Tag: technology

Phishing emails continue to test SAU cyber security

By Kayla Williamson

Every morning, Chief Information Officer Chris Blackstone runs a report that pulls a list of all email accounts that have forwarding rules set up. He then looks at the name of each email account that is forwarded for any clue it might be a fake email.

“The challenge with all this is that it’s kind of like a dam that’s cracking and trying to put your finger in the holes,” Blackstone said. “It’s kind of like playing whack-a-mole.”

On July 31, the first of many phishing emails were sent to hundreds of Spring Arbor University (SAU) students. Over 200 accounts were compromised in this phishing attack. Emails varied from fake Dropbox links, warnings your email is going to be disabled and alerts that an account is over its email quota.

Although these kinds of scams are common with other schools using Microsoft systems, there is not much anyone can do to prevent or to protect against the attacks once they start and have compromised an account. So far the Information Services team has spent over 300 hours trying to fix the problem.

“It’s consumed my August,” Blackstone said. “It’s pretty much all that I’ve been working on in August. I was on vacation and got pulled back into doing stuff. It’s been quite an ordeal.”

Computerwithemail

Unlike hacking, phishing emails do not have access to users’ information unless the users give it away.

Blackstone said it is different from a hack because people give their information willingly, whereas in a hack someone penetrated the network to find information.

Once the phishing source has a student’s information, he or she has access to all of the student’s records. A student’s username and email are just as valuable as a social security number, Blackstone said. But since these attacks were random, no account changes have been reported. But this summer there have been reports of students not receiving financial aid information and faculty not receiving emails for five days.

This is why Blackstone runs a manual report on all email accounts with forwarding rules. Attacks have forwarded emails from an arbor.edu account to a fake email. After 22 accounts were reported not receiving emails, that was the point when Blackstone said they had the potential for significant damage.

The solution: a password reset.

On August 25, all students, alumni and adjunct instructors had to reset their passwords. Since the password reset, there have been less attacks.

“The frustration to me now that we are working hard to lock our stuff down, it’s how many other organizations aren’t,” Blackstone said.

While SAU may be strengthening its own cyber security, a network is only as strong as its weakest link. Groups SAU partners with, like BankMobile, NAIA, Tree of Life and more, can be weak points in the security depending on their own IT precautions.

Blackstone has already reached out to the NAIA and the Commissioner of the Crossroads League because SAU accounts marked emails from them as spam because their system was not configured correctly. After Blackstone reached out to their IT team, the problem was fixed within a day.

While attacks may be slowing down, Blackstone still encourages students, faculty and staff to never click on links or give out login information unless it is through the portal. Because of these attacks, Information Services has updated the portal login. Instead of a pop up asking for a username and password, the portal opens a new login screen with the clock tower on it.

“Knock on wood, we’re seeing fewer of [the email attacks],” Blackstone said. “I think we’ve got greater security in place. Once we turn on the next step of the security, I think that will additionally help keep stuff out.”

New Wi-Fi installed on campus and other tech news

By Kayla Williamson

Over the summer, the Information Services team launched a $1 million project to overhaul Spring Arbor University’s (SAU) Wi-Fi network.

Completely funded by the Information Services budget, this network rebuild replaces every Wi-Fi box on campus and more than doubles the number of access points on campus. This means Wi-Fi signals should range farther and be stronger across campus. The dorms’ boxes have already been replaced, and some are in rooms instead of in the halls. The rest of the residences should have the new Wi-Fi installed by the middle of October.

wifibox
New Wi-Fi boxes installed inside dorm rooms.

The Information Services team, led by Chris Blackstone, hired a third party to conduct a complete survey of campus to find the worst Wi-Fi spots in June. Now there are extra wireless adapters focused on those areas, as well as high-traffic spots like the volleyball courts and the oak tree.

“It’s huge for us,” Blackstone said. “It will give us the first modern, robust wireless networking system pretty much since it was installed.”

The next steps include finishing the villages and apartments and the administration buildings on campus. All of the buildings on campus and at other university sites should be done by Thanksgiving.

If anyone has issues with the Wi-Fi, Information Services wants to know, Blackstone said. Now it is easy to submit issues or suggestions through the new self-service portal. Wondering when your apartment or building will have new Wi-Fi? The My Support portal has a page dedicated to keeping everyone up-to-date on projects like the network rebuild. Look for the link soon on the SAU App.

NewMySupportPortal
What the MySupport link looks like on the mySAU portal homepage.

The new portal also includes how-to articles so students can find answers to accessing their email quarantine, adding their email to their phone or connecting dorm printers to their laptops.

The new Student Health Portal available on the mySAU homepage. Information Services created it over the summer so students can schedule appointments, submit paperwork and more.

“When people are able to answer their own questions, they’ll get to an answer a lot more quickly than when they have to wait for us,” Blackstone said.

Later this fall, students, faculty and staff will have to log in to the Wi-Fi once to access Wi-Fi. Adding authentication allows the Information Services team to give more bandwidth (faster connection) to those staying on campus while the guest Wi-Fi has less bandwidth and access. The entire campus also now has one full gigabyte of bandwidth.

The Information Services team has a lot of projects in the pipeline this year. They have already launched a health portal where students can schedule appointments at the Holton Health Center. Later this fall the team will be rolling out a new mobile-friendly version of the portal as well.

Blackstone’s professional background is in digital marketing and the web, so he wants to make sure tools are built for mobile.

If anyone has any Wi-Fi or computer questions, submit a ticket on the new portal or see the Information Services office in the lower level of Deitzman Hall across from Gainey.