Welcome to February! We are well on our way through the spring semester, although it probably doesn’t seem so right now. I had a whole other newsletter planned for February, but this one is what came to me in the midst of a long, tiring weekend and tumultuous time of year. As I type this we are approaching what is arguably the most hated and loved day of the year – Valentine’s Day. As with all things, your perspective will determine your love/hate ratio for February 14th. I wish everyone good luck with your Valentine’s Day activities, or lack thereof.
I want to start our discussion with an examination of a different type of security, or safety, if you want to be pedantic about the topic. I’m referring to the various mechanisms in your vehicle to keep you safe. Modern automobiles have all kinds of safety technology in them to keep passengers safe. Strong, resilient frames, crumple zones, automatic braking systems and the like all contribute to the protection of the occupants. The most basic of these is the seat belt. This “two-part” system consisting of a lap belt and shoulder belt, even though most are the same physical belt, is arguably the most important safety feature in any vehicle and all the other incredible and amazing safety features are designed to work on the premise of the passenger wearing a seat belt.
Technology has provided us with amazing new vehicular safety mechanisms. From airbags to collision detection sensors to assisted braking systems, we now have a huge advantage in avoiding and surviving vehicle accidents. The National Highway Traffic Safety Administration (NHTSA) reported continued declining traffic fatalities for 2024, with ten straight quarters of reduction going back a few years. However, no amount of sensors, airbags, assisted braking, or collision detection will actually help you in the event of a crash unless your seat belt is fastened. The NHTSA estimated that for 2022, half of occupants killed in crashes were not wearing a seat belt. I understand that there are some who have difficulty wearing a seat belt due to the confining nature of the system, but I personally urge everyone to take advantage of this critical safety device. No one wants to go to a funeral for someone in their twenties (or any other age) as I did this weekend and find the whispered discussion to be the fact that if the deceased had been wearing a seat belt, they most likely would have survived the crash.
With that morbid discussion out of the way, let’s look at “basic safety equipment” from an information security standpoint. Your information security “seat belt”, much like most vehicle seat belts, consists of two parts:
- Strong, unique passwords and multifactor authentication (MFA)
- The ability to spot phishing emails
These two parts depend on YOU to implement them. While we as the Office of Information Technology (OIT) can mandate strong passwords, MFA, and phishing training, much like the government mandates seat belts be installed in every vehicle, you have to do the work of using good, unique passwords and strong MFA methods like the Microsoft Authenticator. You also have to take the time to learn how to recognize phishing emails. These two elements are just like you having to be the one to put on your seat belt in a vehicle. Failing to do both of these things is like buckling that seat belt behind you in the seat. It can result in not only losing control of your account to an attacker, but can open up your various accounts and the information and systems you are entrusted to protect, both personally and professionally, to theft and destruction.
OIT can wrap all kinds of advanced “safety” (read “security”) technology around our systems like activity logging, threat intelligence, active and automated responses, email filtering, and more, but all of that can be bypassed by not using the basics – using strong unique passwords with MFA, and stopping phishing attempts by learning how to spot them. With that said, I want to welcome you to our spring 2025 cybersecurity awareness training. Instead of a potentially 30-35 minute course, depending on how you do on the pre-test, that covers a broad range of topics, I have selected four training modules that require a total time of 20 minutes. I have focused on the “seat belt” of cybersecurity awareness – the two topics already mentioned – strong unique passwords with MFA and recognizing phishing emails. There is no pre-test for this set of courses, as I want everyone to be exposed to the basic ideas for both topics, even if you have heard them many times before. As an academic institution, we understand that a key element of learning is repetition, also called “consistent practice”. We will go back to a more expansive course with a pre-test in the fall.
Invitations will go out this week. There will be a soft deadline of spring break to complete this training, but the course will be open to complete through the last day of classes on April 29th. I want to thank you in advance for completing this training.
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn on MFA/2FA everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
Please continue to report those phishing emails! Avoid using “unsubscribe” links and report both spam and phishing via the “Report message” button.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell me how I can help and inform you.
Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.
Food For Thought
Back to music this month – grab your headphones! This is a bluegrass cover of one of my favorite songs by Elton John. The video is over a decade old, so the quality is not the best, but the talent on display is amazing. Am I normally a bluegrass listener? Absolutely not! It is not the first (or second, or third) genre I pick from my playlist, but this song is about to make it to my “short list” playlist that is my default playlist on my iPhone. Because Iron Horse “rocks”… Take a listen, especially if you like Elton John’s version and if you like this one, check out some of Iron Horse’s other covers on YouTube after you listen to this one. Putting “Iron Horse” into the YouTube search will be sufficient. I like their “Sweet Child O’Mine” and “Carry On Wayward Son” covers. Yep, they even cover Guns ‘n Roses and Kansas…in bluegrass.
Featured Image: Photo by Remy Lovesy on Unsplash
March News from Information Security
