CIO Monthly Note 11/30/2018

A New Security Alert from the Comptroller of the Commonwealth

While NECC is enjoying a new trend with no new phishing victims in a month, another college in our state has not had the same luck this week.  A successful phishing attack at another institution compromised a bank account.  This had no effect on NECC but did give us alert.

After learning this, we immediately reviewed systems here and found Michelle Tremblay, NECC Controller, and TD Bank already have measures in place that prevent this type of compromise.  Advancement also has effective measures in place.  These facts coupled with the careful attention we are all exercising as we evaluate email message validity has our college in a much better position than others.  Thank you all for your diligence and please keep the questions coming!

Two-Factor Authentication

You may recall from my previous notes two-factor involves providing a password (first factor) and also something you have (the second factor.)  Most commonly, the second factor is a text message or push to your cell phone.  By using two-factors, a criminal that has your password would also have to have your phone in order to login to your accounts.

TD Bank reminded me that it would be a good idea for all of us to request two-factor or other measures from our own personal banks.  For that matter, it is a good idea for you to request this security measure from any company you do business with online.

Here at NECC, we plan to implement two-factor authentication this spring on our employee email server after we have performed a required upgrade of the server.  Although everyone is doing much better recognizing phishing, this is an important security measure to ensure new and improved phishing attacks are not successful in the future.

Friendly Phishing

This simple exercise along with our regular annual training have certainly helped reduce the number of victims here at NECC and we hope it helps you all with your personal information security as well.  You can always review the annual training any time you like at https://edu.moatusers.com/ and your login is your college email address.  Actually let’s look at that link as an example.  It’s not pointing to the college address (necc.mass.edu) but you can see how the link reads and (if you hover over the link) where it goes are one in the same.  The service we use is in the cloud and is in fact located at moatusers.com.

Recent attacks continue to take you to addresses that end in .jp (Japan), .cn (China), .ru (Russia) and typically countries outside of the U.S.  This isn’t always the case but this is a good first check when trying to determine if a link is real or not.

So here is your friendly phishing for the month.  One of the links below is real in that it takes you to our online information security-training program located at moatusers.com.  Let us see if you can determine which one is real without clicking on them.  As always you can click on all of them to test yourself as they are all safe but again only one takes you to MOAT.

http://www.necc.mass.edu/security-training

Information Security Program

https://edu.moatusers.com/

http://runthecampus.com/edu.moatusers.com/

IT Master Plan

The Educause 2018 Students and Technology report continues to stress the need to improve awareness and support for accessibility issues.  The Accessible Media Team here at NECC has been working with ITS and the IT Committee this year to continue to improve our policy and software procurement procedures following the IT Master Plan.

If you would like to learn more or get involved, please stop by the IT Committee.  The next meeting is December 13^th 2:15 – 3:45 pm in A-112 (Haverhill) and LA-101 (Lawrence.)

Thank you,

Jeff