NCSAM Week 5 – IoT, MFA, and PhysSec

Welcome to the fifth and final week of National Cyber Security Awareness Month. I want to thank you for sticking with me through the whole month. All NCSAM articles are archived on this site, just click the NCSAM link in the top menu to find them.

Now, to our topics for this week.

First, in the “Own IT” category, let’s talk about IoT, or Internet of Things devices. These are all those “smart” devices we connect to the network and that do things automatically, remotely, or just through following our voice. They include everything from Amazon Echos to Google Home devices, toasters to coffee pots, and TVs to refrigerators. Whenever you decide to splurge on a “smart” device, be sure to read the manual, follow the setup procedures, ensure it is up to date, and above all, change any default passwords. Well made devices from reputable companies should have all of this documented either in physical format packaged with the device or online. Don’t just plug the device in, drop it on the network and forget about it. That smart toaster is really no longer a toaster, it is a computer that makes toast, with all of the issues inherent with computers. Again, follow the setup procedures, keep it up to date and make sure to secure it from improper access by changing any default passwords.

If only these devices required multi-factor or two-factor authentication (MFA, 2FA)! They would be a lot safer! In our “Secure IT” section, let’s talk about MFA/2FA and how it can add an additional layer of security to your accounts. MFA/2FA requires you to provide, in addition to a username and password, an additional unique identifier, called a factor, to complete the sign-in process. There are three kinds of factors:

  1. Something you know – a password, a pin, a secret code
  2. Something you have – a key, a phone, an ID card
  3. Something you are – a fingerprint, your face, your palm

MFA/2FA requires at least two different factors. You can request MFA/2FA be enabled on your Berry account by contacting the Office of Information Technology via email at computing@berry.edu.

Once you have enabled and configured MFA/2FA, even if someone were to guess or steal your username and password, they would not be able to access your account without the second factor. That’s some comfort, as data breaches happen every week and phishing emails get even harder to spot.

Finally, for our “Protect IT” topic, let’s talk about physical security. Many “hackers” do nothing more than listen in on sensitive phone conversations when the caller is not aware, or “shoulder surf” by walking by someone as they put in their password. You should be aware of your surroundings as you use your devices, particularly if you are accessing sensitive data like bank or credit cards numbers, medical information, or other private documents.

Physical security is not just related to information security, of course. Be careful as you move around your environment. Don’t prop open security doors or leave doors unlocked. Don’t allow anyone you don’t know to “tailgate” behind you through a secure door, like in a residence hall. If you need to go somewhere at night, find a friend or friends to go with you.

I hope this series of articles have been informative. Again, you can check out the entire collection of NCSAM articles here on this site by clicking on the “NCSAM” button in the main menu.

If you have any questions about any of this information, please either email me directly at infosec@berry.edu or, if your question is not about sensitive information and you think others might benefit from the answer, you can post your question to the Q&A page of this site. Just click on the “Q&A” in the main menu.

Check the table in Krannert on Thursday (Halloween!!) between 11:00 and 1:00 one last time for info and goodies and another chance to put your name in the pot for the prize to be awarded that afternoon.

Here is this week’s video, a (hopefully) funny clip about multi-factor authentication. You will have to log in using your email username and password to view the video on the Microsoft Stream service.

Students – here is your link

Faculty/Staff – here is your link