July News from Information Security

Welcome to the start of the 2021-2022 fiscal year! You’ve probably been scrambling over the past few days to get all those “end of the year” things completed. I know I have. Just because the “new year” is starting doesn’t mean that we aren’t already in full swing with many summer initiatives, including the Governor’s Honors Program, preparing for the fall semester, hosting camps, and just getting those things that must be done outside of the two main semesters done. This being the start of July, the Independence Day holiday approaches as I write this newsletter, but by the time most of you read it, the day will have passed, so I hope you all had a fun, safe, and meaningful time celebrating.

Continue readingJuly News from Information Security”

June News from Information Security

Please check the end of this article for a very late breaking notice about Amazon devices!

With the arrival of June, summer is in full swing. Welcome to the time when everyone else thinks we as a college community have it easy, when we all know that is NEVER the case. Summer is always busy, busy, busy on all fronts, but I’m preaching to the choir here. Between projects, recruitment, alumni events, college-hosted events and yes, even classes, everyone has their hands full, which makes us all prime targets of phishers and scammers.

“You say that every month!” you say. Yes, I admit I do, but I always have a new or forcibly recycled reason for why we are prime targets. I have both this time.

Continue readingJune News from Information Security”

May News from Information Security

May has arrived and if you are like me you are gearing up for summer while trying to finish up the semester. This frantic time of finals, final papers, showcases, productions, graduation, and all other manner of “showing your work” is in full swing. Good luck to everyone, whether you are taking tests, giving tests, grading tests, or something else. I know everyone is ready for a change. A change of season brings a change in many other things, including information technology and security. I have a couple of changes to pass along to the community, along with the normal warnings and reminders. Let’s get to it!

Continue readingMay News from Information Security”

April News from Information Security

Welcome to April and all that it means to this community! April is the month before the end of the semester in May. April means it is getting warmer and it’s time, if you haven’t already, to cycle in a new wardrobe of clothes for the fast-moving weeks at the end of the school year. I want to apologize for the tardiness of this newsletter. I was unavoidably out of work for a week due to problems caused by the massive amount rain we received back on March 25th. I know so many of you wait with bated breath for the first day of the month just to read my newsletter, so I apologize for the delay. </sarcasm>

Continue readingApril News from Information Security”

March News from Information Security

Whew! We made it to March!

While there won’t be some of the typical shenanigans we are used to experiencing in March, like Spring Break (sorry, I had to mention it), there are plenty of things to be aware of. This newsletter may run a little longer than most, as we are “enjoying” the result of a confluence of tax season, potential economic stimulus payments, Zoom meetings, COVID vaccines, plus all the regular stuff. As Maverick from Top Gun would say, this is a “target-rich environment”, except not for potential dates, but for phishing emails.

Continue readingMarch News from Information Security”

February News from Information Security

Welcome to February, the month of Valentine’s Day, Black History Month, World Cancer Day, Abraham Lincoln’s birthday, World Day of Social Justice, and many other international, regional, and country-specific days of remembrance and celebration.

This year it is also the time when a new Virtual Scavenger Hunt is launching, sponsored by Information Security and the Office of Information Technology. If you participated in and enjoyed the Virtual Scavenger Hunt back in October for Cybersecurity Awareness Month, you will love this one. No need to wait a week for the next set of questions-this scavenger hunt can be completed in an afternoon or evening (or morning, if you prefer).

The Scavenger Hunt will kick off on Monday, February 15th, the day after Valentine’s Day, so it is appropriately named the “Post V-Day Virtual Scavenger Hunt”. The hunt will conclude at noon on Friday, February 19th with a drawing that will determine who will win the four available prizes.

Two winners will be drawn from a pool of names made up of anyone who attempts the scavenger hunt. To qualify for that drawing, you only have to attempt the hunt and submit answers to at least the first day of questions, even if those answers are wrong. For the sake of clarity, I am calling these prizes “runner-up” prizes. They will consist of a collection of college,  OIT, and Information Security branded items along with a generous amount of Valentine’s Day candy.

Two prizes I am calling “grand prizes” will be awarded to two lucky people whose names are drawn from a pool of names of those who successfully complete the scavenger hunt. To qualify, you must complete the hunt by finding all the correct answers to the questions, then complete the form at the end of the hunt. The grand prizes will consist of a package including a super cool and vaguely Berry blue Rocketbook Smart Reusable Notebook (8.5″ x 11″) with a Frixion pen and microfiber cloth, seven additional Frixion pens in various colors, and a Rocketbook Pen Station pen holder. This notebook is reusable, eco-friendly and can scan your notes directly to a cloud storage provider like Google Drive, Dropbox, Evernote, OneNote, iCloud and others with the help of an app on your Android or Apple phone. There are lots of available accessories for these notebooks including folio covers, additional pens, and even “Beacons” which will allow you to scan information on a whiteboard  using the same app. Good luck! I will send a reminder about the scavenger hunt on the 15th.

I want to revisit a topic introduced in the January newsletter, which you can read at this link. Our new training platform is ready for use, with several short security awareness courses focusing on single topics like email phishing, other social engineering tactics, data security, passwords, and safe browsing. There is also a longer general security awareness course that incorporates all of these topics, spending substantially less time on each one.

If you would like to have access to this training, just go to the InfoSec News and Alerts site, click on “Latest Posts” in the main menu, then click on the link to the form, which is on the right-hand side of the page. You can also simply click this link to access the form.

If you are depending on Zoom to attend or conduct classes or for work, be sure to check out the Zoom resources provided here for tips and information on how to effectively and safely use Zoom.

If you don’t already have it, multi-factor authentication (MFA) is coming your way. This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. You can request MFA be enabled on your account or wait until you are automatically enrolled in the next few weeks. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events will be posted.

Food for Thought

Permanent link to this comic: https://xkcd.com/1016/

Featured Image: Photo by Jason D on Unsplash

Data Breach Notification: Nitro PDF

In September of 2020 there was a breach of the Nitro PDF service. There were 77 million records exposed, which included email addresses, names and passwords for the service.

There were 161 berry.edu or vikings.berry.edu email addresses included in the breach.

To find out if your information is included, you can go to Have I Been Pwned and enter your email address in the search form. While you are there, you can also sign up for breach notifications involving your Berry or other email addresses by clicking on “Notify Me” at the top of any page on the site.

If your information was included, be sure to change your password for the Nitro PDF service. Also, check your settings to make sure they have not been altered.

Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any page on this site.

If you haven’t signed up for multi-factor authentication (MFA), you will soon be enrolled by the Office of Information Technology. You can still request this additional security measure so you can set it up on your timeframe, before it is required.. MFA adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and Virtual LunchITS will be posted.