Author: Admin

This past Saturday (1/20), the Messiah University cybersecurity competition team participated in the Mid-Atlantic Collegiate Cyber Defense Competition. The competition is an “inherit and defend” style event where teams are given a simulated business production environment and must harden the systems quickly before the attackers try to break in. In addition to securing systems the team functions as a legitimate business, responding to tasks from the C-suite and keeping all systems online. Throughout the competition the most impressive thing that Messiah’s teams did well was remain calm under pressure and communicated with each other well.

This was Messiah University’s second year participating in the competition. The senior team was comprised of Raymond Truex (captain), Grace Taylor, Aidan Hubley, Carolina Hatch, Brandan Snook, and Christopher Copeland. The first-year team was comprised of Eli Kalmbacher (captain), Austin King, Aiden Morris, and Ryan Scannell. Both teams were coached by Dr. David Bibighaus.

We are pleased to announce that the senior team placed 3^rd of 24 teams and will be advancing to compete in the regional competition in March. The team is excited to return to regionals for the second year in a row and will continue preparing for the next competition.

This past weekend, the Messiah University Cyber Competition Team participated in the National Cyber League team competition. The event, spanning from Friday afternoon to Sunday night, started off very strong with the team conquering numerous challenges and achieving 40% completion by the close of Friday. The team regrouped Saturday afternoon and was able to score some additional points and concluded the day with an impressive nearly 50% completion of all challenges.

As the challenges escalated in difficulty, Sunday proved to be very frustrating as the team spent numerous hours only to get one more challenge solved. The Messiah University team concluded the competition in 96th position out of 457 teams, placing in the top 25%. The team certainly learned a lot from participating in NCL for the first time.

Up next for the Cyber Competition Team is a focus on preparing for the main competition of the year, the Cyber Collegiate Defense Competition (CCDC). They are excited to be entering for the second time, and are working hard to prepare for it. Stay tuned for updates!

This post was written by Ray Truex, senior cybersecurity student.

Welcome to the final week of Cybersecurity Awareness Month 2023! We hope you enjoyed our posts on top ways to increase password security, your guide to MFA, and how to not give in to phishing. This week we’re talking about how software updates can help you and your family stay safe online. Read on and spread the word! 🙌

Think twice before putting off updates!

Many people might select “Remind me later” when they see an update alert. However, many software updates are created to fix security risks. Keeping software up to date is an easy way for us to stay safer online. To make updates even more convenient, turn on the automatic updates in the device’s or application’s security settings.

Keep Software Up to Date with Three Simple Steps

1. Watch for notifications
Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.

2. Install updates as soon as possible
When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!

3. Turn on automatic updates
With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!
To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.

Why It’s So Important to Update Promptly

👉If a criminal gets into our devices through a security flaw, they will look for sensitive information to exploit. Technology providers issue software updates to “patch” security weak spots as quickly as they can. If we don’t install them, they can’t protect us.
Software updates can also:
• Fix bugs
• Improve performance
• Add features that can enhance our experience

To round out this month’s focus, here’s a family hard at work putting into practice some of the tips we’ve been talking about:

Welcome back for Week 3 of Cybersecurity Awareness Month 2023. This week, we’re talking about how to resist phishing attacks. Special thanks again to CISA and to KnowB4 for the resources for this series. Catch up on Week 1 and Week 2 if you missed them!

So, What’s Phishing?

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing “bait” usually comes in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

Stay Safe with Three Simple Tips

1. Recognize
Look for these common signs:
• Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
• Requests to send personal and financial information
• Untrusted shortened URLs
• Incorrect email addresses or links, like amazan.com
👉A common sign used to be poor grammar or misspellings, but in the era of artificial intelligence (AI) some emails will now have perfect grammar and spellings. Be sure to look out for the other signs.

2. Resist
If you suspect phishing:
• Resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information.
• Report the phish to protect yourself and others.
👉Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link.
👉 Just delete.

If a message looks suspicious, it’s probably phishing. However, if you think it could be real, don’t click on any link or call any number in the message. Look up another way to contact the company or person directly:
• Search for the company’s website in your web browser and capture their contact information from the verified website.
• Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.

