CAM Week 4 – Security Awareness Training and The Future of Connected Devices

Welcome to week 4 of Cybersecurity Awareness Month!

This is it! This is the last week to participate in the Virtual Scavenger Hunt (VSH)! I hope you have all successfully advanced to the fourth and final week, but if not, there are some clues later in the article to help you along. If you haven’t yet started, you still can, giving you a chance to win the Monster Isport Ear Buds Monster Clarity 102 AirLinks Wireless Ear Buds. Head over to the VSH start page (link at the bottom of the article, to not distract you from the main topics).

Security Awareness Training

An important part of equipping the Berry community to #BeCyberSmart is security awareness training. We’ve used security awareness training for specific groups here at the college for a couple of years now, but our goal is to expand our training platform to allow everyone to access the same training. One way we are working toward our goal is investing in a brand new training platform to replace the one we were using.

This new platform will eventually allow us to offer the same training to everyone, with the presentation tweaked appropriately for each part of our community – faculty, staff and students. More details will be sent as we roll out the new platform. If you are required to take security awareness training for your campus job, you’ll soon see it in your MyApps portal  at https://myapps.berry.edu. Hopefully, if we complete the expansion of the system in a few months, everyone will see it in the MyApps portal.

You also have the option to request security awareness training. Once the system is live, you’ll receive information on how to request that training. It will cover a variety of topics, including how to pick a good password (or 100 good passwords), password managers, how to spot phishing emails and other social engineering attempts, which will protect you and the college, and how to secure your accounts and devices.

The Future of Connected Devices

The future is all about connected devices. As mentioned in last week’s article, Internet of Things (IoT) devices include watches, shoes, and healthcare devices. We also have connected toasters, coffee makers, refrigerators, TVs, and doorbells. The IoT devices market is expected to reach $1.1 trillion by 2026 according to Fortune Business Insights. Who knows what we will have connected by that time?

In development right now are everything from smart contact lenses to smart roads, all of which must be connected to the Internet to work. The estimated number of devices connecting to the network by 2025 is well over 75 billion. One of the most important technologies to facilitate this is 5G networking. This new networking paradigm will enable this massive collection of devices to connect to each other and to us.

It’s an exciting time, but there is one fact that we need to understand as we connect “everything” to the network. Once a toaster is made “smart” and connected to the network, it is technically no longer a toaster. It is a computer that can also toast our bread and bagels. That means it must be securely connected to the network, kept up to date, and managed in some way. That puts a burden on everyone to #BeCyberSmart and understand the rewards and risks of connected devices.

Other Stuff

If you missed the Virtual LunchITS last week but want to learn more about how to spot phishing emails, it will be repeated in November, so check the Events calendar on this site to find out when. Like the previous LunchITS, it will be held over Zoom, will last under an hour and will give you a definite edge in spotting phishing emails. I encourage you to sign up and attend. You can do that right in the event. Just click on it in the Event calendar and fill out an RSVP. There is no cost, but to make the Zoom meeting secure, you must request access to the LunchITS so I can send you the link and the password.

Also, remember that the Office of Information Technology encourages you to sign of for Multi-Factor Authentication (MFA). This will add an additional layer of security to your Berry account. You can read about it at this page on the main Berry website. Email computing@berry.edu to request it.

OK, it’s time to throw some hints to those of you who can’t seem to make your Week 3 Virtual Scavenger Hunt answers get you to week 4.

For the first question – A common name for the answer to question one is “the mob”. Also, the DBIR is available at this URL – https://enterprise.verizon.com/resources/reports/dbir/
For the second question – The answer can be found right under the “Cut to the chase” heading.
For the third question – The answer is eight letters long.
For the fourth question – Scroll most of the way through the article to find this answer. It’s an “i” thing.
For the fifth question – The answer is precise to two digits past the decimal point. It’s also less than 6, but more than 5…

IMPORTANT: You don’t have to resubmit your answers on the week 3 form, but these clues should help you get the correct URL for week 4 of the scavenger hunt.

If you haven’t started the scavenger hunt, here is the start page. You have until 5PM on October 30th to complete the hunt. Good luck and happy hunting!

