In response to an online scammer drawing a substantial amount of money from a Choate student’s account, Director of Information and Technology Services Mr. Andrew Speyer sent out an all-school email last Sunday reminding students to safeguard personal and important financial information such as passwords and credit card numbers. Mr. Speyer directed students to documents on the Federal Trade Commission (FTC) and reminded them to download Sophos Endpoint Security and Control, a antivirus software the school offers to student free of charge.
Mr. Speyer wrote, “To prevent and protect your identity and access to your technology devices requires you to be suspicious, cautious, and mindful of text messages, email messages, and even phone calls.”
In a follow-up interview, he elaborated, “We’ve had different attempts to compromise online security before, directed toward faculty members.” However, as Mr. Speyer noted, there are only two to five cases reported each year.
Mr. Speyer commented on the prevalence of antivirus software on campus. Speaking of Sophos, he noted, “Do I think all students have it? Maybe. Probably not.” The School is currently exploring other ways to guard against threats to online security. Mr. Speyer shared that the School is considering an additional anti-malware product called Malwarebytes Enterprise Edition in addition to the current Sophos anti-virus. Malwarebytes would offer more assistance with CryptoLockers, a malicious ransomware computer program, as well as support the Choate firewall.
As Mr. Speyer said, the school needs to consider if the change is “worth the time and effort,” since Malwarebytes is estimated to cost between $20,000 and $30,000 each year.
Mr. Speyer expressed his opinion regarding the sufficiency of education about cybersecurity on campus. He said, “Is one email enough? No.”
Recently, last spring, Mr. Speyer gave a presentation during school meeting about virus attacks that had impacted students and faculty members in the winter. He emphasized now, “This is something that needs to be discussed more often. We need to do a better job.” He compared online security measures to other safety protocol such as drills, lockdown, and emergency gatherings, commenting, “You need to remind yourself of the procedure and hope that you never have to implement it.”
