Strengthening Our Defenses Together

October marks National Cybersecurity Awareness Month, a collaborative initiative led by government and industry to promote cybersecurity awareness and empower individuals and organizations to protect themselves online.

While cybersecurity may seem like a familiar topic, the threat landscape continues to evolve rapidly. Staying vigilant and informed is more important than ever. In 2025, cybercriminals are leveraging increasingly sophisticated tactics, including AI-driven phishing, deepfake impersonations, and supply chain attacks, making it critical for all of us to adapt and respond proactively.

Ransomware remains one of the most damaging threats to higher education. Recent reports show that attacks on colleges and universities have not only persisted but grown more complex. In 2025, attackers are using multi-stage phishing campaigns, often powered by generative AI, to bypass traditional email filters and exploit faculty, staff, and student trust. Attackers continue to target students and staff with job scams, fake internship offers, and spoofed communications.

FIT’s Response & Ongoing Vigilance

At FIT, our Information Security team has been working diligently to enhance our defenses. Here are some of what we have been working on:

• Expansion of Multi-Factor Authentication (MFA) We’re adding extra layers of login protection to more college-supported apps using Microsoft Entra. This means even if someone gets your password, they still can’t get in without a second form of verification.

• Smarter Email Security
  Enhanced email security that is trained to spot suspicious patterns—like phishing and spoofing—before they reach staff, faculty, and student inboxes. Think of it as a security gate that checks messages for signs of trouble.

• Login Pattern Monitoring
  With CrowdStrike Identity Protection, we’re watching for unusual login behavior—like logins from unexpected locations or odd times. It won’t block access yet, but it will alert us to anything that looks off so that we can investigate it further.

• Managing Admin Access More Securely
  We have been implementing privileged access management on our server infrastructure to enhance security for these privileged access accounts and ensure that the root and admin passwords are dynamic and continuously secure. 

Protecting our digital environment is a shared responsibility, and we’re proud to say the FIT community is stepping up. More people are recognizing and reporting suspicious emails, which allows our team to respond faster and stop threats before they spread more widely. Your vigilance makes a real difference. Every report helps us keep FIT safer and more secure for everyone.

As a reminder, here are some essential cybersecurity practices to follow:

• Think before you click: Be wary of unexpected emails, especially those requesting personal information or urgent action.

• Verify sources: Hover over links to check URLs and confirm sender identities before responding.

• Report suspicious emails: Use the “Report Phishing” button in Gmail to alert the FIT Help Desk.

• Use strong, unique passwords: Never reuse or repurpose passwords across different accounts.

• Install reputable antivirus software: Using a “behavior-based” endpoint protection software, such as CrowdStrike Falcon Go or Microsoft Defender, on your home computers provides better security.

Cybersecurity is not a one-time effort—it’s an ongoing commitment. Let’s use this month to recommit ourselves to best practices and support each other in creating a safer digital campus.