By the time you read this, Easter will have passed and April will be in its second week! I hope your Easter weekend was great, however you decided to spend it. We are now in the home stretch for the spring semester. Before we change months again, classes will be over, finals will be happening and we will all be preparing for the summer break. It will be here before we know it. In this last month of the spring semester, I want to bring back to mind some topics we have touched on over the academic year.
First, I’d like to reiterate my plea for you to not buy and sell property using your Berry email account. Since the March article posted, I’ve had two additional users conducting property transactions via their Berry accounts. Again, please don’t do this. You may put your transaction at risk if our systems quarantine or block your important document signing emails. Also, since the March newsletter, I have noticed another suspect use of Berry email accounts. This one is not financially hazardous, but in our current cultural environment, could cause some mental and emotional stress. You should not use your Berry email address to receive politically oriented emails, either funding requests, newsletters, or “alert blasts”. Many of these get caught by our email filters and if you are passionate about a given political party, initiative, or agenda, you could miss out on important emails. This is another one of those situations where it doesn’t affect the college as much as it might affect you. For the college, it’s just another few dozen emails that come through the system, but you might miss events or opportunities to support your causes.
I still see people submitting P-card and credit card information via regular email. I discussed why this was a bad thing in the March newsletter, so I won’t dive into that again, but since I am still seeing it, I thought I might mention it again. Also worth mentioning is the continued proliferation of phishing emails sent through legitimate services like Google, Zoom, Microsoft, Adobe and other systems that allow for notifications to users. Please be very suspicious of any emails purporting to be from any of these services, or services like them. You are an important part of stopping cyber-attacks, even with all of the fancy security systems we have.
The Office of Information Technology, specifically me, sent out an email last week warning all “iDevice” users to update their systems due to an exploit called DarkSword. If you are interested in what this was all about, there are plenty of articles floating around about the issue. Two of the ones I used to make the decision to send a rare mass email out about the issue are this one from Google, which is fairly technical, and this one from The Hacker News, which is a little less technical, but goes into more detail about the attack. We don’t generally like to send mass emails, but this one was deemed important enough because once a user followed the link in the lure email, there were no further clicks required to compromise the device. This “zero-click” or “no-click” attack is dangerous and provides little room for error on the part of the victim. Thank you to those who have let me know they updated their phones. It’s not necessary to let me know, but it is encouraging to know that some of you are following the advice.
If you have not completed the spring cybersecurity awareness training, you are officially late! The deadline was April 1st, so please go and complete your training as soon as possible. We will close the course in the next few days.
That’s all I got. I hope everyone’s April goes great!
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn on MFA/2FA everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
Please continue to report those phishing emails! Avoid using “unsubscribe” links and report both spam and phishing via the “Report” button.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so tell me how I can help and inform you.
Check out https://support.berry.edu for more information about OIT and the services we provide. You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications.
Food For Thought
For those of you (including me) who missed the Artemis II launch on April 1st, here is one of (probably) dozens of full launch videos on YouTube:
Featured Image: Photo by Daiga Ellaby on Unsplash
September News from Information Security
