MU’s Division of Information Technology is planning several new presentations and a social media campaign to educate students and faculty about Cyber Security Awareness Month in October.
In order to reach out to as many students possible, the Division of IT will be posting across various social media platforms such as Facebook, Twitter and Instagram.
“We understand that we’re never going to reach everybody,” information security officer Becky Fowler said. “Students get bombarded with all kinds of ‘care about this’ and ‘care about that,’ but this is definitely gonna give us more visibility than we’ve had in years past. So even if it’s not 100 percent coverage, it’s still an improvement over the number of people we’ve reached in the past.”
One of the biggest things that IT is doing this year is changing how it runs presentations. Instead of focusing on how many students attend, they’re requiring IT professionals to attend two of four presentations.
“This year the presentations are more focused on our IT professionals so the people that work an IT job … we’re trying to make them our cyber-security awareness ambassadors, so that they can help us then educate the people in their department, their faculty, staff, students on information technology,” business technology analyst Amanda Clough said.
One of the most common and dangerous forms of cyberattacks the division is trying to bring awareness to is phishing.
Phishing is a type of cyberattack where the attacker sends someone an email with a link in it in order to try and capture someone’s username and password from a certain site. Once attackers have that information, they may then have access to a number of sites a user employs.
“Phishing is probably one of the biggest threats to our university because it’s like a beachhead into our environment,” said Bryan Mooney, team leader of assessments and incident response. “So getting account information and distributing malware onto a machine, it’s really an entryway for attackers to get into our environment.”
Mooney wants to inform students, faculty and staff that there are a number of ways to protect themselves, but the biggest one is to keep passwords unique and private. If no one knows a password, then they can’t use an account and information associated with it.
“If we can educate our users on how to spot phishing emails, how to be cautious and proactive on defending their accounts and their information that they have control over, then we can do a whole lot of good for security and the university,” Mooney said.
Mooney will give a presentation on phishing on Oct. 24 from 10-11 a.m. in Memorial Union N206. He will talk about the different types of phishing, show examples of what common phishing schemes look like and how to report a phishing email.
“I’m going to talk about how to successfully report a phish, because our biggest asset in protecting our end-users is our end-users, so we need them to report a phish whenever they get it to email@example.com,” Mooney said.
Edited by Sarah Hallam | firstname.lastname@example.org