September News from Information Security

Welcome to September! Classes are well underway, as are other activities like sports, clubs, jobs, and old routines (or maybe brand new ones). This new academic year brings us new challenges and new resources to face those challenges. The Office of Information Technology (OIT) is continually working to improve our defenses against cyber-attackers and I want to explain the ramifications of some of these improvements, as they may impact your user experience. I also want to preview the upcoming Cybersecurity Awareness Month activities, as October is right around the corner. Finally, I want to remind everyone (and introduce for the first time for newcomers) about our cybersecurity awareness training that we do twice a year.

We already require everyone to use multi-factor authentication or MFA to log into their Berry accounts. We use Microsoft services to apply this MFA requirement via the Microsoft Authenticator and other methods to provide a second factor to increase the security of your account. As part of additional licensing we completed last fall, Microsoft also keeps a virtual eye on how we log in to our accounts. For example, if I log into my account while on campus, then a few minutes later an attempt to log in is made from Vietnam, Microsoft will consider that second attempt “suspicious” and send a notice to our OIT staff that I had accomplished “impossible travel”. If Microsoft further determines that the network used is a known bad network, it will instead send a notice that an attempt to log in was made from a suspicious location.

How does this affect you? If you use a personal VPN on your devices to mask your location or shield your activities from your Internet provider, this could cause you problems when you attempt to log into your Berry account. Because VPNs will reroute your connections to appear to come from a different location, you may run into a situation where Microsoft first sees you log in from Berry, but later, when the VPN activates, it may see you connect from another city or country. It will flag this second login as suspicious and your account may get locked or your password reset. Popular personal VPN providers include NordVPN, Fastly, and Private Internet Access, among many others. Even Apple Private Relay is considered a VPN. Please don’t use a VPN to log in to your Berry account. Microsoft may flag these login attempts and your account may become temporarily inaccessible. Put an exception into your VPN settings or (better) turn your VPN off when using your Berry account. We’ll have more detailed information about this issue during Cybersecurity Awareness Month.

If you didn’t know, October is Cybersecurity Awareness Month, sponsored by the National Cybersecurity Alliance (NCA). Thousands of organizations, including Berry, will provide their users with activities designed to increase awareness of cyber-threats, inform them of ways to protect themselves from cyber-threats both at work/school or at home, and build community cyber-resilience. To celebrate cybersecurity Awareness Month this year at Berry, we will have an article posted here at this site each week expounding on the topics provided by the NCA and on local cybersecurity topics. Those topics vary each year and I will provide more details in the October newsletter. We will also have another virtual scavenger hunt! Follow the clues to advance through each stage of the hunt! We’ll have prizes each week and a grand prize at the end of the month. More details in the next newsletter!

We take cybersecurity awareness training seriously at Berry and we do it two times each year, once in the fall semester and once during the spring semester. The fall cybersecurity awareness course will open in a couple of weeks. You will get an email inviting you to take the course. The big change this year is that you can “test out” of taking the course. The new system we have provides you an opportunity to show your knowledge of cybersecurity awareness topics via a “pre-test” and exempt yourself from part or all the training. Be looking for an email from Information Security that will contain your invitation to the course. Good luck!

All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

Please continue to report those phishing emails! Avoid using “unsubscribe” links and report spam via the “Report message” button, just like you would a phishing email.

If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the website.

Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.

Food for Thought

It’s that “time of every four years” again…presidential election time. Get ready for the yard signs to be everywhere! And be prepared to see them for months! Here is an older Atlas Obscura article about election yard signs, complete with some origin information and a discussion on how effective they are, and as a bonus, a YouTube video dating from just before the previous presidential election discussing the same question of effectiveness.

The Weird Logic Behind Yard Signs in Politics

Author

(Visited 115 times, 1 visits today)