February News from Information Security

Welcome to February, the month of Valentine’s Day, Black History Month, World Cancer Day, Abraham Lincoln’s birthday, World Day of Social Justice, and many other international, regional, and country-specific days of remembrance and celebration.

This year it is also the time when a new Virtual Scavenger Hunt is launching, sponsored by Information Security and the Office of Information Technology. If you participated in and enjoyed the Virtual Scavenger Hunt back in October for Cybersecurity Awareness Month, you will love this one. No need to wait a week for the next set of questions-this scavenger hunt can be completed in an afternoon or evening (or morning, if you prefer).

The Scavenger Hunt will kick off on Monday, February 15th, the day after Valentine’s Day, so it is appropriately named the “Post V-Day Virtual Scavenger Hunt”. The hunt will conclude at noon on Friday, February 19th with a drawing that will determine who will win the four available prizes.

Two winners will be drawn from a pool of names made up of anyone who attempts the scavenger hunt. To qualify for that drawing, you only have to attempt the hunt and submit answers to at least the first day of questions, even if those answers are wrong. For the sake of clarity, I am calling these prizes “runner-up” prizes. They will consist of a collection of college,  OIT, and Information Security branded items along with a generous amount of Valentine’s Day candy.

Two prizes I am calling “grand prizes” will be awarded to two lucky people whose names are drawn from a pool of names of those who successfully complete the scavenger hunt. To qualify, you must complete the hunt by finding all the correct answers to the questions, then complete the form at the end of the hunt. The grand prizes will consist of a package including a super cool and vaguely Berry blue Rocketbook Smart Reusable Notebook (8.5″ x 11″) with a Frixion pen and microfiber cloth, seven additional Frixion pens in various colors, and a Rocketbook Pen Station pen holder. This notebook is reusable, eco-friendly and can scan your notes directly to a cloud storage provider like Google Drive, Dropbox, Evernote, OneNote, iCloud and others with the help of an app on your Android or Apple phone. There are lots of available accessories for these notebooks including folio covers, additional pens, and even “Beacons” which will allow you to scan information on a whiteboard  using the same app. Good luck! I will send a reminder about the scavenger hunt on the 15th.

I want to revisit a topic introduced in the January newsletter, which you can read at this link. Our new training platform is ready for use, with several short security awareness courses focusing on single topics like email phishing, other social engineering tactics, data security, passwords, and safe browsing. There is also a longer general security awareness course that incorporates all of these topics, spending substantially less time on each one.

If you would like to have access to this training, just go to the InfoSec News and Alerts site, click on “Latest Posts” in the main menu, then click on the link to the form, which is on the right-hand side of the page. You can also simply click this link to access the form.

If you are depending on Zoom to attend or conduct classes or for work, be sure to check out the Zoom resources provided here for tips and information on how to effectively and safely use Zoom.

If you don’t already have it, multi-factor authentication (MFA) is coming your way. This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. You can request MFA be enabled on your account or wait until you are automatically enrolled in the next few weeks. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events will be posted.

Food for Thought

Permanent link to this comic: https://xkcd.com/1016/

Featured Image: Photo by Jason D on Unsplash

March News from Information Security

Welcome to March and welcome to the March newsletter!

The arrival of March means all kinds of things are happening. Daylight savings time starts on the 8th, spring break follows not far behind that, we celebrate St.Paddy’s day, and spring is around the corner, but it might snow before that happens. Don’t believe me? Ask those of us who were here in 1993 about the BIG March snow…or don’t…you might make us feel old.

We’re two months removed from the holiday shopping season, but there’s ALWAYS online shopping happening, so check out this information from EDUCAUSE about protecting electronic payments.

Online sales in the United States grew to a record high of nearly 19 percent during the 2019 holiday season. At the same time, the convenience of using credit cards and other electronic payment services is compelling consumers to rapidly reduce their use of cash. The 2019 Diary of Consumer Payment Choice report shows that cash is used about 50 percent of the time for in-person transactions under $10 (for things like lunch or coffee). For larger purchases of $25 or more, cash is used only 10 percent of the time. Cybercriminals are taking advantage of the increase in electronic payments. According to the 2020 Cybersecurity Report from Check Point Research, mobile banking malware attacks increased 50 percent from 2018 to 2019. Here are some tips to help you safely use electronic payment sites.