🧐 Want to see phishing in action? >>>
1. Watch a hacker use social engineering to gain access to someone’s computer.
2. Take this interesting quiz and see if you can spot when you’re being phished (its tough!).

Most of all, remember 👇

Welcome to Week 2 of Cybersecurity Awareness Month 2023. Catch up on Week 1 here. This week we’re talking about multifactor authentication (MFA) and how to enable it for your accounts.

MFA provides us with extra security by confirming our identities when logging in to our accounts. This confirmation looks like entering a code texted to a phone or one generated by an authenticator app, or using biometrics to confirm your identity. MFA increases security—it can make us significantly safer online. Even if our passwords become compromised, unauthorized users will be unable to meet the second step requirement and will not be able to access our accounts.

The steps for turning on MFA vary according to the product. Here, we’ll outline the steps for Apple ID, Google, and Microsoft.

Apple ID

If you’re not already using two-factor authentication for your Apple ID, you can turn it on right on your device. On your iPhone or iPad:
1. Go to Settings.
2. Tap your name.
3. Select “Password & Security”.
4. Select “Turn On Two-Factor Authentication”.
5. Select “Continue” and follow the onscreen instructions.
Visit the Apple Support page for more info.

Google

1. Open your Google Account.
2. In the navigation panel, select Security.
3. Under “Signing in to Google,” select 2-Step Verification Get started.
4. Follow the on-screen steps.
Visit the Google Support page for more info.

Microsoft

1. Go to the Security basics page and sign in with your Microsoft account.
2. Select More security options.
3. Under Two-step verification, choose Set up two-step verification to turn it on, or choose Turn off two-step verification to turn it off.
4. Follow the instructions.
Visit the Microsoft Support page for more info.

There you have it! Once you’ve set up MFA, when you log into your accounts, it may challenge you to complete the MFA step that proves your identity. It only takes a moment but makes you much safer from hackers!

Turn on MFA for every account or app that offers it. Enabling MFA will protect things like:
• Banking information
• Online purchases
• Social media
• Email
• Businesses
• Your identity

PRO TIP: Check to see whether your email accounts, banks, healthcare providers, and other important accounts offer MFA and enable it by default. If they don’t, ask them why not. It’s your information they’re putting at risk.

Download this tip sheet from CISA and supercharge your journey to enabling MFA! ⏬

It’s Week 1 of Cybersecurity Awareness Month 2023! This week we are looking at how to use strong passwords and a password manager to protect your accounts. Special thanks to CISA and Know B 4 for their resources this month!

Creating Strong Passwords

Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding critical information. Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers.

So, what exactly is a “strong” password? A strong password follows ALL THREE of these tips:

1. Make them long
At least 16 characters—longer is stronger!

2. Make them random
Two ways to do this are:
1. Use a random string of mixed-case letters, numbers and symbols. For example:
• cXmnZK65rf*&DaaD
• Yuc8$RikA34%ZoPPao98t
2. Create a memorable phrase of 5 – 7 unrelated words. This is called a “passphrase.” To make it even better, get creative with spelling and/or add a number or symbol. For example:
• Strong: HorsePurpleHatRunBaconShoes
• Stronger: HorsPerpleHatRunBayconShoos
• Strongest: HorsPerpleHat#1RunBayconShoos

3. Make them unique
Use a different strong password for each account. For example:
• Bank: k8dfh8c@Pfv0gB2
• Email account: LmvF%swVR56s2mW
• Social media account: e246gs%mFs#3tv6

It’s hard to remember all these long passwords and we don’t want to save them in a file on a computer. This is where a password manager comes in.

How to Choose a Password Manager

Password managers tell us when we have weak or re-used passwords and many of them can offer to generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.

There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you. When we use a password manager, we are much more likely to use a unique, strong password on every site. And that makes it much harder for someone to steal our valuable information!

To recap, when it comes to creating passwords:

1. Make them long
2. Make them random
3. Make them unique
4. Use a password manager.

Want to test your knowledge and learn more about passwords? Play this interactive game created by Know B 4.

Happy Cybersecurity Awareness Month! We’ve partnered again with the Cybersecurity and Infrastructure Security Agency (CISA), along with Know B 4, a well-known company in the cybersecurity field, to bring you resources all month long to help you keep your data safe.

