As the reliance on email and digital platforms has increased, so have the consequences of cyber insecurity and attacks from hackers. Fighting phishing attempts and maintaining secure personal accounts has consistently proven to be difficult for students and administrators.
“One of our greatest risks on-campus is the phishing that happens and people giving out their username and password through phishing,” Chief Information Officer and Director of Computing and Information Technology Sue Chichester said. “There’s always phishing. I wouldn’t say there’s really an increase in it. It’s something that we really work at all the time.”
While there has not been a sizeable increase in the number of phishing scams seen on-campus, these attacks have gotten more sophisticated, according to Chichester. Phishers have gone from sending confusing messages with misspelled words and sketchy links to pretending to be reputable companies, even using names of employees to further convince victims. For example, many students fell victim to a phishing attack during spring 2017 that gave the illusion that their professor was sending them a Google Doc.
“The timing was impeccable,” Chichester said. “[The phishing incident came] when people would maybe be expecting to get something like that from a professor.”
These attacks range from phishers requesting passwords or usernames to more sensitive details, like social security numbers or credit card information. When attacks reach a higher level of severity, the campus has a plan set for what steps need to be taken to guarantee students’ information remains safe.
“We have a response plan in place for things that happen,” Chichester said. “If we do have a breach, we have insurance in place that would help us with the response.”
To prepare for such a potential crisis, Geneseo faculty are required, through state policy, to take part in an online cyber security training course, according to Chichester. SUNY Information Security Policy 6900 states that Geneseo must “provide regular training to all individuals who access State University information assets and systems.”
While it is mandatory for faculty, students are not required to be trained in cyber security safety. With the exception of students working on-campus, there is no program that trains students on how to keep information safe, Chichester said.
A voluntary program focusing on these skills is currently in the works through CIT, according to Chichester. CIT has purchased a program from a company called KnowBe4 that will be available to students wishing to improve their personal cyber security.
Even without participating in the online training, there are multiple ways students can take precautions to ensure their information is as safe and secure as possible. Chichester emphasized the need for a strong password.
“I use the same password for everything I do,” freshman physics major Declan McLary said. “In that sense, I have a fairly weak firewall.”
Some students, like McLary, have weak passwords that they use for multiple sites. The college requires students to change their passwords regularly due to the potential insecurity for students who use indistinct or similar passwords.
Concerns about cyber security came about during the stalking of a student in the Sigma Kappa sorority in fall 2017. The alleged stalker was able to access the student’s account and purposefully failed her quizzes in her chemistry class, according to a Jan. 3 article from the Democrat & Chronicle.
While Chichester accepted the notion that the college is responsible for helping to maintain a safe cyber-infrastructure, she feels that campus cyber security isn’t completely up to the college itself.
“Security is everyone’s responsibility,” Chichester said. “With that it’s mostly that you’re paying attention. You’re not falling for phishing scams and that you are setting good passwords.”
Communication major sophomore William Dorfner echoed the notion that students should keep their own self-interest in mind.
“It’s not Geneseo’s job to make sure accounts are secure,” Dorfner said. “Learning how to have a good password and cyber security skills are part of growing up and you have to learn that yourself.”