After repeated incidents of cyberattacks, Binghamton University has launched an online cybersecurity training.
The training — titled the 2022 Kevin Mitnick Security Awareness Training — was released to students, faculty and staff on Oct. 20, 2022, under “KnowBe4” on the MyBinghamton portal. KnowBe4 is a security awareness training platform that creates simulated phishing attacks.
Featuring a demonstration by Kevin Mitnick, KnowBe4’s chief hacking officer, and Phil Hendrie, an improv voice actor from the Adult Swim show Rick and Morty, the 15-minute course teaches various cybersecurity precautions that can be taken to avoid cyberattacks against an individual or an organization.
Michael Behun, chief information security officer at BU, discussed the precautions Information Technology Services (ITS) has taken — such as installing the cybersecurity training and a new firewall — to protect students, faculty and staff from future threats. Behun described the attacks as a possible danger to everyone.
“Cybersecurity is an issue for all of higher education, not just [BU],” Behun wrote in an email. “Cyberattacks are continuous and cyber risks are everywhere. We take these matters very seriously and regularly assess and update our security strategies and make enhancements to mitigate cyber risks.”
The course described how malware, which is “malicious software,” can infect a victim’s computer, allowing attackers access to various computer functions including the camera, usernames, passwords and more.
One type of malware that has impacted the University is ransomware attacks. According to the course, a ransomware attack is when an attacker has stolen files that will be returned in trade for money.
“Ransomware scrambles the data in computer files, making them unreadable,” the course reads. “These locked files are then held hostage by the cybercriminals till a ransom is paid. This type of malware can paralyze your organization by spreading to all the devices and files across your organization’s network.”
Some of these ransomware victims have been professors at the University.
Subimal Chatterjee, area chair of analytics and SUNY distinguished professor in the School of Management (SOM), is one of these professors. Around 25 years of Chatterjee’s research data was stolen in a ransomware attack that happened in February of 2021. Chatterjee described his data as “being held hostage” by the attackers. Both Chatterjee’s desktop and backup hard drive, which were connected to his desktop during the attack, were affected.
Chatterjee said the attack has had an influence on the future of his career, and suggested others learn from his experience with the ransomware attack. He now keeps his files on Google Drive and works mostly from his office on campus to provide protection for his research.
“These are lessons learned the hard way,” Chatterjee said. “Just be careful, assume the worst and take all precautions. You really don’t want to happen to you what happened to me. It’s a long process, getting some of the research data back. Of course, my co-authors have access to the data so I could get most of it back from them, but there were other pieces of research I had just started by myself, and that data is gone.”
Like Chatterjee, Behun recommended that all students, faculty and staff save their work to another source outside their desktop — preferably Google Drive.
“Everyone has a role to play in cybersecurity,” Behun wrote in an email. “Students can protect themselves and their work from cyber risks by keeping their computer software up to date, protecting their passwords, being wary of scam messages offering jobs or student loans and keeping a copy of their important work on Google Drive.”
Roslyn Chapin, an undeclared freshman, said she was impacted by a WiFi cutout that recently happened at the University, and that the training seems like it would be beneficial for BU should a malicious attack occur.
“I think the program’s great,” Chapin said. “Recently, with the whole WiFi situation, it scared a lot of students, and I think having the knowledge and knowing what to do would be very helpful. I think it should be mandatory.”
The training is set to close on Nov. 30 at 11:59 p.m.