MENU
Computer and Wires

Cyber Security

Cybersecurity

Stop - Resist immediate action when receiving an email or text. Look - Check for anything unusual in the message. Think - If something seems In today's digital world there are many security concerns. Security awareness aims to persuade a computer user to follow behavior that will increase the protection of data and privacy when using a computer. Many safe computing activities such as installing malware detection software, keeping operating systems patched and up-to-date, using strong passwords, and avoiding harmful websites, are used together to protect computing resources and data. The more of these activities are used, the stronger the protection. By educating users on security awareness, we take the first step against defending our computer resources, data and information from these threats, which minimizes the damage and time it would take to recover from a breach.

Think you have an infected computer or compromised account/password? Contact Technology Support at 321-674-7284.

 

 

 

Email Security

Malicious actors often employ sophisticated techniques to deceive recipients and gain unauthorized access to sensitive information. Implementing strong email security measures helps detect and block suspicious emails, mitigating the risk of falling victim to such attacks.

According to the FBI, Business Email Compromise (BEC) scams are, by far, the most popular form of cybercrime, having accounted for half of the the business cybercrime losses reported between 2018 and 2023.

Here are tips for our end-users to protect University Data and prevent email compromise:

1. Use Outlook - the email client configured, managed, and provided by the IT team. There are several risks associated with using third-party email clients, not configured by IT to access University email. They include:

  • Using third-party email clients may introduce additional risks, as they may not implement/be compatible with all the security features configured into the primary application, configured by the IT department. An example of this is multifactor authentication (MFA) or the fact that the Phish Alert Button implemented by our IT team will not show up in the Gmail or iCloud client, as it was specifically implemented for Outlook.
  • “Safelinks in Microsoft Defender for Office 365” is a feature specific to the Outlook client and as such the use of third-party clients will not have the same link-checking feature that checks the links on emails to ensure they are safe before presenting them to the end-user.
  • From a technical standpoint, if the Outlook client is not being used, compatibility issues may arise, which could lead to data synchronization errors.
  • The IT department is unable to support third-party clients.

2. Do not auto-forward University emails to personal email accounts (Gmail, iCloud, etc.). Risks of uncontrolled email forwarding:

  • Another major risk includes data spill. Forwarding company email to third party clients (often personal emails) will result in company email being mixed with personal email or being introduced to an uncontrolled environment. If email forwarding is allowed to everyone, then this violates frameworks such as:
    • GLBA, since the financial information of the students are not being safeguarded and the information-sharing practices are below security standards (industry best practices).
    • FERPA, since the education records are no longer being kept confidential using all the security control policies put in place by the IT department once they are forwarded outside the scope of the University’s network. The IT department has no idea whether the client these emails are being forwarded to is protected by a firewall or has an up-to-date anti-malware software.
    • PCI-DSS compliance requires that cardholder information must be protected by a firewall and an up-to-date antimalware software. However, it is not possible to ensure that this is the case if email forwarding is permitted to everyone who asks.
  • Automatic email forwarding is a significant security risk because when you set all your email to forward to an external email address, you are circumventing the protections put in place to prevent University accounts from being compromised, such as the requirement for strong password rules and MFA.
  • Another risk of email forwarding is that if an account gets compromised, then bad actors could auto-forward emails to their own accounts as well. This would allow the threat actor to gain persistent access to the victim’s email. It does not matter if the victim turns on MFA, changes their password or does other administrative tasks to secure their email- once the auto forwarding rule is in place, the threat actor will have access to the emails as they are being forwarded to him/her.
  • Uncontrolled exfiltration of company data may also be a risk of auto email forwarding.
  • Threat actors see forwarding email as a way of bypassing MFA.

 

Edit Page