It only takes one click.
Sophomore agricultural education major Cloey Anderson learned this last year. Her Jacks Email was hacked, filling her inbox with a torrent of more than a thousand emails.
“I tried to delete them, but every time I tried three more came in the place of the one I just deleted,” she said.
While millions of scam emails are thwarted and cyberattacks are mitigated daily at South Dakota State, some attacks succeed. And while hackers devise insidious attacks, the Department of Technology Information works to keep student and faculty accounts safe.
“[Cybersecurity protection] is very important,” said Ryan Knutson, assistant vice president of technology. “It gets more important each year.”
The landscape of cybersecurity continues to get more complex and higher education institutions are often targets for hackers – due to their unique culture of open networks. Hackers exploit this transparency, gaining access to research, university credentials and more.
This semester, a phishing email asked university employees to fill out their W-2s using the electronic document signing service DocuSign. The fake email was successful due to how similar it’s layout looked to an official email, Knuston said.
Anyone who fell for the scam risked a security breach to the university, or even their personal bank accounts.
Knutson said threats are always getting harder to detect. Cyberattacks have become more customizable to a user as well, with spoof emails saying they’re from a fellow student or a university official.
The peak number of spam emails sent in January was 1.5 million. Out of the total 1,280,413 emails sent, 989,005 were detected as spam, and only 267,294 got through to inboxes, malicious or otherwise.
The risk to security increases, “because the amount of people that will click on it is higher, and the more people that click will give away some credentials,” Knutson said.
Technology Information has two full-time employees who manage most attacks locally.
The team does not manage Distributed Denial of Service attacks. DDoS protection is managed by the South Dakota Bureau of Information and Telecommunications.
Knutson said it is helpful, as SDSU is frequently targeted by DDoS attacks, which attempt to overwhelm a server from multiple sources.
For email, the Technology Information staff creates custom algorithms to catch emails specific to SDSU inboxes to keep them free from unwanted spam.
Elements of Microsoft Office 365 have security algorithms already in place to keep the email server safe.
Despite the precautions put in place, emails still have a tendency to get through and students fall victim to attacks.
Eric Mette, computer support specialist, says five to 10 people come per week to get help for cybersecurity issues.
“It’s the number one thing we see,” Mette said.
While many issues do arise, being aware of downloads and incoming emails helps when trying to avoid cyberthreats.
“Be careful with the sites you’re visiting,” Mette said.
“I don’t open as many (emails) from people I don’t know,” Anderson said. “I usually ask if one of my friends got the same email. I delete a lot more and definitely keep a better eye on it.”