Business office hacked in MalWare invasion

Business office hacked in MalWare invasion

Alice Bailey
COPY EDITOR

This piece contains opinions that does not reflect views of the editorial staff. 

IT.jpg

On Aug. 14, Vice President of Finance and Administration James Dunkelman sent out an email to students stating that Whittier College had experienced an email breach. The day prior, students had also been informed of a new phishing attempt where someone posing as the business office (using the email businesssoffice@whittier.edu) had prompted students to download a file from a site called WeTransfer. The company’s website states that “Every month, users in 195 countries send one billion files through our platform.” This means that while the email from the school said that they are “currently investigating the origins of these emails.” This will most likely be an in-depth process involving diving into WeTransfer, the file sent, and the email address used to trick students.

Less than a month later, on Sept. 11, User Support Manager Robert Olsabeck sent an email on behalf of Whittier College in regards to the new authentication system for using the school Wi-Fi. The SafeConnect system now only requires one login a year from cell phones and tablets and asks for your my.whittier.edu login. Meanwhile, if you’d like to log on with a computer, you will need to download a program that scans for approved and up-to-date antivirus software,  and login with your my.whittier.edu account. Then you will be prompted to login again once a month. In addition, if your antivirus software is ever out of date or uninstalled, you will not be able to connect to the school Wi-Fi. Other devices require enrollment and registration with the school, and there is a limit of eight devices per person.

On Sept. 13, Olsabeck sent a follow-up email about the importance of cybersecurity. With Cyber Security Awareness month in October, Olsabeck detailed best practices and key tenets of keeping your personal information and devices secure. 

The three critical factors “to stay safe in today’s connected world” were password security, learning how to spot spam email, and keeping your devices secure. Despite the emphasis on these in the email and Olsabeck saying that he would “introduce new topics each week this month” the only resources linked were relating to keeping your passwords secure, and Olsabeck has not sent another follow-up email.

While the school has scheduled programming for Cyber Security Awareness month this October, the immediate response and education in the wake of the event was lacking. The administration only provides brief and arguably common-sense explanations of how to prevent an information breach only after that specific type of breach has already occurred. Notification of any kind of system wide action (the changes to the SafeConnect authentication) were announced almost a month after students were even informed of the email breach and phishing attempt and were possibly coincidental as a change to the Wi-Fi connection protocol has been announced in September yearly since 2015.

I would welcome an announcement detailing how exactly the school is combating information breaches and other cyber security leaks with open arms. In contrast, the most in-depth explanation of cyber security to come from IT-related administration in the 2018  – 19 school year has been a briefing on how to make sure you have a strong password; something not even relevant to a phishing attempt that tried to convince students to download a file. In October, the emails that are scheduled to be sent out to the Student-L will hopefully be helpful. The annual Security and Fire Safety Report that is mandated by the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act of 1998 (the Clery Act) is set to be published on Monday, Oct. 1, and while the report is not directly cybersecurity related, hopefully both of these announcements will shed some light on the steps Whittier College is taking to keep our devices, our information, and us safe from any further incidents.