Here we are in November already…fall is here, the holidays are approaching, the semester is starting to wind down and we’re done with Cybersecurity Awareness Month! Prizes have been awarded for scavenger hunts and completing training (for students). We had 17 people complete the hunt and 33 others jump into hunting down clues and learning about cybersecurity at the same time. I hope everyone enjoyed the hunt.
Thank you so much for completing your cybersecurity awareness training for this semester…oh, wait? You haven’t? Tell me it’s not true! You should get on that, then, and get it completed before the course closes on Friday, November 7th. There will be no further extension of the deadline beyond the 7th. All statuses will be final on November 8th.
I want to thank all of you for whom the previous paragraph does not apply. As of the time I write this, there have been 888 of you who have completed the training. That breaks down into 448 faculty and staff and 440 students. Employees, please urge your coworkers to complete their training.
It really is important, and I say that because at the Educause conference last week, the number one concern (voted on by the Educause community) was collaborative cybersecurity, that being defined as “building a cybersecurity culture of shared responsibility, end-user awareness and training, and improved access to security services and support” (emphasis added by me). This stuff is important, not only because it is getting harder and harder to detect and prevent, but because the stakes are higher the more we depend on technology like artificial intelligence (AI) in all its forms. We not only have to be cybersecurity aware, but also keep our eye on the AI, so we know it is providing us good data and protecting the data we provide to it.
On the topic of protecting data…providing full credit card information in an email or in an attachment to an email is a completely unacceptable means of paying for anything. We are alerted every time a credit card number is sent via email and eventually, we will block this activity. If you can’t enter your credit card information into a secure web portal or handle the transaction in person, you need to find another vendor to work with or demand your preferred vendor update their technology. Why am I harping on this now?
Let’s take the example of paying for a service via credit card information sent in an email. You assume that the only people who will see this email with the payment information in it are you and the person you emailed it to, but that is rarely the case. Emails get forwarded to subordinates who actually provide the service and no one ever thinks to remove the credit card info from the email before forwarding it along. So now, a minimum of three people have seen the information. If there is a question about the request, it could be sent to yet another person, on either side of the transaction. There goes that payment information, bouncing along for the ride, and now visible to four, five, or more people. This is data loss just waiting to happen and potentially very expensive data loss. You might as well mail your physical card to someone – emailing it is equally dangerous. Don’t send credit card information via email, or in attachments to emails. Insist on a secure payment portal or complete the transaction in person.
That’s all I have for you for this November newsletter. Good luck and prayers to everyone as we head toward the end of the semester and the holidays.
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn on MFA/2FA everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
Please continue to report those phishing emails! Avoid using “unsubscribe” links and report both spam and phishing via the “Report” button.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell me how I can help and inform you.
Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.
Food For Thought
I’ll have some music back in the Food For Thought next month, but I stumbled across this video and it explained a lot, some of which I already knew, about our closest big city. I avoid Atlanta as much as possible, but it is impossible to avoid completely. For those of you who feel the same way, here is a succinct, if somewhat dry, explanation of why Atlanta is such a horrible place to navigate, despite it being a regional powerhouse of a city, with the world’s busiest airport, several company headquarters, and a rich cultural heritage. Short version: It just wasn’t planned well…or there was no planning at all…
Featured Image: generated by OpenArt https://openart.ai
August News from Information Security
