As if we don’t have enough excitement with the beginning of a new year, please take a few minutes before the semester gets into full swing and update your devices. This is good advice for any device, which can benefit from software updates and regular power-off/power-on cycles, but there are… Continue reading »
Beginning later this week, OIT will start deploying a replacement for our current Anti-Virus program, Sophos. Most people will not be required to perform any actions, and you likely will not notice the change. Sophos is being replaced with an Endpoint Detection and Response (EDR) tool called CrowdStrike. CrowdStrike… Continue reading »
Still following along but not feeling secure, or without care? I’ve summarized the last couple posts in this series in a handy grid below, organized by the two main areas, identity protection and software updates. While I don’t advocate printing it out, it can be easily copied into a… Continue reading »
You may remember from the first post of this series that the word “security” originates from the Latin roots of “se” and “cura” which literally means “without care”. Wouldn’t we all like to be secure and not have to deal with all this security stuff? You can…and it’s easier than… Continue reading »
Let’s talk threats for a moment. These days, threats are everywhere. Animals, diseases, other people, and even the weather can all present real challenges to the security of our lives. When it comes to the digital domain, most attacks are successful because of two major areas of weakness: 1. The… Continue reading »
I started my career in IT decades ago and I was always interested in the security of systems. Recently, I came across an old study guide for an information security certification I achieved in 2012. The guide was from 1998, and it reminded me that I’ve been doing this for… Continue reading »
Some faculty and staff computers will get new IP addresses on Friday morning. This should only be of importance to people who connect to their computers remotely or who run a webserver off their computer. OIT has attempted to exempt any computers which we know should keep their same IP… Continue reading »
Providing you have the appropriate modern defenses like MFA enabled for all of your critical accounts, including your Williams account, then these attacks are something that you should expect but not worry too much about. We can’t avoid them. They will occur. But when you receive a call, text or… Continue reading »
Multi-Factor Authentication (MFA) Fatigue Attacks – What they are, what they mean, and what to do. If you’ve been paying attention to securing your information, you’ve likely heard to use a second-factor with your authentication, going a step beyond the traditional credential pair of a username and password and using… Continue reading »
Process for managing data when an employee changes departments within Williams When a Williams employee changes departments (for example someone going from the Office for Information Technology to the Facilities department), Google shares, drives, calendars, email aliases and lists need to be manually changed. The employee, supervisor and possibly department… Continue reading »
Phishing, Smishing and Vishing is on the rise…don’t fall victim to these attacks! Welcome to NCSAM week 2! This week we’ll take an in-depth look at three of the most common social engineering attacks, and the characteristics that aid in correctly identifying them. But before we reach that three-way fork,… Continue reading »
Welcome to NCSAM week 2! This week we’ll take an in-depth look at three of the most common social engineering attacks, and the characteristics that aid in correctly identifying them. But before we reach that three-way fork, what do these have in common? All phishing attacks are an attempt to… Continue reading »
October is National Cyber Security Awareness Month – Brush up on your social engineering knowledge! CISA’s theme this year is “See Yourself in Cyber,” but half of their content was covered last year, when I shared info about passphrases, MFA, phishing, and how… Continue reading »
No matter your hardware platform of choice or what software you use, they all need updates from time to time, often to protect you and your data from loss or harm. Run through this brief checklist to ensure your systems are as ready as you are for the fall. 1. Install… Continue reading »
The PayPal image shown was alarming enough to encourage the victim in this case to call the number shown. Through a variety of social engineering techniques, the threat actor convinced the victim grant them remote access to their computer. So far, this is all bad news. Some good… Continue reading »
It’s officially summer, and the criminals hope to enjoy it with your money! The scams that the FBI has investigated recently involve a person that may contact you via LinkedIn offering some sort of cryptocurrency investment advice. They want you to invest in a platform or market that they recommend,… Continue reading »
What is Conversation Hijacking? This type of phishing attempt involves the attacker gaining unauthorized access to a “personal” email account, like Outlook, Yahoo, or non-Williams Gmail. Once inside that victim’s account, the attacker takes the time to read through the sent items to understand who the victim is corresponding with,… Continue reading »
Passwords, passphrases, answers to security questions, and all the other random yet important small bits of data. They combine to stress us out and test our memory. Passphrase manager apps can help out, providing a safe and secure place to store all that stuff so you don’t have to try… Continue reading »
UPDATE 10/25/21: We now recommend you re-add your printers by following the directions here: https://oit.williams.edu/announcements/adding-printers-for-windows-computers/ The campus is seeing Windows computers which have received a Microsoft update this week then being unable to print and unable to add new printers. Our current solution is to uninstall the particular update,… Continue reading »
Social Engineering is the psychological compromise of a person, which alters their behavior into taking an action or breaching confidentiality. One of the best ways to protect yourself against social engineering attacks is to be able to identify them as they occur. Types: Phishing – most common and found in… Continue reading »
Last week we covered the needed upgrade from passwords to passphrases. But that’s still not enough to appropriately protect your accounts these days. You need one or more additional factors for secure authentication. But what’s a “factor” anyway? A passphrase is one factor. It’s considered “something you know”. There are… Continue reading »
There’s a great illustration from XKCD that explains why a longer simple password is stronger than a shorter complex one. Based on current breach data, most people still use passwords that are only as long as the minimum length required. You can upgrade your security game by adopting passphrases for your… Continue reading »
Zero-day vulnerabilities are system flaws that are disclosed (by the software vendor) or found (by security researchers) but have not been patched yet. In this case, the problem lies in the MSHTML component within Windows, which is what Internet Explorer uses to display web pages and what Office uses to… Continue reading »
To protect your information, Google is making links to files in Google Drive more secure. This update will change links (URLs) used for some Drive files shared in 2017 and prior. On July 26, 2021, Google will send direct email notifications to Williams College Google users… Continue reading »
It is always a good practice to keep the software you use, both professionally and personally, update to date with the most recent version from the manufacturer. This is true for Operating Systems such as iOS, MacOS and Windows 10, as well as apps that are installed within them. Security… Continue reading »
Megamenu Social