CAM Week 2 – MFA and Securing Devices

Multi-Factor Authentication and Securing Devices at Home and Work (or School)

This week, as we did last week, we are covering two cybersecurity awareness topics. We’ll discuss securing devices at home and at work (or school) and we will cover multi-factor authentication and why you need it enabled on your account.

MFA

We’re talking about multi-factor authentication (MFA)!

We, as in the Office of Information Technology (OIT), have been talking about MFA quietly for about two years, but now we’re speaking up a little louder. You need to have MFA enabled on your account, now more than ever. Cybercriminals have increased the frequency and intensity of attacks, sending evermore sophisticated emails to try and convince you to click on a link or open an attachment.

If you click on a malicious link and enter your credentials on a fake login page, not having MFA enabled will allow the attackers to take control of your email account. This will also allow them to take control of other accounts and services you use, as your email username and password also grants you access to other resources associated with the college, like VikingWeb and Canvas. With MFA enabled, attackers won’t be able to log in to your account, even with your credentials.

It’s easy to get MFA setup. Simply email computing@berry.edu and request MFA be enabled on your account. You’ll get a response indicating it is active and you will be required to go through the setup process. There is a document available here that goes through the process or you can view a video that explains the process at this Microsoft Stream link. You’ll have to log in with your Berry email username and password to view the video.  The gist of the instructions is that you will need to install an app on your smartphone to be able to respond to MFA requests, then complete the setup process to link the app to your account.

The web page linked above also has a document explaining in more detail why we are doing this and answers some frequent questions, like “should I do this for all my accounts?”. SPOILER: You should! There is a link on this same page to the website Lock Down Your Login which has more information on how to secure your home, device and popular web accounts.

More information about MFA is coming soon. Keep an eye on your emails and the BerryOIT social media accounts on Facebook (@BerryColleOIT), Twitter (@berryoit), and Instagram (@berrycollegeoit).

Securing Devices at Home and Work

2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working and or attending class from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Here are some steps users can take to protect internet connected devices for both personal and professional use.

    • Make sure, as mentioned last week, your devices are all up to date.
    • If you are using a personal machine, not managed by the college, make sure you have up-to-date virus and malware protection installed.
    • Don’t bypass security features of the device…for phones and tablets, this primarily means assigning a passcode to secure them, and for laptops and desktops, this means having a password on all accounts on the systems.
    • If you are using a VPN, be sure it is up to date.
    • Don’t mix your personal files with your school or work files, and don’t make copies of sensitive college data and leave them your personal machine.
    • Following up on that, make sure that you are the only one who can access college data on your personal machine, if it is used by other household members. This may require you to create multiple accounts on the device.
    • Follow all college policies regarding use of OIT resources. If you feel any policy is hampering your ability to work or learn, bring it to the attention of OIT. Violating policy can expose you and the college to risk.

If you are still having difficulty with your Week 1 Virtual Scavenger Hunt answers and can’t get to the second week page, here are a couple more clues.

    • For question one, the types of factors are 1. Something you know 2. Something you have 3. Something you are
    • For question two, the answer is the result of 2 to the 6th power.
    • For question three, LastPass and 1Password are examples of this…
    • For question four, the first word of the example password is a four-legged animal
    • For question five, see the security awareness poster at this link or alternatively the answer is the square root of the answer for question two.

IMPORTANT: You don’t have to resubmit your answers on the week 1 form, but these clues should help you get the correct URL for week 2 of the scavenger hunt.

Finally, even though this post is not about “phishing” emails, per se, I want to remind everyone to please be very careful with unexpected emails, and report any phishing emails using the “Report Email as Phishing” button, available in the mail.berry.edu webmail interface and on mobile versions of Outlook, as well as the traditional Outlook client on PCs and Macs. It’s very important to report these emails using the button and not to simply forward them to Information Security, as this allows us to take action on these emails to protect the community.

 

Photo Credit: Photo by Brina Blum on Unsplash

COVID-19/Novel Coronavirus Information Security Precautions

NOTICE! Further updates to this page will be announced on the Berry OIT social media platforms. We’re on Facebook (@BerryCollegeOIT), Twitter (@berryoit), and Instagram (@berrycollegeoit). Please check back here often, as tactics will change almost daily based on new events related to the virus. Updates will continue to be added to the bottom of this page and dated for easy following.

While we all should be washing our hands more frequently, using hand sanitizer, avoiding large gatherings, limiting our travel, and taking other physical precautions in response to the coronavirus. we also have to take into account information security precautions.

