August News from Information Security

Welcome to the intentionally delayed August Information Security newsletter. I wanted to release this in conjunction with everyone returning to campus. First I want to welcome all our new faculty, staff and students as we begin this most interesting journey into the fall semester. I also want to welcome all the returning faculty, staff, and students who have been in various ways preparing feverishly (uh, maybe that’s not a good metaphor) striving earnestly for the start of classes.

You all have been inundated with safety information in relation to the coronavirus, COVID-19, or whatever name you want to use (I will simply use “virus” in this newsletter) to describe the virus that has upended our lives in such a profound way. I hate to be one to pile on, but in addition to the virus itself, all kinds of bad actors are afoot attempting to fool you into clicking on malicious links, submitting sensitive information, even giving up your passwords, many of them preying on the chaos caused by the virus. Please be extremely vigilant with any unexpected emails, and treat all email, at this point, with caution.

Internet criminals have no qualms about using any leverage they can to trick you. One of the latest ploys involved criminals spoofing the Small Business Administration loan relief website to try and steal information from you. Fake websites with false information about cures for the virus and government relief programs are rampant. Be very careful surfin’ the net out there.

I have some news concerning the InfoSec News and Information site (this site you are reading this article on). For the new folks (and even for returning folks who have never visited the site before), this site has a brand new look and feel. The style has moved from looking like a website from the early 2000s to now looking at least “2017ish”. I hope you like the new format and the easier navigation.

A downside to all this progress is that the transition has left the site without an events calendar, at least temporarily. I am looking for a new one and hope to get that squared away soon. Events will necessarily look a lot different for a while, but I hope to conduct some LunchITS training sessions this semester, via Zoom, of course, and I will continue to create and share new security awareness training videos. Keep checking back to see when the new events calendar shows up.

Also coming soon to the site is a “phishbowl” where you will be able to view examples of phishing emails so you can know what to look out for and also see just how desperate some people are to try and scam you. This should debut in the next week or so and will be accessible from the main page of the site.

I will, of course, continue to post warnings about phishing emails and notices about other information security topics. It will all be accessible here on the site, so bookmark it and check it regularly.

Here are some reminders (or “new information” for some of you)…

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and (eventually) the events calendar will return, where events like LunchITS training sessions and other opportunities can be found.

 

 

 

LunchITS – A Phishing Expedition

If the tsunami of phishing emails hitting the campus recently is causing you to doubt your ability to discern them, or you know you’re swamped and need a life preserver, come to Krannert 109 this Thursday, February 13th, at noon to go on a phishing expedition!

Director of Information Security, Dan Boyd will go over obvious and not-so-obvious ways to spot phishing emails. He’ll discuss the current tactics, techniques, and procedures used by phishers as they continually try to trip us up. There will be examples of current phishing emails to look over and you’ll get an introduction to a solid method to sniff out phishing emails quickly.

Bring a sack lunch or grab something in Krannert before coming down to room 109. We’ll start as close to noon as possible and wrap up before 1PM.

There is no requirement to RSVP for this training session, but it is appreciated. You can do so by simply emailing infosec@berry.edu.

February News from Information Security

Welcome to the much delayed February newsletter! I apologize for the tardiness of this edition.

There is a fair amount of news to share, some of it WAY overdue, so I’ll start there.

First, if you are using multi-factor authentication (MFA), you experienced a change in your password settings this week. I apologize for the unannounced change, that was not the way it was planned. The change includes two very important modifications to your password requirements – first, and most importantly, your password does not expire for 365 days! That’s a whole year to not have to worry about changing passwords. Second, and still very important – your minimum password length has changed from 8 characters to 14 characters. Yes, that is a big change, but it shouldn’t be an issue, as you have a whole year to come up with another password! The change was important due to the increased maximum password age. A 14 character password is exponentially harder to crack than an 8 character password. Your basic password security is still important. If you have issues creating a 14 character password, please take a look at the good password guidelines Quick Info guide here on the site. It is a good quick resource for creating strong passwords.

Second, please check the recent post on this site about a data breach on the Adult Friend Finder website. There were 22 Berry email addresses included in that breach.

The third item on our list refers back to the first one. If you are not using MFA, you should be! In addition to only having to change your password once a year, you get the added security of multi-factor authentication. All faculty, staff and students are eligible and encouraged to use MFA, not only for Berry accounts, but for all of your accounts that support it. Multi-factor authentication and creating secure passwords are two life skills many of us never thought we would have to learn, but here we are!

Fourth, there is a LunchITS planned for Thursday, February 13th from noon until 1PM in Krannert 109. Bring your sack lunch or grab something in Krannert and come learn how to quickly spot phishing attempts and get a clearer understanding of the tactics, techniques, and procedures used by phishers as they attempt to sink a hook into our organization.

Finally, in lieu of a topic of discussion here in the newsletter, take a look at this great SANS OUCH! newsletter for February about Social Media Privacy. It goes right along with information from our recent Data Privacy Day back on January 28.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.

 

Photo Credit – Photo by Yura Fresh on Unsplash