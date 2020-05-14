By BECKY GILLETTE

Mississippi State University (MSU) was already prepared in many ways for the pandemic with a cyber security conscious workforce and a significant number of faculty and staff who travel and work remotely.

“This was something that has not happened overnight, but rather is a security awareness culture we have tried to cultivate at Mississippi State University over time,” said MSU Chief Information Officer Steve Parrott.

Parrott said assuring cyber security at MSU takes action on a number of different fronts:

A remote workforce highlights the importance of two-factor authentication. Two-factor authentication adds a second layer of security when logging into MSU systems. The first factor is something you know, your NetID/Netpassword. The second factor is something you have, your mobile device or a security token. On July 24, 2017, ITS enabled two-factor authentication for faculty and staff, and on January 15, 2019, two-factor authentication was made mandatory for all students. Email credential phishing was a major and constant security problem before two-factor authentication deployment. Users would regularly give away login credentials and two-factor authentication is the best mitigation available.

Regular cyber security training. MSU hosts a campus cybersecurity week annually and online self-paced Information Security Training is a requirement for employees who use a computer on the job.

Virtual Private Network. MSU restricts external access to many of its computer services and requires access via our VPN client. (two-factor protected)

Remote Desktop Protocol (RDP) – many employees don’t have a home machine capable of doing the work required and want to securely connect via our VPN to their office machine. MSU has received a large number of RDP employee requests since the stay-at-home order.

Disk encryption. MSU already had a policy that all laptops that contain sensitive data must be encrypted. However, many users did not have a computer at all in the home and needed to use MSU desktop equipment. MSU worked hard to encrypt such computers to ensure that a single computer theft could not put sensitive information at risk.

Secure Videoconferencing – MSU had already procured a secure videoconferencing solution for all students, staff and faculty in 2018. There has been significant press about the increased incidents of “Zoom-bombing” and other security issues related to video conferencing. Many of these issues are related to wide open configuration settings. The MSU solution is integrated with a cloud-based learning management system and starts with more locked/secure defaults in classroom settings.

Parrott shared some specific issues for home users:

Keep personal machines patched with automatic update enabled Make sure your personal accounts are protected via two-factor authentication, Google, Microsoft, Yahoo, etc. all support two-factor authentication Make sure your home network is secure and not configured with a default password Make sure family and friends understand they cannot use your work equipment



“The essence of much of cyber security training is that common sense is your best protection,” Parrott said. “If an email, phone call or online message seems odd, suspicious or too good to be true, it could well be an attack.”