By INGRID MALDONADO, Student Reporter
What do spoofing and phishing both have in common? Even the smartest students fall for them.
The NWOSU Director of Information, Craig Ricke, talked about cybersecurity at the university, what it is, and how students and employees can avoid falling for cybersecurity incidents like phishing and spoofing.
When hearing the term phishing, people often do not think about cybersecurity. Students and employees often get emails about pet sitting. Those are phishing emails. They are phishing by getting students to engage in conversation and in return hopefully get your bank information.
“If you receive a message that seems out of character, it’s not from somebody you know, it has a link or an attachment, don’t open it,” Ricke said.
Do not email the person back but rather check with the person to see if it was them who sent it or the email may get compromised, Ricke said. That email could be spoofing which is similar to phishing. Ricke explained that spoofing involves either an email that looks like it was sent by that certain person, or the email address is made up but the person’s signature at the end is attached to make it appear as the person they are faking as.
Ricke discussed the ways to avoid falling for these common spoofing and phishing attacks. He talked about how last week he had a spoofing email that had his name on it and that it came from his email. Ricke had to send out a message saying that it was not him and to delete the message.
“The attacker only has to be right once to get in, we have to be right all the time to keep them out,” Ricke said.
Showing how important it is that students and employees do not fall for the emails. He talked about how they may ask for students ID; students name and addresses to call the office and pretend to be students calling. Ricke was then asked about students’ bank account security with self-service.
“We do not store that information in any of our servers,” Ricke said.
After getting asked about students’ security with their bank information. Ricke discussed how the bank information is not stored in self-service but rather on another different server. If the university’s server were breached, a student asked if the information would be at risk.
“There’s no chance of that being taken,” Ricke replied.
That gives students some relief to know that if there were a cybersecurity breach, their bank information is not at risk.
“I’d say I feel very blessed we have not had a major cybersecurity event,” Ricke said.
When asked about the worst cybersecurity attack, he has had to deal with. Accounts getting compromised is the worst thing that happens and then having to secure them. When at a Cybersecurity meeting, they were doing a scenario and Ricke was asked how long it would take their department to fix it, Ricke said ten minutes. Other schools answered around 24 hours. Ricke shows how great NWOSU’s IT Department is compared to other schools.
October is Cyber Security Awareness Month, and when Ricke was asked what students should take away from this interview he said, “don’t be dumb.”