During this past summer, 768 Lindenwood emails, including students, faculty and staff, were compromised because the textbook rental company Chegg had a security breach, possibly affecting its 40 million accounts.
An unauthorized party gained access to Chegg users information on Sept. 25, 2018, and published the passwords online in 2019, according to CNBC. Although Chegg said that no financial information or social security numbers were obtained in the security breach.
Those 768 Lindenwood accounts were affected because those users had the same password for both Chegg and their Lindenwood email. Lindenwood’s Assistant Vice President of Information Technology, Joe Zitta, said IT saw an uptick in security alerts at the beginning of the school year because of the Chegg breach.
IT’s way of remedying the problem was to have a mass password reset for all students, faculty and staff in October, which is also national cybersecurity month.
Zitta said besides external threats like the Chegg breach, the university also stops three to four million emails a week that an anti-virus scanner stops, while one million regular emails make it through every week.
“All of our mail gets scanned before it comes in,” Zitta said.
Zitta described the anti-virus software as a non-stop, relentless process.
“I don’t think you’re going to see less of these attacks, there’s going to be more of them,” Zitta said.
Two weeks before the fall semester, a small Jesuit university in Denver, Colorado, named Regis, was attacked by a “malicious threat,” according to the Denver Post. This threat caused the entire university to shut down it’s system because it couldn’t stop the hack. Classes started with no Wi-Fi, Canvas or learning system or online schedules.
“How would you have class if the projector wouldn’t work?” Zitta asked.
Zitta explained that Lindenwood has a layered approach to malicious threats, complete with numerous firewalls which blacklist certain websites, anti-virus and denying admin rights on university computers.
IT engineer Brayden Helgen said Lindenwood is designed like a series of islands.
“If one island is taken, the whole university is not compromised,” Helgen said.
Cybersecurity is a part of daily life now and Zitta said everyone needs to learn the basics.
Here are IT’s top tips for personal cybersecurity:
- Use passphrases, not passwords. Zitta recommended using Lastpass, a free password generator and management system.
- Use multifactor authentication. Not only do users put in their password, but also verify their identity on their phone, like separating multiple keys to your account. Zitta said MFA will be available to faculty and staff in January, but students can also request it for their Outlook 365 accounts. To do this, students need to email [email protected] and fill out a service ticket asking for MFA. Zitta also pointed out international students and out-of-state students traveling on breaks can be locked out of their accounts because the university has an impossible travel policy, where the account cannot be logged into multiple long-distance locations within hours. MFA prevents students from being locked out of accounts, since their identity can be verified from their phones.
- Don’t trust the display name of an email. People can change display names, look at the actual email address.
- Beware of phishing emails. These are emails asking for personal information, usually posing as tax collectors or contests. Helgen said think before you click because one Lindenwood student being hacked can give access to the entire university system. Zitta said phishing emails come in a slow, irregular pattern, so it’s impossible for the university to stop all of them. Students may also get quarantined messages emails. These are flagged emails that might be a security threat or spam, but also might be of use to users, like an Amazon ad.
- Take the SafeColleges cybersecurity training. This is required for all university employees.
To cap off cybersecurity month, IT is hosting a cybersecurity talk in the Library and Academic Resources Center at 2 p.m. on Wednesday and is having a “Phishing Cake Celebration” in the LARC Grove on Thursday from 11 a.m. to 1 p.m.