Criminals will use every ruse they can to try and take your money, steal your credentials or infect your computer with malware, including promising “coronavirus updates”, “miracle cures”, and other information and services. Many of these phishing emails will be believable, not just because the criminals may take care to craft them accurately, but because almost everyone has at least some small innate fear of this mostly unknown virus. There is urgency and “scariness” built right in, as the coronavirus will most likely affect all of us, at least indirectly, at some point.

Please be especially careful with any emails that attempt to manipulate you using fear of the coronavirus. Avoid and report emails that request donations, or claim to have “inside information” about the virus and the associated disease, COVID-19.

UPDATE (3/18) – also stay away from apps in the Apple Store and Google Play that are coronavirus related. The vast majority are designed to steal your data and credentials or take over your phone, or both.

If you want more information about it, your best bet is to stick to major news outlets like CNN, MSNBC and Fox News for more reader-friendly summaries, and the Center for Disease Control and Prevention, the World Health Organization, and the Georgia Department of Public Health for more detailed and localized information.

Please also consult the college’s update page for dealing with the coronavirus.

Links to other sources of information will be posted here as the situation develops, but your first stop should be the page above.

UPDATE (3/18): Here is the NCSA resources page mentioned in the March 18th email. https://staysafeonline.org/covid-19-security-resource-library/

UPDATE (3/23): Coronavirus-themed phishing emails are arriving in campus email inboxes now. They promise everything from where to find masks and other protective gear to the fact that you don’t need a vaccine to beat the coronavirus (true, but irrelevant). Some are attempting to impersonate the World Health Organization and the Centers for Disease Control and Prevention. Don’t be fooled! Report or delete these emails, don’t follow any links, and don’t open any attachments. Rest assured the WHO and the CDC will not email you directly with updates. You can visit these sites from the links above, or if you have them bookmarked now, as some do, use your bookmarks or Google to find the sites safely.

UPDATE (3/23b): Scammers are now using the promise of government stimulus checks to try and steal your credentials and financial information. They are also attempting to impersonate the IRS to achieve the same goals, with the same lure (stimulus checks). Don’t fall for these tricks! The government will not contact you via email and ask for private financial information.

UPDATE (4/1): For those of you using Zoom for classes or other duties – Due to a bug in how Zoom handles web and file addresses in the chat feature, OIT strongly recommends that you do NOT send links to resources for classes (or work) via chat, nor should you open any links in the chat window. Please put resource links for all classes in Canvas, and treat any link in the chat window as you would a link in an email, VERY SUSPICIOUSLY! Also, please make sure you are following ALL of the recommendations from OIT about securing Zoom sessions if you are using Zoom to conduct classes. These are found in a March 19th email from computing@berry.edu.

UPDATE (4/1b): Scammers have no shame. One of the newest phishing scams out there tries to convince you that they are contacting you from a hospital and that they know you have had contact with someone infected with the coronavirus. The scam attempts to have you download and open the attachment, then proceed to the nearest hospital. The attachment contains malware and will infect your computer. Even during a pandemic, don’t open attachments.

Also, scammers have registered hundred of new domains over the past few weeks with “zoom” in them somewhere and the websites associated with them are handing out malware to unsuspecting users who click on them. The real domain for Zoom is zoom.us. There is never any reason to go to the Zoom website to use Zoom. Download the Zoom app to your computer and do your work there. Be VERY cautious with emails that purport to be from Zoom.

Finally, a group of scammers are going “old school” to infect users. They are mailing (yep, snail-mail) USB drives to potential victims, sometimes accompanied by gift cards or other lures to get users to plug them into their computers. Don’t ever plug in a USB drive of unknown origin into your computer! The USB drives sent by these scammers will install malware that will allow them access to your computer. Don’t fall for it!

Photo Credit: Photo by Dimitri Karastelev on Unsplash

Microsoft Update via Email is Fake!

A new scam going around is an alleged Microsoft Windows update delivered via email. The email instructs the recipient to “Please install the latest critical update from Microsoft attached to this email.” The attachment is actually a malware file that will encrypt all the files on the disk and demand a ransom, AKA ransomware.

Microsoft will NEVER email you an update, much less a “critical” update.

Please report these emails using the “Report Email As Phishing” button or simply delete them if that is not available to you.

If you have any questions about these emails please contact Information Security at x1750 (706-236-1750) or at infosec@berry.edu.

If have received one of these emails already and opened the file, please contact the Technical Support Desk at x5838 (706-238-5838) or computing@berry.edu.