Despite the risks of generative A.I., we must continue to explore its potential with consideration to our obligations to protect privacy data.
With over 11,000 active community members receiving tons of emails per day, we know that current reporting is only a fraction of what it could be. The more reporting that we have, the better our security system works. It’s essentially learning from the crowd. To participate, people must utilize Outlook desktop, web, or mobile to report to our system.
Should we remove old user accounts? Such a simple but shockingly divisive question.
As a student information security analyst at Brockport, I had the opportunity to take on a hands-on role coordinating and running two phishing simulation campaigns aimed at our faculty and staff. The experience was both eye-opening and revealing, and it gave me a unique perspective on just how vulnerable even well-educated professionals can be to phishing attacks.
Informing students that posting photos of found ID cards is not acceptable.
Newer devices support newer operating systems and provide additional security features built into the hardware. It's important to stay up to date in order to get the best protections.
A significant number of scareware and tech support scams are being reported at the University. These scams involve a website pop up declaring a computer or phone is infected with a virus. The pop up will appear to be from a reputable company like Apple, or Microsoft. It will provide instructions for software to download or provide a tech support number to resolve the problem. It is important when receiving these scary messages and phone calls to take a moment to think about the situation.
What is information security risk?
The importance of computers today cannot be overstated. We rely on various applications daily, from web browsers and email clients to productivity and messaging tools. However, behind the benefits provided is a complex system where applications hold significant power over your computer and its processes. If not properly secured, these applications can become gateways for online attacks that can compromise your computer and personal data.
For this article I wanted to compare what SUNY Brockport uses policies for versus what an Information Security Program uses policies for. In a program, policies are used to assign responsibilities to groups, positions or offices related to an organizational requirement that supports a strategic plan objective. In the perfect world of security planning, it all fits together in a very clear set of documents which begin with a strategic plan and end with specific procedures being implemented.
What is an information security program then? It combines all the projects and activities related to the protection of information and systems into one program that is managed with an organization wide set of goals and objectives. The program must be integrated into strategic goals of the organization and support them. Alright, so the program thing makes sense. But why combine everything together?
Rarely do I hear the word “strategy” when talking with colleagues about cybersecurity issues and solutions. Usually, we are talking about products designed to address weaknesses in technology or the configuration settings of various services. For this month’s article, I will spend a little bit of time exploring what a strategy is and why the NYS Cybersecurity Strategy is important to consider.
What is cybersecurity and how do we practice it? People often envision MIT graduates surrounded by burritos and Red Bulls furiously typing away on a Cray supercomputer. It’s the stuff of TV shows and movies. They pause ever so often to converse in the inscrutable language of computers. Then it’s right back to furious typing long into the night. The reality of cybersecurity, the most important aspects of it, are very different. Information Technology presents risks. We all have a role to play in
The Family Educational Rights and Privacy Act (FERPA) is a surprisingly interesting law. The act was passed in 1974 in the wake of Watergate and President Nixon’s resignation from office. There was no congressional committee discussion about FERPA. It was added to the General Education Provisions Act as an amendment without much excitement or fan fair.
Historically in information security we have asked: what can a system administrator do to get employee buy-in to security practices? The more realistic question is: can a system administrator get buy-in for security practices? Are they the best role within the organization to encourage safe practices? Do they have the right skills? Should organizations be overly dependent on system administrators to impact security cultures?
How can I make my house more secure to protect my workplace resources without spending a ton of money and time? Heck, how can I better protect my personal stuff also at the same time? If company networks at Uber, Cisco, and others are being successfully attacked, my home network certainly doesn’t stand a chance.That is why the National Security Agency (NSA) recommendations related to working from home really got my attention back in February of this year (2023).
SUNY Brockport utilizes a Virtual Private Network (VPN) to provide off campus access to non-public services and applications. We have been utilizing VPN technology for many years, but there is still often confusion about what it’s for. In this article we will attempt to clarify some of the confusing aspects of this technology without diving into the technical details of how it works.
Why do we have these unwanted junk emails in a folder? Turns out the designers and implementers of email systems had a problem.