Computer: <Shields down>
User: "Wait… What was that?!"
Due to the relentless attacks from nefarious forces on the internet, WPI is constantly being scanned for vulnerabilities in the attempt to exploit our weaknesses. Even our resolve and good judgement is regularly put to the test as CEO Fraud (AKA Business Email Compromise) phishing attacks impersonate our colleagues and supervisors in the attempt to trick our community into spending their money on gift cards or much worse, changing bank routing numbers, or wiring funds to the wrong destination. Both technical and social engineering attacks can be thwarted with technology but require everyone’s help to make this a reality. Recently WPI moved to multi-factor authentication for all WPI Active Directory accounts. By leveraging this technology we have been able to reduce the number of compromised accounts to nearly zero and have been able to successfully protect our users’ identities, email and data better than ever before. The second factor authentication is key to this success since it is something you have, like a cell phone or hardware token. You have this second factor but the bad guys do not.
This is a good start. Although, there is more that we, as a community can do to practice safe computing. The first is to actually use the WPI Office 365 email system. Understandably, it is very convenient to forward your email to a different vendor like Gmail or the like so all of your email is in one place. The risk in doing this is that a forwarded email message is not protected by WPI’s Office 365 email filters. Forwarded email is immediately sent offsite and that is that. However, if you use WPI’s Office 365 system itself and choose not to forward your email, you will receive the benefit of all SPAM and PHISH filtering as well as a team of Information Security professionals administrating Microsoft’s threat intelligence ecosystem to make your experience as safe as possible. Office 365 even has VIP impersonation protection to thwart social engineering attacks like CEO Fraud and Business Email Compromise phishing attacks. If you ever wondered why you received the email from the scammer and you colleagues have not, it might be because you forward your email and they do not.
Lastly, use the WPI VPN whenever you are not on campus. The convenience of WIFI everywhere can also bring a great risk to you and your safety online. WPI’s Information Technology professionals have provided everyone in our community the use of the WPI VPN. This VPN is state of the art and is behind a series of firewalls designed to protect your devices from malicious sites and malware while, at the same time, allowing you full access to all of the WPI services as if you were on campus. We would also like to take a moment and discuss “free” VPNs. As rule, these VPNs are not safe and you should not use them especially on campus. Not only is that violating the Acceptable Use Policy, but many of these VPNs are free because they use your device to proxy network traffic for others when you are not using the VPN. Any illegal network traffic emanating from your device is your responsibility and that is not “free”.
Please visit the links in Actions for examples and further information from external sources.