Website, tools, training planned in increased cybersecurity effort

While working out at six in the morning, senior English major Mason Bufkin felt his phone vibrate.

Exhausted from being up early and exerting himself lifting weights, he looked at the notification: an email from Baldwin Wallace with a link directing him to a page requiring his username and password.

Not thinking correctly, he entered his information.

Stating that he had been in a similar situation before, Spring semester freshman year, when someone hacked his credit card, Bufkin said the email “looked official enough.”

Luckily, Bufkin accidentally entered the wrong password. “It was a really good mistake,” said Bufkin.

The email posed as a phishing attack looking to gather Bufkin’s cyber information. As a cautionary act, Bufkin went ahead and changed all his passwords anyway.

“It was scary. I was angry. And I learned unless I request it, don’t answer it,” said Bufkin.

The prevalence of cyberattacks exist throughout the nation and Baldwin Wallace is no stranger to them. As a way to improve campus cybersecurity, Baldwin Wallace senior graphic design major, Rachel Lillibridge, designed a website, [email protected], assisting the BW community by providing knowledge about cyberattacks.

The website contains articles, tips, and training regarding proper procedures to ensure best practices regarding cyber information, said Lillibridge.

On the website, there consists “a list of policies to reference [to] inform students, faculty, and staff about cybersecurity,” said Lillibridge.

Lillibridge said instead of waiting for a cyberattack to occur, properly training oneself allows for individuals to “be informed before [attacks] happen.”

Tom Mathis, BW’s chief information security officer, said the website establishes a program where everyone on campus will have the capability of mindfully training themselves concerning online privacy.

“Our top priority for an IT security program is to protect the privacy rights of students and educate everybody on the appropriate security practices,” said Mathis.

“With any kind of education process, you have to reach people in multiple ways. This [website] provides us a place to provide more detail.”

Though the website involves steps to ensure proper security, Mathis said other training regimes will occur.

“We purchased a product called KNOWBE4, a third party tool that has training material, the ability to send phony phishes to everybody to help train them on what to look for,” said Mathis.

“If you unfortunately click on the link, it’ll tell us who opened the email.” The tool privately informs the IT department who clicked on the link and what information would have been stolen, for example, a username and password.

Mathis said false phishing training “is the normal industry’s best practice way to educate people.”

Not only does the training assist the BW community in protecting their school information, but readies them for life-like scenarios, said Mathis.

“The world in general, you see a lot of cyber issues. Everyone is phished on their own personal account, business accounts and school accounts,” said Mathis.

“All these bad things happening in the cyber world, people need to be educated to protect themselves.”

Mathis said when cyberattacks occur on BW, not only will the IT department send emails to the BW community but will also post on the Baldwin Wallace IT Help Desk Information Technology Facebook page and the @BW_HelpDesk Twitter page.

While Bufkin luckily dodged a potential cyber crisis, he said he did not know about the BeAlert website and will consider taking a look.

One thing is for certain, Bufkin said he wished he knew more information about what to look for from phishing attacks before they occurred, or at least “known what to do.”