Mary Helene Hall
Mercer participated in National Cybersecurity Awareness Month for its third consecutive year in October.
NCSAM is hosted by the National Cyber Security Alliance and the U.S. Department of Homeland Security, and began as “a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online,” according to the National Cyber Security Alliance’s website. The program is in its 16th year.
The NCSAM Champion program represents companies, colleges, universities, schools and school districts, government organizations and nonprofits that wish to officially show their support for the month.
Mercer University is among over 1,000 NCSAM Champions this year.
The university has been a Champion for several years as a way to share important online safety information with the Mercer community, said April Mills, the director of IT Marketing Communications at Change Management at Mercer.
The theme for this year was “Own IT, Secure IT, Protect IT.” After identifying issues that are relevant to the Mercer students and faculty, Mercer IT chose to put a spotlight on learning to secure one’s online identity and privacy.
Information distributed to students via email throughout October focused primarily on creating strong passphrases and identifying and social engineering.
According to IT, phishing is one of the most prevalent cybersecurity issues on campus.
“That is one thing that we try to get out at every opportunity. That’s one that we struggle with for sure,” Mills said.
Mercer’s IT website defines phishing as, “attempts to trick you into releasing your email, bank, credit card, or other private information to an unidentified individual,” usually via email.
“Everybody at Mercer community gets phished,” Brett Walker, director of Help Desk and Field Support Services at Mercer IT, said. “Faculty, staff, students, administrators. It happens to everybody.”
When receiving an email, IT advises to check the sender and the content of the email closely, but most importantly, never share personal information. Anyone can be vulnerable to phishing, but Walker said it’s important to remain vigilant.
“If it looks like an email that you were expecting to get and you just let your guard down just a little bit, people can click and can give away their credentials to a hacker,” he said.
Due to website breaches in the last several years, creating strong passphrases is another topic that IT chose to focus upon this year.
When large companies’ websites are breached, emails and passwords can be gathered and used to attempt to log on to other websites. Walker said he has seen cases where accounts have been accessed due to data breaches because the victims use the same password on all of their accounts.
However, he said the key to avoiding accounts being stolen is a strong passphrase.
“There’s two key things: a strong passphrase, but a different passphrase for everything you do … some long phrase can’t be just hacked in a billion years,” he said.
Another method to protect accounts that could be acquired through phishing or data breaches is two-factor authentication. This can currently be on Microsoft 365 accounts, which would protect Mercer email accounts.
An initiative to require Mercer accounts to enable two-factor authentication is in the works, but “there’ll be pushback,” Walker said, despite the fact that it “protects them, their information, their money, and university information.”
“It’s a great thing and it’s there to protect students and faculty and staff and information and money. But, you know, people don’t like change, and they don’t like inconvenience … I would love to just turn it on. But that won’t go well,” Walker said
Mercer IT’s job doesn’t stop in October. They constantly update their “Security Alerts” tab on their website, said Denise Rogers, executive director at IT Client Support Services.
“That is basically an avenue that we use to communicate to students to let them know about any active phishing attempts and other types of security breaches that may impact them,” she said.
As for the future of Mercer’s involvement in NCSAM, Mills said that the streak of participation will go on for many years to come.
“We’re going to continue to participate each year and do our best to get the information out. And we will always highlight what we think is the most important at the time,” Mills said.