparing to make changes to our security systems that will prohibit the automatic forwarding of emails from your Berry account to an outside email address. This change will NOT prohibit you from opening an email and forwarding it to an address outside of the Berry email system (that would be silly), but it will prevent you from doing this using a mail forwarding rule.

As with all rules, there are and will be exceptions. This will not apply to student or alumni email accounts, only staff, faculty, and retiree accounts. Temporary allowances can be made to allow a retiree to move to a personal account or to allow a user who is leaving Berry to transition smoothly from their Berry email to another account. If you know of a valid business process that uses mail forwarding rules to redirect inbound Berry email to an account outside of the Berry system, please let me know and we can incorporate this exception into the new setting.

That’s all for July. Thanks for reading, and I hope everyone’s summer is progressing well and you are able to get “all those things” done that need to get done before the semester starts next month.

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

Please continue to report those phishing emails! Avoid using “unsubscribe” links and report spam via the “Report message” button, just like you would a phishing email.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the website.

Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.

Food For Thought

This month’s Food for Thought is really just food for the adrenaline junkie in all of us. How did you celebrate the 4th? Glacier View, Alaska celebrates the Fourth of July every year by launching cars off a 300 foot cliff. They use both a rail system and a “free” launch system (a wooden block jammed on the accelerator) to do so. Thousands come out each year to watch the spectacle. This footage is from 2023…

unfortunately I can’t seem to get the footage of the 2024 event on X (formerly Twitter) to embed on the page, but if you are interested you can search for it on X if the 2023 footage isn’t enough for you. Enjoy!

I found some 2024 footage on YouTube! Enjoy!

Featured Image: Photo by Stephanie McCabe on Unsplash

Author

(Visited 220 times, 1 visits today)