January News from Information Security

Welcome to 2021! Let’s hope it goes better than 2020.

Welcome back to campus. I hope everyone had a good holiday, stayed healthy, and is ready to charge through the spring semester. As you attempt to settle back in, I encourage you to take the time to reacquaint yourself with basic information security awareness.

In the fall, the college acquired a new training platform for security awareness. This content on this platform is authored by some of the foremost security experts on the planet. This group, known as the SANS (SysAdmin, Audit, Network, and Security) Institute, is the largest source for training and security certification in the world. They manage the Internet Storm Center, billed as “the Internet’s early warning system”, along with in-depth training and certification.

The new platform provides us with a rich set of training courses, supplemental materials, and course management options. Use of the platform is open to anyone in the active community of students, faculty, and staff. Courses for basic security awareness take about half an hour to complete, with some courses centered around specific topics such as FERPA, HIPAA, or PCI-DSS compliance taking up to an hour. You can request access to the platform by sending an email to infosec@berry.edu and stating you want access to the security awareness platform, or by filling out the training access form found here.

By choosing to take security awareness training, you can help the college fend off attackers, but equally as importantly, you can learn how to protect yourself, your home networks, your devices, and your various Internet accounts. It has never been more important to be aware of the tactics, techniques, and procedures attackers use to try and gain access to your devices and accounts. With COVID-19 came challenges to how we work, socialize, and live life, but along with those challenges came additional, and more potent attacks by the Internet bad guys. Not a day goes by without some phishing email landing in someone’s email inbox, or a text on a phone, or even a voice call, all attempting to separate you from your money, your accounts, and your peace of mind.

Courses on the platform include general security awareness as well as dedicated courses on phishing, account management, safe browsing, passwords and password managers, and device management. Once you are on the platform, you can choose to complete any or all of these courses.

There are also, as mentioned before, courses that target specific compliance and regulation topics. Some of you may be required to take one or more of these courses as part of your job responsibilities. If so, you will be notified via email and be given ample time to complete the training.

The last thought in relation to this topic is this-in an effort to raise the security awareness of the entire community, we are looking to make security awareness training a regular part of everyone’s routine. The frequency of training is being discussed, but it is likely to be conducted at least annually, if not biannually. This is not designed to torture you, or simply add to your workload, but to help you be vigilant, informed and conscientious in your everyday work. The SANS training starts with a module called “You Are The Shield”, emphasizing your role in being the first line of defense against attacks on the college that attempt to bypass our security technology by attacking you directly, via social engineering. We hope that by regularly providing training to you, you will be the shield.

Don’t forget, if you are not currently using multi-factor authentication (MFA), you will be sometime in the spring semester. We are continuing to roll MFA out to everyone on a schedule, but if you want MFA faster, please email computing@berry.edu and inform them you want MFA enabled on your account. You can find more information about MFA here, and you can find information on how to set up MFA in this document.

If you are depending on Zoom to conduct classes or work, be sure to check out the Zoom resources document provided here for tips and information on how to effectively and safely use Zoom.

Finally, Data Privacy Day is January 28th. Data Privacy Day is an international effort to promote the respect of privacy, safeguard data and enable trust. According to Stay Safe Online, a project of the National CyberSecurity Alliance,

Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action.

What action? The first and foremost goal is to manage your privacy and security settings for all your accounts. This page, on the staysafeonline.org site shows you how to manage your settings on many popular devices, accounts, and services. Go there first to secure your accounts and devices, then share the link with your family and friends so they can do the same.

As you are securing your accounts, if you notice any settings that you feel should be different or default to safer values, let that website or service know. There is little incentive for these companies to change their practices if no one complains about them. There should be a contact form on most sites, but if not, sending to support@whatever.site will usually get your feedback to the right place. Be sure to use the correct site address, i.e. support@facebook.com for Facebook.

Also on Data Privacy Day, which is a Thursday, I will be offering a lunchtime training event via Zoom which will cover passwords and password managers. Having a strong and unique password for every account you have is the first step in securing your data and making sure it stays private. You can sign up for the class by going to the Events calendar on this site and clicking on the event on January 28th. There will be a sign up/RSVP (Going) button once you open the event.

Look for a new Virtual Scavenger Hunt in February. It will run the week leading up to Valentine’s Day. The grand prize will be…somewhat Valentine’s Day themed. More details in the February newsletter.

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me.

 

Food for Thought

Featured Image: Photo by Waldemar Brandt on Unsplash

Cartoon courtesy of XKCD.com

Permalink for cartoon https://xkcd.com/2391/

(Visited 55 times, 1 visits today)