Founded in 2004, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices. Cybersecurity Awareness Month is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations, tribal communities, and individuals committed to educating others on online safety.

Cybersecurity Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safer and more secure online. The Cybersecurity Education Program at Messiah University is proud to support this far-reaching online safety awareness and education initiative which is co-managed by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance.

For more information about Cybersecurity Awareness Month 2023 and how to participate in a wide variety of activities, stay tuned to this blog. The theme this year is Secure Our World. We will be posting weekly updates with tips, videos, and other resources to equip you in staying cyber secure. You can also visit cisa.gov/cybersecurity-awareness-month and staysafeonline.org/cybersecurity-awareness-month/, as well as following the hashtags #CybersecurityAwarenessMonth and #SecureOurWorld on social media throughout the month.

The Cybersecurity Education Program and the Department of Computing, Mathematics, and Physics are pleased to welcome Lynn K. Bigelow as the new Director of Cybersecurity Education.

Lynn comes to Messiah with 10 years of experience as Director of Finance and IT at a fintech company, as well as 10 years of experience in developing an endpoint protection product at a cybersecurity company. Additionally, he served as a School Director for 12 years in a school district in southeastern PA. Lynn is also the parent of three Messiah alumni.

As Director, he is committed to empowering the next generation of cybersecurity professionals. His goal is to ensure that our students are equipped with the knowledge and skills to protect against digital threats, making the digital domain safer for all.

Welcome, Lynn!

The Cybersecurity Education Program had the pleasure of hosting twenty-six high school students for our second annual Cyber Camp, June 12-14, 2023. Our goal for these three days was for each student to gain a solid understanding of the foundations for cybersecurity, to get a small taste of college life on Messiah’s campus, and to form friendships.

This year, we had several special guests join us from the cybersecurity industry. Ryan Donat, who works for Intuidex and is a Messiah Cybersecurity graduate, talked to us about web application pen testing. Evgueni Erchov, from Arete Advisors, spoke to us about ransomware incident response. We also had Messiah’s Director of IT Security, Allen Snook, give us a tour of the Security Operations Center, where our interns work each semester gaining real-world cybersecurity experience. Allen was joined by two of our cybersecurity students, Ben and Aiden, who spoke to us about their experience working in the SOC and guided us through several Graylog exercises to find network intruders. The Cyber Camp students loved getting this up-close exposure to working in a security ops environment.

Everyone seemed to really enjoy hearing from our guests, learning new concepts such as network mapping and intrusion detection, and working on picoCTF challenges. We also had a great time having lunch together each day as we navigated the wildness of summer camp season at Lottie Dining Hall! Students came away saying one of their favorite parts of the camp was meeting people and making new friends.

Thank you to the entire Cyber Camp staff for running the camp. Thanks also to the Events, Admissions, and Dining Services staff at Messiah for all they do to make camps like this happen each year.

A very special thanks goes to our students at Cyber Camp 2023 – you were what made this camp awesome. We enjoyed meeting you and look forward to seeing where your path leads you next!

We are already making plans for Cyber Camp 2024, so stay tuned to the blog and the Cyber Camp website for all the details once they’re available.

This is the final installment in our series on how to stay cyber safe during your travels. Many thanks to National Cybersecurity Alliance for partnering with us to provide you with resources on this topic. Catch up on Part 1 and Part 2 of the series if you haven’t already!

In today’s post, we’re bringing you a webinar featuring speakers who work on the front lines of data protection in Southwest Airlines, Marriott, the Department of State, and AARP. You’ll hear their expert tips on keeping your identity safe when traveling, what to know about public wi-fi, and when to use your device’s location settings. They answer some great viewer questions at the end (such as what to do if the rented home you’re staying at has cameras everywhere). It’s a fascinating and informative discussion!

Featured Speakers:

• Liz Buser, Senior Advisor, Fraud Prevention Programs, AARP
• Nick MacDiarmid, Director, Cyber Incident Response, Marriott
• Jessica Willingham, Senior Analyst, Cybersecurity, Southwest Airlines
• Lindsey Carraher, Interagency Liaison, Office of Cyber Threat and Investigations, Department of State