Providing you have the appropriate modern defenses like MFA enabled for all of your critical accounts, including your Williams account, then these attacks are something that you should expect but not worry too much about. We can’t avoid them. They will occur. But when you receive a call, text or… Continue reading »
Multi-Factor Authentication (MFA) Fatigue Attacks – What they are, what they mean, and what to do. If you’ve been paying attention to securing your information, you’ve likely heard to use a second-factor with your authentication, going a step beyond the traditional credential pair of a username and password and using… Continue reading »
Process for managing data when an employee changes departments within Williams When a Williams employee changes departments (for example someone going from the Office for Information Technology to the Facilities department), Google shares, drives, calendars, email aliases and lists need to be manually changed. The employee, supervisor and possibly department… Continue reading »
Phishing, Smishing and Vishing is on the rise…don’t fall victim to these attacks! Welcome to NCSAM week 2! This week we’ll take an in-depth look at three of the most common social engineering attacks, and the characteristics that aid in correctly identifying them. But before we reach that three-way fork,… Continue reading »
Welcome to NCSAM week 2! This week we’ll take an in-depth look at three of the most common social engineering attacks, and the characteristics that aid in correctly identifying them. But before we reach that three-way fork, what do these have in common? All phishing attacks are an attempt to… Continue reading »
October is National Cyber Security Awareness Month – Brush up on your social engineering knowledge! CISA’s theme this year is “See Yourself in Cyber,” but half of their content was covered last year, when I shared info about passphrases, MFA, phishing, and how… Continue reading »
No matter your hardware platform of choice or what software you use, they all need updates from time to time, often to protect you and your data from loss or harm. Run through this brief checklist to ensure your systems are as ready as you are for the fall. 1. Install… Continue reading »
The PayPal image shown was alarming enough to encourage the victim in this case to call the number shown. Through a variety of social engineering techniques, the threat actor convinced the victim grant them remote access to their computer. So far, this is all bad news. Some good… Continue reading »
It’s officially summer, and the criminals hope to enjoy it with your money! The scams that the FBI has investigated recently involve a person that may contact you via LinkedIn offering some sort of cryptocurrency investment advice. They want you to invest in a platform or market that they recommend,… Continue reading »
What is Conversation Hijacking? This type of phishing attempt involves the attacker gaining unauthorized access to a “personal” email account, like Outlook, Yahoo, or non-Williams Gmail. Once inside that victim’s account, the attacker takes the time to read through the sent items to understand who the victim is corresponding with,… Continue reading »
Passwords, passphrases, answers to security questions, and all the other random yet important small bits of data. They combine to stress us out and test our memory. Passphrase manager apps can help out, providing a safe and secure place to store all that stuff so you don’t have to try… Continue reading »
UPDATE 10/25/21: We now recommend you re-add your printers by following the directions here: https://oit.williams.edu/announcements/adding-printers-for-windows-computers/ The campus is seeing Windows computers which have received a Microsoft update this week then being unable to print and unable to add new printers. Our current solution is to uninstall the particular update,… Continue reading »
Social Engineering is the psychological compromise of a person, which alters their behavior into taking an action or breaching confidentiality. One of the best ways to protect yourself against social engineering attacks is to be able to identify them as they occur. Types: Phishing – most common and found in… Continue reading »
Last week we covered the needed upgrade from passwords to passphrases. But that’s still not enough to appropriately protect your accounts these days. You need one or more additional factors for secure authentication. But what’s a “factor” anyway? A passphrase is one factor. It’s considered “something you know”. There are… Continue reading »
There’s a great illustration from XKCD that explains why a longer simple password is stronger than a shorter complex one. Based on current breach data, most people still use passwords that are only as long as the minimum length required. You can upgrade your security game by adopting passphrases for your… Continue reading »
Zero-day vulnerabilities are system flaws that are disclosed (by the software vendor) or found (by security researchers) but have not been patched yet. In this case, the problem lies in the MSHTML component within Windows, which is what Internet Explorer uses to display web pages and what Office uses to… Continue reading »
To protect your information, Google is making links to files in Google Drive more secure. This update will change links (URLs) used for some Drive files shared in 2017 and prior. On July 26, 2021, Google will send direct email notifications to Williams College Google users… Continue reading »
It is always a good practice to keep the software you use, both professionally and personally, update to date with the most recent version from the manufacturer. This is true for Operating Systems such as iOS, MacOS and Windows 10, as well as apps that are installed within them. Security… Continue reading »
The emails come from many different fake email addresses and target entire academic departments at once. Although they contain your name and some brief references to the academic discipline, these are very generic and not targetting any individuals. If you have received one they simply pulled your name and… Continue reading »
Around this time last year the IRS shared a notice regarding a new, aggressive phone scam targeting taxpayers. This year, the scammers have apparently invested in some automation and are using robocalls to threaten taxpayers with SSN suspension or cancellation unless their call is returned. Please do not… Continue reading »
Identity theft isn’t new, it’s been around since the 1800s. Anytime personal information is stolen and used to commit fraud, it is ID theft. The modern era has amplified the ability to commit this type of crime, and now we see frequent attempts to do this, especially during a crisis. Continue reading »
Happy Halloween, but beware the year-round trick-or-treaters! You may have a bowl of candy prepared for the ghosts and goblins to arrive soon, but are you prepared for the hackers too? They’re already at your doorstep and they have all they need to give you a good fright! Want to… Continue reading »
Shields Up! If last week’s update on current threats had you worried, this week we’ll explore what you can do about them using the FBI’s #1 Cyber Safety Tip: Keep software systems up to date and use a good anti-virus program This single tip has two main parts, one… Continue reading »
Threat Alert While the season for spooking is almost upon us, I don’t mean to scare you when I say we’re under attack, but that’s also not an exaggeration. Attacks are on the rise, specifically in Higher Education, where “The average number of weekly attacks per organization in the academic… Continue reading »
The NCSA, CISA and Williams College invite you to participate in Cybersecurity Awareness Month 2020 this October as we encourage all users to own their role in protecting connected devices. Do your part. #BeCyberSmart this October. More: https://staysafeonline.org/cybersecurity-awareness-month/ If you connect it, protect it. The line between our online… Continue reading »
Megamenu Social