  • Verify websites before entering important information. Clicking on a link may not take you where you expect to go. When shopping, banking, or making payments online, manually type in the website name (e.g., chase.com) instead of clicking on links in an email, social network post, or text message.
  • Look for deceptive emails and texts. Your bank or electronic payment processor won’t ask you to provide personal information or passwords via email, but scammers will. Watch this Consumer Reports video for examples.
  • Ignore phone calls from unknown and unfamiliar numbers. If you receive a phone call from someone who is urgently asking for money, there’s a good chance it’s a scam. Most of these calls can be safely ignored, but if you want to check, search for the organization’s website and find out for yourself. Don’t be rattled by threats over the phone.
  • Look for the lock icon in your browser. The lock icon in the address bar of your web browser shows that the website you’re visiting sends data in encrypted form. Never send money or pay for goods on a site without this important safeguard.
  • Public computers aren’t for private information. The computers in a hotel lobby or a public library may have a virus that records your activity, including any passwords you enter. Shop and make electronic payments only on a computer that you control.
  • Don’t use free Wi-Fi when making an electronic payment. The open nature of free Wi-Fi at cafes, airports, and other public venues makes it possible for others who are on the same Wi-Fi network to spy on your activities. If you cannot wait for another time to do your banking, use a VPN when using free Wi-Fi.
  • Consider getting a credit card just for electronic payments. If you decide to get a credit card or online account just for electronic payments, make sure the credit limit or available balance is low. This can protect you from a large loss due to online fraud.
  • Review your transactions regularly. Online banking allows you to check your account quickly and easily. Take time each day or each week to quickly review electronic payments. If you see charges you don’t recognize, notify your bank or payment application vendor (e.g., Venmo, PayPal, or Apple Pay) as soon as possible.
  • Check your credit reports to help spot fraud. Credit reporting services Experian, Equifax, and TransUnion are required to provide you with a free credit report once per year, so try to check one report every four months.

We depend more and more on electronic payments, so lets be sure to protect them.

There will be a LunchITS during March, it’s just not scheduled yet, so check back on the site to find out when it will happen. It will be on account security, covering passwords, password managers, and multi-factor authentication. If any of that sounds unfamiliar, then this one-hour training session is for you!

Security awareness posters will go out this week! Be looking for them in residence halls, Krannert, and college offices.

Check here on this site on the front page for some new data breach announcements. There are three (currently) and they should be posted by Wednesday.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.


Photo credit: Photo by rupixen.com on Unsplash

Data Privacy Day – Krannert Table

Come by the Information Security table in Krannert between 11:30 and 1:00 PM for information about protecting your privacy, the chance to ask questions and get answers face to face, and to pick up some delicious edible items.

December News from Information Security

It’s December out there (and inside wherever you are reading this)!

December brings with it lots of spending, lots of new gadgets, and lots of fraud! Cyber-criminals are chomping at the bit to steal your money, credentials, and anything else they can get their hands on. As you go about your holiday shopping, most of it probably online, keep these tips in mind for a safe holiday shopping experience.
1. As always, if it looks too good to be true, it probably is not true.
2. Don’t be sucked into shady shopping sites. Stick with reputable all-and-everything sites like Amazon, Walmart, and Target, or popular brand sites, like Gap, American Eagle, Home Depot and REI.
3. If you don’t regularly shop at a particular online store, don’t save your credit or debit card information there. Make your purchase as a guest, or fill out a one-time purchase form.
4. Be wary of brand look-alike offers and emails. Scammers know you are in a hurry already this time of year, so be extra cautious with all those “amazing deal” emails.
5. Be sure to check your credit card and bank statements regularly, but especially around the holidays.

In addition to these holiday shopping tips, I want to remind everyone that the idle workstation lock policy will go into effect in January 6th. Again, this simply means that most college maintained computers on campus, if left idle for ten minutes, will lock the desktop, requiring the user to enter their credentials to regain access. Information Technology has been working hard to make sure this policy does not impact computers in classrooms, meeting rooms, and other places where there is a potential for the policy to interrupt classes or meetings.

There will not be an Information Security table in Krannert during December or security awareness posters distributed, but both will return in January. Also returning in January will be the LunchITS security awareness sessions. There will be two of these in January, one on account security, and the other on general security awareness. They will be posted to the Events Calendar here on the News & Alerts site and on the college calendar.

Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me.

Also coming in the new year is another in-house written, filmed, and produced security awareness video. There will be an announcement in the January newsletter with more information.

It will be 2020 before there is another newsletter, so I hope you like the image above.

I hope you all have a wonderful holiday break, find amazing deals, and enjoy your time with your friends and family.


Photo by Annie Spratt on Unsplash