October is often marked by chilly temperatures, high school football games and Halloween decorations. Hold on to your pumpkin spice latte, though; jack-o'-lanterns and fake spider webs may not be the only things to scare you this time of year.
October is also National Cybersecurity Awareness Month. This designation doesn't really get the attention it deserves, but we might need to rethink this oversight. Data breaches and cyber attacks are all around us. Remember this summer's Capital One data breach, which affected about 100 million customers -- more than 30 percent of the U.S. population?
Universities are particularly vulnerable to three types of cyber attacks, according to an article in the Chronicle of Higher Education, (which happens to quote IU Vice President for Information Technology and Chief Information Officer Brad Wheeler):
- Phishing: These scams are fraudulent messages sent from thieves posing as legitimate institutions or people (like your employer, university, internet service provider or bank) in an attempt to gain confidential information.
- Ransomware: These attacks are just what they sound like. When a computer becomes infected/compromised with ransomware, it begins to encrypt the files so no one can access them without paying a fee.
- Denial-of-service attacks: These attacks try to drown a computer system or network with a flood of data. "That is a great concern," Wheeler said. If someone has a beef with a university, they can "rent a mercenary army to flood your network pipes and knock you offline."
Scared yet? You should be. (Wheeler lists even more eye-opening facts in this "From the Desk" column, "Cybersecurity is worse than you think, and we need your help.")
Never fear: The experts at University Information Technology Services IT Training have you covered. Our staff offers a variety of engaging ways to promote cybersecurity awareness and education.
Check out our no-fee and fun cybersecurity programs for the IU community:
Escape room experience
In our Catch the Big Bad Wolf: A cybersecurity-themed escape room experience, your team will become part of the Sheep Dog Detective Agency as you hunt down and attempt to capture the elusive Wolfrid, the wolf in sheep's clothing.
No tech experience is necessary as your team learns basic cybersecurity concepts like how to spot phishing messages, create strong passwords and safely use external media like USB thumb drives.
Groups of IU students, faculty and staff are encouraged to try this escape room, as an educational experience or maybe even a teambuilding activity. We can accommodate all group sizes, from as few as four to more than 100.
Think Before You Click campaign
Our award-winning Think Before You Click cybersecurity marketing campaign launched in 2017 to educate faculty, staff and students on the nefarious tactics of cyber criminals.
The campaign features Wolfrid, the Big Bad Wolf, along with a cast of wily barnyard critters. These animals are resonating, and Think Before You Click has grown from a single phishing training session (available for request) to include:
- Four animated videos featuring everyone's favorite furry villain, Wolfrid. The videos cover topics such as how to report a phish and the basics of external email flagging. Watch them all at phishing.iu.edu.
- Several postcard mailings and one Wolfrid-themed IU Campus Bus for the IU Bloomington campus.
- A self-paced course, also featuring Wolfrid and friends. Sign up at go.iu.edu/outsmartwolfrid.
Here is my October wish for all of you: Celebrate all that autumn brings, from Halloween and crunchy leaves to midterms and cozy scarves. But take some time to prepare for a truly scary experience: a data breach of university information, or your own. As always, we here at UITS can work with you to identify the training your group needs to help improve cybersecurity and other IT skills.
Michele Kelmer is manager of digital education programs and initiatives at University Information Technology Services.