Jamison Guice, Campus Carrier features editor
Kelsee Brady, Campus Carrier asst. features editor
In an age where technology continues to develop, users rely on it for many different services such as communication, transportation, information, purchasing and banking. The ability to access these services via internet, good intentions or not, becomes available in the palm of a person’s hand. Regardless of the many opportunities that are now available to the public, there are drawbacks if the user is careless or unaware of cyber security. For college students, many fall prey to malware such as phishing emails and viruses that disguise themselves as administrative officials, professors or other students on campus. Chief Information Officer Penny Evans-Plants and Daniel Boyd, director of information security, warn college students against clicking on unknown links and attachments of which they do not have prior knowledge.
“Students are targets because they are busy,” Boyd said. “They are broke.”
Many phishing emails that are sent to Berry students include job offers and email sign-in confirmations that the average student does not think twice about. According to Boyd, once the student clicks the link within the email, their login information becomes immediately compromised.
Boyd said to be skeptical of unexpected emails especially if they concern finances or government agencies such as law enforcement or the IRS. Also, if the email is from a sender outside of Berry, it will contain a banner at the top of the email that notifies the reader it is not from the Berry College domain.
Senior Rachel Bibbey, help desk director with the Berry Information Technology Students Program (BITS), said if the user is unsure of a link, they should Google it. That way, if it seems fraudulent, it can be verified before potentially clicking it.
“On Microsoft, if you’re ever suspicious about an email, you can put report phishing or report as spam, and it goes to us (BITS). Also, if you’re not sure, they always take a look at it and see if that is an attempt,” Bibbey said.
In the event that the user clicks on a link within a phishing email, Boyd said to immediately reset the password. If the password was used on other platforms, reset it on those also. To avoid being hacked on multiple sites, Boyd advises using different usernames and passwords for different websites. This way,
if one becomes compromised, others are safe. A password manager is a safe way to store usernames and passwords without the fear of forgetting or losing them. Some password managers include Bitwarden, Dashlane, LastPass and True Key.
“Use good password criteria,” Evans-Plants said. “It should never be your dog’s name, your date of birth or your phone number.”
Evans-Plants said there are sites that can create strong passwords or some that can judge how long it would take to crack the password. One site that is helpful is howsecureismypassword.net, according to Evans-Plants. Another site that can be helpful is the Berry College Information Security website, http://www.infosec.berry.edu, which documents known fraudulent emails, Bibbey said.
Using different login information becomes critical if major databases suffer a data breach. Over the summer, Berry students received an email informing them that login information for Chegg Inc. had been affected.
“Chegg was actually breached in 2018 but announcements didn’t come out until quite some time after that,” Evans-Plants said. “So, then you don’t even know that they’ve been breached and your data may be out there and you are using the same login credentials for multiple sites.”
Another tactic to guard against malware includes turning on multi-factor identification in Outlook. This is a two-step verification process that will provide more security to the user. If a student would like to have multi-factor identification set up, they have to contact computing, Boyd said.
“At some point, probably in the next year, we are going to require multi-factor for everyone,” Evans-Plants said. “It won’t prevent you getting the phishing emails but it will prevent your account from being compromised.”
If a phishing email is clicked, forwarding it to the Office of Technology or BITS will help notify the Berry community of future phishing emails that imitate the same format, Boyd said. Also, he said that this will allow IT to filter out similar emails.