Faculty, staff and students got a heads-up about the dangers of hacking and the importance of computer security in a Security Awareness Program presented by the Information Technology Department.
Hacking is receiving national news coverage. The social media heavyweight Facebook was hacked by a “sophisticated” attempt according to NBC News.
None of the company’s information was “compromised,” but the news should make web surfers more wary of personal information that hackers can access, especially through “phishing,” which is when hackers or other cyber-thiefs acquire important information by posing as trustworthy entities.
Phishing is a fairly common practice, according to Director of Information Technology at MU Val Apanovich.
“Phishing is just when they send out a logo email and they try to do something like Wells Fargo Bank, so they make a logo to look like Wells Fargo. They send the email to say, a million people, so what happens is if ten people out of those million are Wells Fargo customers, and they’re not thinking, and they say that there’s something wrong with my account, or they want my information, and I go to sign in–all of a sudden they have my username and password.”
Network and Telecommunications Manager Mark Reboli emphasized the importance of a secure username and password.
“As soon as they [hackers] have that, in essence, you’ve just given them the keys to your account, and now they can do whatever they want,” said Reboli ”It’s like pulling up in front of a restaurant and you see a kid there and he say, ‘Oh, let me take your keys. We have valet parking.’ You give him your keys, you go inside to eat, and you come back out and you say, ‘Well, where’s the valet?’ and the owner of the restaurant says, ‘We don’t have valet.’ Well, you just gave the criminal the keys to your car and he drove away, and it was really easy for him because he has the keys.”
Phishing isn’t the only form of hacking, but it is the most common, next to shoulder surfing. All forms pose serious security problems, said Reboli.
“There are viruses that exist that, basically, I send you a file. I’m not pretending to be anybody but I’m trying to get you to open a file [by saying something like], ‘Hey, your friend Mary was here at the local event, click here to see pictures.’ said Reboli, “They’re trying to get you to fall for something where you’re going to give your information away. So, you’re going to want to see, like ‘Wait, what picture do they have of me that I was at something?’ Well, when you click on it, a lot of time what it does is it actually takes and downloads a program to your computer and
monitors your keystrokes.”
The Information Technology Department provides basic protection to computers on campus through Trend Micro Anti-Virus and Cisco Clean Access, but staffers say creating strong passwords, changing passwords every three to six months, and ensuring that all firewalls and security systems are up-to-date and active is a start for achieving effective cyber security.
“[Trend Micro] through Clean Access makes sure that you always have your updates. If you don’t have your updates, you’re not going to get on our network. Same thing with your Windows updates. [The Student Help Desk] is making sure that you’re as current as possible so it’s important that you have those tools in place to help combat against those threats,” said Apanovich.
Despite these strategies, students can still fall victim to cyber threats. Viruses, Malware, and spyware may be found on justabout any computer.
Apanovich said if students notice any signs of infection, such as passwords no longer working or emails sent to contacts without a user’s knowledge, it is important to take the infected computer to the IT Help Desk.
The first step in remedying a potential security breach is to address the issue quickly, according to IT Student Technical Coordinator Elizabeth Pedro.
“Contact somebody here. Just let us know. If you’re unsure what let us know. If you’re unsure what you click on – if you don’t know what it’s going to do – ask,” said Pedro. “If you get a pop-up, don’t just click out of it. Look at it. See what it says, ask, or bring your computer down because those early signs are very important. The sooner that we know about an issue, the easier it is to work on it.”
Pedro is said she believes a Security Awareness Program slide show, which is available to members of campus community, will help.
“I’m glad that the information got out to everybody because it didn’t take long to read, and a lot of people who read it may have been like, ‘Oh, I know this stuff,’ said Pedro. “But it was good for the people who weren’t familiar with all of that – to change passwords, make a unique password, or keep your computer up to date – don’t ignore those updates.”
The Security Awareness Program is available on the IT Department page on e-MU.