Graphic by Anna Lee
Data Privacy Month graphic
The annual Cybersecurity Awareness Month (CSAM) is currently underway, aiming to deter cybercrime and educate students on staying safe on the web. The Office of Information Technology (OIT) has events planned, hoping to increase students’ awareness of online risks.
Andrew Kotynski, the director of information security services, explained the initiative is about giving people a push to be aware of threats.
“Most people have a general awareness of security,” Kotynski said. “You tend to do it every day. Cybersecurity Month is a national program that gives everybody a little more oomph, to get it back up to the forefront.”
Katie McInerney, OIT training coordinator and chair of the Cybersecurity Awareness team, expressed concern about the increase in phishing attacks against staff and students at NC State. Phishing is the act of attempting to steal login information by posing as a legitimate organization.
“We have definitely seen an increase when it comes to phishing attacks here at NC State over the past year,” McInerney said. “Most people think it’s just targeting faculty and staff, but these hackers are also targeting students.”
According to McInerney, hackers’ methods are getting more intelligent.
“These bad actors are spending a lot of time researching and trying to identify certain users,” McInerney said. “They are able to find information about individuals online through social media. That is how they craft their attacks.”
Social media is a huge source of voluntary information, which can cause problems, Kotynski said.
“Oversharing tends to be a big thing,” Kotynski said. “Look at Facebook, they just had [a breach affecting 50 million accounts].”
There are five events this October planned by the Cybersecurity Awareness team. Two of interest are all about mobile device security; an iOS event on Wednesday, Oct. 17 and an Android event on Thursday, Oct. 18, both held at the Avent Ferry Technology Center.
McInerney also talked about CSAM’s headline event, a series of talks on fake news, to be held on Oct. 24.
“We’re trying to shake things up a little bit this year and really engage students,” McInerney said. “We have fake news experts from all over the Raleigh area who will talk for five minutes about their perspective.”
The event will feature not only experts in the field of fake news, but also refreshments, raffle prizes and free beer provided by Dell, courtesy of the NC State Brewery.
McInerney also said some new, sophisticated phishing scams can involve fake job offers or charity work.
“Hackers are sending emails to students, and they are claiming that they are a professor or hiring manager from a specific organization and they’re looking to hire students,” McInerney said. “They play on your emotional and sensitive side. They also play to you wanting a job, money, experience, as you go into the professional world.”
These offers all have a central catch, though. McInerney says at some point they ask for personal information and sometimes gift cards to various stores like Best Buy. Getting asked for a gift card by a seemingly legitimate organization is almost always evidence of a scam, according to the Federal Trade Commission.
“They might ask for data that might not seem too personal,” McInerney said. “An additional email address outside of NC State, or some other kind of common security-related questions that you might have to answer for password retrieval; the make and model of your first car, date of birth, mother’s maiden name.”
McInerney said that this information might seem innocent, but it can build a profile of someone and be used to try and get into various accounts. While it also might seem obvious, she also emphasized to never give out passwords.
“NC State or really any legitimate organization should never ask you for your password, especially over email,” McInerney said. “If users see any of those requests come through email, that’s a red flag.”
Being vigilant and educated on current phishing trends is important, but McInerney also discussed the importance of two-factor authentication, which can help against phishing attacks.
“We highly, highly encourage students to enroll in both of NC State’s two-factor services,” McInerney said. “We have Google 2-Step for your Google accounts, and we have Duo for anything protected by Shibboleth.”
Shibboleth is the login system that NC State uses for applications like Moodle and MyPack. Faculty are required to use both two-factor authentication services for additional security, but they are currently optional for students.
Kotynski talked about NC State’s “One Phish/2-Step” policy, which requires any victim of phishing to sign up for two-factor authentication after they have recovered their account.
“We reset your account, and you’re actually forced into two-factor, so that you don’t fall victim to it again,” Kotynski said.
CSAM may be halfway over, but Kotynski emphasized that students shouldn’t treat cybersecurity as an issue just during October. It’s important to be aware throughout the year.
“They key really is to be vigilant, don’t get complacent,” Kotynski said.
More details on the planned CSAM events can be found online.