Do you know these three myths about cyber security?
1. Computer hackers are mostly thrill-seeking youngsters. “They’re not script kiddies anymore,” Cathy Hubbs, chief information security officer in AU’s Office of Information Technology (OIT), said.
Now, instead of unsophisticated teens combining online templates to create worms and viruses, the threat is from organized crime and even nation states seeking access to your computer, whether it’s for social security numbers or other valuable data. They can also turn your machine into part of a huge unauthorized network for spammers.
“It’s no longer one individual,” David Swartz, assistant vice president and AU’s chief information officer, said. “There’s a whole industry built around this. There are people that go out and harvest big networks and they sell it to somebody else. So you have vertically integrated hackers.”
2. Macs are not immune to viruses. Sorry, Apple fanatics. Even Apple ads have stopped claiming that, noted Swartz.
3. There’s little you can do to protect your computer from a determined hacker. In fact, you can do a lot.
“The weakest link is our lack of knowledge,” Swartz said.
So what are the main concerns these days?
Swartz and Hubbs provided a quick guided tour.
Phishing attacks—attempts to trick you into revealing personal information such as passwords—are still out there. But they’re craftier. Attackers now try to direct users to authentic-looking banking or virus-protection Web sites, where victims can be lured into revealing personal information.
Be aware that OIT will never ask for your password via e-mail, nor will banks ask you via e-mail to click on a link that request personal information. Also be suspicious of people phoning you and requesting such information. Ask for their phone number and call them back.
Social media are a prime hangout not only for advertisers but also for stalkers and robbers who can potentially use information on these sites to harm you. Check your privacy settings and make sure you know who your “friends” are.
Remember: When you announce on Facebook that you’re going out of town, you also could be letting stalkers and robbers in on that fact.
Few people enable the security settings on their smart phones, but they should. If you lose your phone and it’s not protected, a lot of information is there for the taking. Mobile devices such as iPhones, iPads, and Androids also can mark your location, presenting the same dangers as social media sites.
University community members can take a further step to ensure the security of their mobile devices.
“If you have a device, you can call up the Help Desk and if it’s a BlackBerry, we’ll put you on our BlackBerry server,” Hubbs said. “If it’s an Android or an iPad or an iPod or an iPhone we can connect you through our Lotus Traveler service. That will help synchronize your university e-mail and calendaring and will also allow us to manage your password so it’s set. And if you ever lose it—your personal-owned device or your university-owned device—just call the Help Desk, tell us, and we’ll issue a wipe command. We would never ever do that unless we’re instructed by the owner to do that. But we have that ability to protect it in the event that it’s lost or stolen.”
Password to Security
To guard against a disastrous loss of data from a lost laptop, which can result in a huge financial burden for an institution, OIT now encrypts all university-owned laptops. Encryption software is readily available for other laptops, as well.
Some steps we can take are much more basic. A “strong password”—a password that mixes cases, numbers and letters, and a symbol—is especially recommended for accessing financial data. Swartz and Hubbs recommend creating a strong password from a mnemonic phrase or saying. An example: “I am a Information Security Wonk at AU” could be IaA1sW@AU.
And using the same password for all your accounts is a no-no.
At universities, a perennial problem is users—usually students—illegally file-sharing copyrighted music or movies. AU is no different. Every day, OIT gets several subpoenas to stop illegal downloads. Download sites can be sources of malicious files, and persistent abuses can result in serious consequences for the abuser, including large fines.
By law, OIT has to track down individual systems where the illegal activity may be occurring, find the people connected to those computers, and send notices and limit their Internet service until the program has been taken off their computer and they have read the policy. Only then are they returned to the system.
“If you get nailed you’re looking at big fines,” Swartz says. “And it’s only 99 cents to download over iTunes the song you want. You can download a lot of songs for 20, 30, 40, or 50 thousand dollars.”
With innovations such as iCloud, which allows users to wirelessly store digital data, it’s easier and cheaper than ever to build a music collection.
Tools for You
OIT provides a number of tools to safeguard your computer, from SafeConnect, which continuously monitors the security health of computers, to LANDesk, which delivers monthly patches to guard against vulnerabilities.
Symantec AntiVirus for Macs and PCs is also available as a free download for faculty, staff, and students.
October is the eighth annual National Cyber Security Awareness Month, sponsored by the National Cyber Security Alliance. For additional cyber security tips, visit OIT’s Web site, at www.american.edu/oit.