Virtual Scavenger Hunt Start Page

October News from Information Security

October is here! Did you know there are 190 official and unofficial “days” in October? I know, there are only 31 actual days, but many days are workhorses, serving as “the day” for multiple celebrations, from National Pumpkin Day to World Animal Day to the International Day of Non-violence. More immediately on many of our minds here at Berry, Mountain Day is around the corner, along with long-sleeve weather. October is also the height of “pumpkin spice everything”, and…Cybersecurity Awareness Month!

Yes, it’s Cybersecurity Awareness Month! Let’s just call it CAM. It used to be called National Cyber Security Awareness Month or NCSAM, but it is observed internationally now. You can find out about our planned topics on the CAM 2020 page. There will be weekly articles as well as a month-long virtual scavenger hunt…and prizes…and candy…and learning! Head over to the CAM 2020 page to check it out after you finish reading this article. Come on, stay focused here! There will be another link at the bottom of the page.

As already mentioned, look for weekly articles on various security awareness topics posted right here each Monday of October. They, along with the security awareness posters on all the residence hall bulletin boards and in Krannert, will be essential to completing the scavenger hunt. You might be asking yourself, why burn 5-10 minutes of time each week in October tracking down scavenger hunt items? Because everyone who completes the scavenger hunt will be eligible for a drawing for the grand prize of a pair of Monster Isport Ear Buds Monster Clarity 102 AirLinks Wireless Ear Buds

As a part of CAM, the Office of Information Technology (OIT) is strongly urging everyone to sign up for Multi-Factor Authentication (MFA) for their Berry account (and all other accounts you have, but we are particularly concerned with your Berry account). MFA brings another level of security to your account and can protect you if the password for your Berry account is exposed. The setup is easy, and you’ll be able to keep your Berry account password for an entire year, assuming it does not get exposed. Email computing@berry.edu and let them know you want MFA. MFA will be required for all current students, faculty, and staff soon, so you should beat the rush and get signed up now!

In addition to encouraging everyone to sign up for MFA, OIT is also encouraging everyone to sign up for security awareness training. OIT is implementing a brand new security training platform and we want as many as possible to experience the new system. While we will continue to focus on specific training for now, we are looking to expand the system to accommodate everyone as soon as we can. More details will be provided, either in one of the CAM 2020 weekly emails or the November monthly newsletter.

There are other ways to participate in training. You can attend a one hour, Zoom-based, focused training on phishing emails or passwords and password managers, or request one-on-one training on a particular topic. Since the theme for CAM is “Do Your Part – #BeCyberSmart” we encourage you to develop your cybersecurity “smarts” in whatever way fits your schedule and goals.

If, after reading the CAM2020 page and looking over the rest of the website, you think I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the calendar where events will be posted and you can register for these events.

The Berry CAM2020 page

Go directly to the scavenger hunt page!   This link will not be active until Monday October 5th,  2020, at 8:00AM

Upcoming Events

 

 

 

 

Featured Image: Photo by Joanna Kosinska on Unsplash

August News from Information Security

Welcome to the intentionally delayed August Information Security newsletter. I wanted to release this in conjunction with everyone returning to campus. First I want to welcome all our new faculty, staff and students as we begin this most interesting journey into the fall semester. I also want to welcome all the returning faculty, staff, and students who have been in various ways preparing feverishly (uh, maybe that’s not a good metaphor) striving earnestly for the start of classes.

You all have been inundated with safety information in relation to the coronavirus, COVID-19, or whatever name you want to use (I will simply use “virus” in this newsletter) to describe the virus that has upended our lives in such a profound way. I hate to be one to pile on, but in addition to the virus itself, all kinds of bad actors are afoot attempting to fool you into clicking on malicious links, submitting sensitive information, even giving up your passwords, many of them preying on the chaos caused by the virus. Please be extremely vigilant with any unexpected emails, and treat all email, at this point, with caution.

