SECURE IT - March 2022

Today’s Top Security Threats and How They Impact WPI

In 2021 there was a significant increase in cyber-attacks across all industries, as hackers exploited the COVID-19 pandemic and the huge shift to remote work. The world of higher education cybersecurity has faced its share of new challenges and pressures in the past year. Here’s a summary of the top cybersecurity risks for WPI and what we are doing to mitigate these risks.

Ransomware

Several notable and highly publicized ransomware incidents occurred in 2021 causing business interruptions that impacted students and their ability to access educational resources. These attacks, in which perpetrators block access to data through encryption or other means until a ransom is paid, are increasing. Cybercriminals have found new and creative ways to extort universities by stealing sensitive information and then threatening to share it on the dark web unless a bounty is paid.

Poor Data Hygiene and Data Management

With so many employees working from remote locations, one risk to institutions remains top of mind – poor data hygiene. While proper data management has always been of key importance to protecting against data breaches, the remote workforce represents a risk as employees and students send unencrypted documents containing personal information back and forth via unencrypted emails or in messaging applications.

What is WPI doing to mitigate these threats?

Over the past 9 months we have stepped up our efforts to combat these threats. In 2022 we will focus our efforts on:

1. Educating students, faculty and staff with more robust security awareness training including simulated phishing exercises.
2. Improving our defenses against ransomware by implementing protections before, during and after an attack.
3. Increasing our focus on protecting university data by improving our data management capabilities.

Retiring Legacy Technology at WPI

Blackberry phones stopped working on January 4, signaling the end of an era. Blackberry users said goodbye to the iconic device on January 4, 2022. The phone's legacy software was decommissioned, meaning all classic Blackberry phones can no longer be used.

While this has almost no impact on WPI, there are other legacy technologies that do have an impact – for example email clients (PINE, IMAP, POP), Windows 7 computers, vulnerable software and alike. Each of these solutions have reached the end of their respective lives, and should be upgraded or replaced.

Legacy email clients, such as IMAP, SMTP, and POP3, will be discontinued by Microsoft.  Microsoft announced that they will be turning off Basic Authentication in Exchange Online in October 2022. Basic Authentication is an outdated industry standard, and threats posed by Basic Authentication have only increased. Legacy email clients and mail protocols such as IMAP, SMTP, and POP3 will no longer work. The best way to protect your account from malicious authentication requests made by legacy protocols is to block these attempts altogether.

Windows 7 End of Support:  After 10 years, support for Windows 7 ended on January 14, 2020. WPI computers running Windows 7 will still function, but Microsoft no longer provides technical support, software updates, security updates or fixes. While you could continue to use your computer running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware. Going forward, the best way to stay secure is on Windows 10.

What is WPI’s Strategy? Unfortunately, there are many systems and applications currently operational across WPI that are running unsupported versions of software. Going forward, WPI IT will be initiating a new program focusing on retiring legacy technologies and software. This is important to continually address the security risks involved.