Why do we have these unwanted junk emails in a folder? Turns out the designers and implementers of email systems had a problem.
SUNY Brockport utilizes a Virtual Private Network (VPN) to provide off campus access to non-public services and applications. We have been utilizing VPN technology for many years, but there is still often confusion about what it’s for. In this article we will attempt to clarify some of the confusing aspects of this technology without diving into the technical details of how it works.
What is cybersecurity and how do we practice it? People often envision MIT graduates surrounded by burritos and Red Bulls furiously typing away on a Cray supercomputer. It’s the stuff of TV shows and movies. They pause ever so often to converse in the inscrutable language of computers. Then it’s right back to furious typing long into the night. The reality of cybersecurity, the most important aspects of it, are very different. Information Technology presents risks. We all have a role to play in
Recently SUNY Brockport email accounts have been getting phishing emails claiming students have unclaimed money.
What do phishers, scammers, criminals on the internet want? Increasingly they want user credentials.
The Family Educational Rights and Privacy Act (FERPA) is a surprisingly interesting law. The act was passed in 1974 in the wake of Watergate and President Nixon’s resignation from office. There was no congressional committee discussion about FERPA. It was added to the General Education Provisions Act as an amendment without much excitement or fan fair.
Historically in information security we have asked: what can a system administrator do to get employee buy-in to security practices? The more realistic question is: can a system administrator get buy-in for security practices? Are they the best role within the organization to encourage safe practices? Do they have the right skills? Should organizations be overly dependent on system administrators to impact security cultures?
As with anything easy and convenient, attackers have started manipulating the push notification process using a technique called “MFA Fatigue”.
On March 1, 2023, the White House published an updated National Cybersecurity Strategy. The newest strategy is significant for many reasons. The federal government has learned many lessons in the past 20 years from dealing with malicious nation state actors, widespread criminal activity, and overt election interference. Public/private partnership efforts undertaken since the first strategy release, have also clearly informed this newest strategy in some insightful ways.
How can I make my house more secure to protect my workplace resources without spending a ton of money and time? Heck, how can I better protect my personal stuff also at the same time? If company networks at Uber, Cisco, and others are being successfully attacked, my home network certainly doesn’t stand a chance.That is why the National Security Agency (NSA) recommendations related to working from home really got my attention back in February of this year (2023).
Recently SUNY Brockport experienced an account compromise leading to a campus wide phishing email. It was quickly reported to BITS and our office responded quickly to regain control of the account and assess what happened.
What is social engineering and how do we detect it?
For this article I wanted to compare what SUNY Brockport uses policies for versus what an Information Security Program uses policies for. In a program, policies are used to assign responsibilities to groups, positions or offices related to an organizational requirement that supports a strategic plan objective. In the perfect world of security planning, it all fits together in a very clear set of documents which begin with a strategic plan and end with specific procedures being implemented.
What is an information security program then? It combines all the projects and activities related to the protection of information and systems into one program that is managed with an organization wide set of goals and objectives. The program must be integrated into strategic goals of the organization and support them. Alright, so the program thing makes sense. But why combine everything together?
Newer devices support newer operating systems and provide additional security features built into the hardware. It's important to stay up to date in order to get the best protections.
Rarely do I hear the word “strategy” when talking with colleagues about cybersecurity issues and solutions. Usually, we are talking about products designed to address weaknesses in technology or the configuration settings of various services. For this month’s article, I will spend a little bit of time exploring what a strategy is and why the NYS Cybersecurity Strategy is important to consider.
Informing students that posting photos of found ID cards is not acceptable.