Internet criminals have no qualms about using any leverage they can to trick you. One of the latest ploys involved criminals spoofing the Small Business Administration loan relief website to try and steal information from you. Fake websites with false information about cures for the virus and government relief programs are rampant. Be very careful surfin’ the net out there.

I have some news concerning the InfoSec News and Information site (this site you are reading this article on). For the new folks (and even for returning folks who have never visited the site before), this site has a brand new look and feel. The style has moved from looking like a website from the early 2000s to now looking at least “2017ish”. I hope you like the new format and the easier navigation.

A downside to all this progress is that the transition has left the site without an events calendar, at least temporarily. I am looking for a new one and hope to get that squared away soon. Events will necessarily look a lot different for a while, but I hope to conduct some LunchITS training sessions this semester, via Zoom, of course, and I will continue to create and share new security awareness training videos. Keep checking back to see when the new events calendar shows up.

Also coming soon to the site is a “phishbowl” where you will be able to view examples of phishing emails so you can know what to look out for and also see just how desperate some people are to try and scam you. This should debut in the next week or so and will be accessible from the main page of the site.

I will, of course, continue to post warnings about phishing emails and notices about other information security topics. It will all be accessible here on the site, so bookmark it and check it regularly.

Here are some reminders (or “new information” for some of you)…

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and (eventually) the events calendar will return, where events like LunchITS training sessions and other opportunities can be found.

 

 

 

LunchITS – A Phishing Expedition

If the tsunami of phishing emails hitting the campus recently is causing you to doubt your ability to discern them, or you know you’re swamped and need a life preserver, come to Krannert 109 this Thursday, February 13th, at noon to go on a phishing expedition!

Director of Information Security, Dan Boyd will go over obvious and not-so-obvious ways to spot phishing emails. He’ll discuss the current tactics, techniques, and procedures used by phishers as they continually try to trip us up. There will be examples of current phishing emails to look over and you’ll get an introduction to a solid method to sniff out phishing emails quickly.

Bring a sack lunch or grab something in Krannert before coming down to room 109. We’ll start as close to noon as possible and wrap up before 1PM.

There is no requirement to RSVP for this training session, but it is appreciated. You can do so by simply emailing infosec@berry.edu.

February News from Information Security

Welcome to the much delayed February newsletter! I apologize for the tardiness of this edition.

There is a fair amount of news to share, some of it WAY overdue, so I’ll start there.

First, if you are using multi-factor authentication (MFA), you experienced a change in your password settings this week. I apologize for the unannounced change, that was not the way it was planned. The change includes two very important modifications to your password requirements – first, and most importantly, your password does not expire for 365 days! That’s a whole year to not have to worry about changing passwords. Second, and still very important – your minimum password length has changed from 8 characters to 14 characters. Yes, that is a big change, but it shouldn’t be an issue, as you have a whole year to come up with another password! The change was important due to the increased maximum password age. A 14 character password is exponentially harder to crack than an 8 character password. Your basic password security is still important. If you have issues creating a 14 character password, please take a look at the good password guidelines Quick Info guide here on the site. It is a good quick resource for creating strong passwords.

Second, please check the recent post on this site about a data breach on the Adult Friend Finder website. There were 22 Berry email addresses included in that breach.

The third item on our list refers back to the first one. If you are not using MFA, you should be! In addition to only having to change your password once a year, you get the added security of multi-factor authentication. All faculty, staff and students are eligible and encouraged to use MFA, not only for Berry accounts, but for all of your accounts that support it. Multi-factor authentication and creating secure passwords are two life skills many of us never thought we would have to learn, but here we are!

Fourth, there is a LunchITS planned for Thursday, February 13th from noon until 1PM in Krannert 109. Bring your sack lunch or grab something in Krannert and come learn how to quickly spot phishing attempts and get a clearer understanding of the tactics, techniques, and procedures used by phishers as they attempt to sink a hook into our organization.

Finally, in lieu of a topic of discussion here in the newsletter, take a look at this great SANS OUCH! newsletter for February about Social Media Privacy. It goes right along with information from our recent Data Privacy Day back on January 28.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.

 

Photo Credit – Photo by Yura Fresh on Unsplash