Articles (20)

April 2023 Security Topic - Junk Email Folders

Why do we have these unwanted junk emails in a folder? Turns out the designers and implementers of email systems had a problem.

April 2023 Security Topic - Virtual Private Networks (VPN)

SUNY Brockport utilizes a Virtual Private Network (VPN) to provide off campus access to non-public services and applications. We have been utilizing VPN technology for many years, but there is still often confusion about what it’s for. In this article we will attempt to clarify some of the confusing aspects of this technology without diving into the technical details of how it works.

August 2023 Security Topic - Organization Level Cybersecurity

What is cybersecurity and how do we practice it? People often envision MIT graduates surrounded by burritos and Red Bulls furiously typing away on a Cray supercomputer. It’s the stuff of TV shows and movies. They pause ever so often to converse in the inscrutable language of computers. Then it’s right back to furious typing long into the night. The reality of cybersecurity, the most important aspects of it, are very different. Information Technology presents risks. We all have a role to play in

December 2022 Security Topic - Fake Loan Forgiveness Emails

Recently SUNY Brockport email accounts have been getting phishing emails claiming students have unclaimed money.

February 2023 Security Topic - The Need to Protect User Credentials and Access

What do phishers, scammers, criminals on the internet want? Increasingly they want user credentials.

July 2023 Security Topic - FERPA and Cybersecurity

The Family Educational Rights and Privacy Act (FERPA) is a surprisingly interesting law. The act was passed in 1974 in the wake of Watergate and President Nixon’s resignation from office. There was no congressional committee discussion about FERPA. It was added to the General Education Provisions Act as an amendment without much excitement or fan fair.

June 2023 Security Topic - Moving Cybersecurity Beyond the System Administrator

Historically in information security we have asked: what can a system administrator do to get employee buy-in to security practices? The more realistic question is: can a system administrator get buy-in for security practices? Are they the best role within the organization to encourage safe practices? Do they have the right skills? Should organizations be overly dependent on system administrators to impact security cultures?

March 2023 Security Topic - MFA Fatigue Attacks

As with anything easy and convenient, attackers have started manipulating the push notification process using a technique called “MFA Fatigue”.

March 2023 Security Topic - U.S. National Cybersecurity Strategy 2023

On March 1, 2023, the White House published an updated National Cybersecurity Strategy. The newest strategy is significant for many reasons. The federal government has learned many lessons in the past 20 years from dealing with malicious nation state actors, widespread criminal activity, and overt election interference. Public/private partnership efforts undertaken since the first strategy release, have also clearly informed this newest strategy in some insightful ways.

May 2023 Security Topic - Work From Home Networks

How can I make my house more secure to protect my workplace resources without spending a ton of money and time? Heck, how can I better protect my personal stuff also at the same time? If company networks at Uber, Cisco, and others are being successfully attacked, my home network certainly doesn’t stand a chance.That is why the National Security Agency (NSA) recommendations related to working from home really got my attention back in February of this year (2023).

November 2022 Security Topic - Account Compromise

Recently SUNY Brockport experienced an account compromise leading to a campus wide phishing email. It was quickly reported to BITS and our office responded quickly to regain control of the account and assess what happened.

November 2022 Security Topic - Social Engineering

What is social engineering and how do we detect it?

November 2023 Security Topic: Info Sec Policy and the Brockport Policy Set

For this article I wanted to compare what SUNY Brockport uses policies for versus what an Information Security Program uses policies for. In a program, policies are used to assign responsibilities to groups, positions or offices related to an organizational requirement that supports a strategic plan objective. In the perfect world of security planning, it all fits together in a very clear set of documents which begin with a strategic plan and end with specific procedures being implemented.

October 2023 Security Topic - Information Security Program

What is an information security program then? It combines all the projects and activities related to the protection of information and systems into one program that is managed with an organization wide set of goals and objectives. The program must be integrated into strategic goals of the organization and support them. Alright, so the program thing makes sense. But why combine everything together?

Replacing Old Employee Devices

Newer devices support newer operating systems and provide additional security features built into the hardware. It's important to stay up to date in order to get the best protections.

September 2023 Security Topic - Strategy and Cybersecurity

Rarely do I hear the word “strategy” when talking with colleagues about cybersecurity issues and solutions. Usually, we are talking about products designed to address weaknesses in technology or the configuration settings of various services. For this month’s article, I will spend a little bit of time exploring what a strategy is and why the NYS Cybersecurity Strategy is important to consider.

Posting Photos of Found ID Cards on Social Media

Informing students that posting photos of found ID cards is not acceptable.