As autumn settles in, October brings more than just fall foliage and midterms, it’s Cybersecurity Awareness Month! This annual observance is a crucial reminder: in an era of digital transformation, protecting personal and institutional information is everyone’s responsibility. 

Why Cybersecurity Matters in Higher Education 

Higher education institutions are targets for cybercriminals. We house vast amounts of sensitive data: student records, research, financial information, health data, and intellectual property. The open, collaborative nature of academia—where information flows freely between students, faculty, and staff—makes our environment especially vulnerable to attacks. 

Recent reports show that higher education faces an average of over 4,000 cyberattacks per week. With ransomware and phishing campaigns on the rise, recovery costs have doubled, and our sector remains more targeted than most others.

The Human Element: Social Engineering and Everyday Risks 

Most cybersecurity incidents stem from social engineering, where attackers trick individuals into revealing passwords or sensitive information. These schemes often arrive as emails, texts, or even phone calls, posing as legitimate organizations or colleagues. For example, a student might receive a message claiming to be from the financial aid office, asking for login credentials to “resolve an urgent issue.”

The “Core 4” 

This year, the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Security Agency (CISA) are promoting the “Core 4” practices for Cybersecurity Awareness Month.

 

Final Thoughts: Your Role in Campus Security 

Cybersecurity Awareness Month is a reminder that all Clarkies – students, faculty, and staff – play a vital role in protecting personal and institutional information. By adopting strong habits, staying informed, and supporting each other, we can build a safer, more resilient digital environment for learning, research, and innovation. Together, we can turn awareness into action and safeguard the future of higher education. 

Have you ever wondered what happens when someone in the Clark community gets a phishing email? How does ITS respond to help protect the security of our technology and information? 

A prime target for attackers is to get their hands on your Clark Account. Clark Accounts are trusted by folks inside and outside of Clark, so emails sent from our accounts are usually delivered, read, and considered reputable. When an attacker has access to your account, they will often use it to send lots of emails, often to thousands of people, because then the recipient is getting a message from a trusted source and is more likely to take action. 

So, what does ITS do? Before messages even appear in your mailbox, AI systems look for red flags that would suggest that the email is a phishing attempt. To do this, the systems examine metadata, identify patterns in language, and recognize misleading links, attachments, and embedded content. (Don’t worry – Clark’s Appropriate Use Policy and Email Policy govern the use of these systems, who may access them, the content they review, and what approvals are required.)

For example, a message that urges immediate action via a link to an external website from someone you don’t normally get email from will have an increased likelihood of not being delivered to your inbox. Over 1/3 of the messages sent to Clark are deemed malicious and are not delivered to your inbox. That’s about 1 million messages a month during the academic session. 

However, detection is not perfect, and occasionally a message will get through our automated systems. If you see a suspicious message, report it using the Phish Alert Button in Outlook. This will trigger some automated and some people-led processes to confirm if the message is malicious. If the message is malicious, ITS will take a number of actions, including blocking anyone on campus from accessing any malicious links in the email, removing similar messages from other inboxes, and identifying anyone who may have already clicked on a link so that we can help to secure their account.

Cybersecurity can be thought of as a high-stakes game. The attacker’s goal is to compromise as many accounts as possible, and our goal is to stop them as quickly as possible. So, remember, you are the first line of defense. By stopping and considering the emails you receive, especially those from people you don’t often correspond with asking for action, you can help keep Clark and your personal data safe and secure. 

You hear it everywhere – your bank, your email account, the Help Desk, and even this newsletter! But what is MFA, and why is it so important?

What Is MFA?

Multi-Factor Authentication (MFA) is a security method that requires you to provide two or more pieces of evidence (or “factors”) to verify your identity when logging into an account. These factors typically fall into three categories:

• Something you know (like a password)
• Something you have (like your phone or a hardware token)
• Something you are (like a fingerprint or facial recognition)

At Clark, we use MFA to protect many of our systems, including email, Canvas, and beginning on October 19 – CUWeb.

Why Is MFA So Effective?

Passwords alone aren’t enough anymore. They can be guessed, stolen, or leaked in data breaches. MFA adds an extra layer of protection, making it significantly harder for attackers to gain access—even if they have your password.

In fact, Microsoft, Google and others suggest that 99% of phishing attempts can be stopped by using MFA.

Imagine you get a phishing email that tricks you into entering your password on a fake login page. Without MFA, the attacker now has full access to your account. With MFA, they’re stopped cold—because they don’t have your phone or authentication app.

Clark University recommends using Microsoft Authenticator for MFA. It’s more secure than SMS-based codes and easy to set up. If you haven’t enabled MFA yet, now’s the perfect time. Click here to learn more, or contact the Help Desk at helpdesk@clarku.edu or 508-793-7745.

Final Thought

Cybersecurity isn’t just about fancy tools, it’s about smart habits. MFA is one of the simplest and most powerful ways to protect yourself and the university. So this October, take a few minutes to double up your defenses. Your future self will thank you.

While we’ve spent time talking about how to stay safe online, it’s also a good opportunity to look at cybersecurity as a career path, especially for students thinking about what comes next. As digital threats evolve, so does the demand for professionals who can protect data, systems, and people.

Cybersecurity is one of the fastest-growing fields in the world. The U.S. Bureau of Labor Statistics projects employment of information security analysts to grow 29% from 2024 to 2034, much faster than the average for other occupations.

One common misconception is that cybersecurity is only for people who know how to code or build networks. While technical knowledge is certainly valuable, many roles in cybersecurity rely just as much on communication, critical thinking, and problem-solving.

In fact, a recent ISACA (Information Systems Audit and Control Association) study found that soft skills are among the top qualifications employers look for when hiring information security professionals, with adaptability, collaboration, and analytical thinking all ranking highly. This means students from a variety of academic backgrounds, such as business, psychology, law, communications, can find a place in cybersecurity. For example:

• Policy and compliance roles benefit from strong writing and organizational skills.
• Security awareness and training roles need educators who can connect with people.
• Risk analysts often come from business or data science backgrounds.

Getting Started

If you’re curious about cybersecurity as a career, here are some useful resources.

• CISA: Cybersecurity for Beginners
• SkillsBuild: Free Cybersecurity Courses
• CyberSeek: Career Pathways
• LinkedIn Learning: Cybersecurity Careers (login required)

And if you’re not sure where to begin, reach out to ITS. We’re happy to point you toward resources or answer questions.