October was National Cyber Security Awareness month! It was also possibly one of the busiest times in a college student’s semester…Midterm season. I am currently in my second year of school studying Information Systems, am actively involved in a sorority on campus, and work part-time. Balancing what work you NEED to do to get your degree as well as going home and studying the topics you currently need to know for work, personal development, or just for fun can be a challenge.
At my university, Information Systems is in the college of business. My non-technical coursework this semester consists of accounting, macroeconomics, and business communications. While they are great classes and I like my professors…I have absolutely zero interest in them and found it quite difficult to pay attention in class, study, or complete homework. Calculating taxes and writing resumes may be fun for some, but I rather would have been breaking something instead. To combat this demotivation, I decided to look into two of these courses and how they relate to different aspects of information security.
Accounting: The majority of this class consisted of learning basic accounting principles and how to fill out journals, apply taxes and interests, calculate debts and expenses, how credit cards work, and frankly just a lot of numbers. We touched nothing more high-tech than a pocket calculator. However, I did use this as an excuse to study a special interest of mine: Malware. In order to convince myself to study for this course, I would do two problems of the homework and then reward myself by reading an article relating to accounting firms and malware attacks they may have suffered. I’d read about the piece of software itself that took the firm down and then attempt to figure out how the company determined financial losses on their own…I was not GOOD at it, but I was able to not only practice for my exam, but also learn a little more about security posture as well.
Business Communications: This was probably the class with the security concepts that caught me off-guard the most. In the class itself, we had a few conversations and lessons related to office security such as not storing passwords in plain sight (like a post-it note on your desk), co-workers “tailgating” behind you while walking into the office and how to handle it, general privacy laws to protect customers, and how certain types of data and information should be stored or transferred. I was expecting this class to be mostly reading, writing, and presentations/speeches and NOT coming into a class one day for a lecture on security in the workplace.
I am also in a sorority on campus and we hosted formal recruitment this semester. One thing that absolutely fascinated me in this process was after each sorority on campus spoke to girls, we discussed each girl and how we feel they would fit in to a chapter on campus. To organize the 100+ girls that went though recruitment, we used a software developed specifically for fraternity and sorority recruitment. While I did not get to play with the application a whole lot, I did notice quite a few security features that I was able to teach my sisters about.
The software we used offered Two-Factor Authentication as well as had a very short session time (if you left the app for even a minute, you would automatically be logged out of your session). While this did become quite annoying at times, it gave me the opportunity to explain to my sisters how to properly enable stronger security measures on their own accounts. It was a good bonding experience for all ladies involved and I walked away knowing my sister’s online identities were much safer.
I hope everyone spent this past month learning more about security. Whether it was something as simple as how to create a proper password, or something more intense like studying for the OSCP. Security is all about learning and growing and I hope everyone can continue to do so!