CCSU To Implement Program That Repels Cybersecurity Threats

Sarah Willson, Editor-in-Chief

Those who check their Central Connecticut email account regularly may have noticed a number of spam and phishing attempts that could be a threat to a student’s or faculty’s privacy.

Hoping to protect CCSU’s resources and reduce the number of cybersecurity threats, the Information Technology Department has orchestrated what’s known as”Multi-Factor Authentication.”

“It’s very easy for spammers or cybercriminals to be able to reconstitute an email list and email everybody,” Chief Information Officer George Claffey said. “Our university and all universities and all colleges have seen a dramatic increase in students being targeted by cybercriminals.”

Claffey explained that the hacker may pretend to be a legitimate company, such as Bank of America, in order to gain the trust of its victim. When the person then responds to the email and gives up their password, hackers then use it to change the bank routing number in the account right before the student is given financial aid.

The issue has become so large that the federal government has made it a point to say that it will not repay the money lost.

“Ninety percent of financial aid is wire transferred. People don’t get checks like they used to,” Claffey explained. “If someone goes in and changes your banking number, you may not know it.”

The way Multi-Factor Authentication, also known as “Two-Factor,” works is simple: if someone logs onto their email, they can receive a text, phone call or notification from an app that asks the user to confirm that it is in fact them.

“We’re using Microsoft Solution to do this and we’re starting off with email,” Director of Technical Services Sean Mcnickle said. “All students will be enforced by April 22 for their email.”

Other universities across the state, like Southern and Eastern, are also taking part in Two-Factor.

Mcnickle also said that Two-Factor can be used for other websites where credit card information is stored, such as Amazon or iTunes. 

For students and faculty who don’t want the hassle of verifying their identity every time they log into an account, they can make use of seven-day memory.

“Students are able to say ‘If this machine is going to connect anytime in the next seven days, I’m pretty sure it’s just me,'” Claffey said, recommending that students use the option for personal computers or cell phones.

The question of who is the face behind the screen is still a mystery, though hackers often describe themselves as someone trustworthy, such as a company boss or even a university president.

“They’re bad people,” Mcnickle said. “They’re stealing money from innocent people. They’re trying to build confidence with you and build trust by mentioning places you know and they know from looking at a map. They want you hooked.”

According to Mcnickle, 500 students had their username and password compromised last semester.

One major thing both Mcnickle and Claffey said students can do to protect themselves is have different passwords for different websites they use.

Students who receive or respond to hacker emails are encouraged to forward them to the Information Technology Help Desk. 

“It’s not a problem for us to look at any questionable email and respond back,” Mcnickle stated. “We’re happy to do that.” 

Anyone interested in attending a Multi-Factor Authentication can do so by attending an information session on Wednesday, May 15 at 1:30 p.m. or Thursday, May 30 at 1:30 p.m. in the Student Center’s Philbrick room. For more information, visit http://www.ccsu.edu/it/office365/mfa.html.