Editor's Note: The DePauw is an independently financed newspaper. Letter to the Editor reflect the thoughts and opinions of the author, and not necessarily those of The DePauw staff or editors. Letters to the Editor may be emailed to tdpnewspapered@depauw.edu. The DePauw reserves the right to refuse Letters to the Editor at the discretion of the editor-in-chief and faculty advisor.
This coming holiday season is an opportune time for students to review and better protect themselves in the evolving sophisticated cyber threat landscape.
Higher education has increasingly become a prime target for hackers. This is logical as many colleges and universities stress open research and sharing, operate disparate networks within their institutions and offer targets of numerous vulnerable endpoints in both devices and students.
Most often, hackers are seeking financial gain from ransomware attacks, but they sometimes involve state-sponsored attacks. DePauw has previously been a target. Last fall, data from current and prospective students was compromised by a cyberattack claimed by the BlackSuit ransomware operation. The incident impacted DePauw student and employee computer networks, internet access, online classes and services. Since then, DePauw has placed a higher premium on digital security by utilizing cybersecurity frameworks, focusing on identity and access management and creating an incident response plan. The university’s response was commendable.
The reality is that in the current digital risk environment, colleges and universities cannot be the sole protector against cyber threats. Because the human is typically the weakest element in cybersecurity, it is also up to students themselves to fortify their own digital realms. Being cyber-aware and enacting prudent cyber hygiene are good first steps.
Cyber hygiene is an elemental step in cyber awareness. As a general rule, good cyber hygiene means taking steps to protect from threats and to be able to recover rapidly from breaches.
5 Steps For Better Cyber Security Awareness & Hygiene:
-
- Beware of Phishing. Because it is quite simple to do, and often successful, phishing is the preferred method for criminal hackers. The simplest advice is to not click on files that you do not recognize. Nowadays, hacker tools that employ automated phishes and quality graphics that can mimic banks and businesses. It is especially important to pay careful attention to the URLs of websites to make sure they are legitimate and not spoofs. Especially watch closely for spam fake job offers, invoices for items you did not order, and messages from your company (or the university) that seem out of place.
- Use robust password security. A majority of hacking-related data breaches involve either stolen or weak passwords. When creating passwords, make sure they are complex and avoid using the default ones on your devices. Think about lengthening them or utilizing characters, numbers and letters to create phrases. Additionally, avoid using the same password across several accounts. Make it harder for hackers to gain access in a single attempt.
- Make use of multi-factor authentication (MFA). MFA's primary advantage is its ability to reduce the likelihood of unwanted access. MFA through temporary secondary codes or other physical constraints not only makes life harder for cybercriminals, but it can also slow them down enough to divert them from their malicious activities.
- Back up your important data. For recovery, a strong backup procedure is essential. Having a solid backup plan offers peace of mind if all other efforts fail. You need to know what you are backing up, where you are backing up, how far you are backing up, and how you are testing your backups. There are three types of backups: one on-site, one off-site and one on the cloud. If you have sensitive data, consider encrypting it as well as segmenting.
- Recognize the latest risks and trends in the evolving cyber-threat landscape. It is important to know the new threats and trends of the changing cyber-threat ecosystem Modern technologies (such as artificial intelligence/machine learning) can be used as defensive and offensive tools. Read, discuss and keep abreast of recent and future cyber-attacks on social media, in publications.
Some additional cyber advice is to upload the patches when you have an update on your device, as it closes the door on a vulnerability. Also, beware of using Wi-Fi in public places because you are not secure. With the introduction of emerging technologies such as artificial intelligence, 5G and soon quantum computing into the digital ecosystem, students should familiarize themselves with the security risks and benefits of these new technology tools.
As you proactively cyber-prepare yourself, it is important to recognize that you should not undervalue the significance of maintaining good cyber hygiene. While there is no easy panacea for addressing all cybersecurity threats–it costs little, is easy to do and makes you less of a target for hackers. For this holiday season and beyond, DePauw students, faculty and alumni should pledge to stay vigilant and secure!
Submitted by Chuck Brooks '79, Adjunct Professor at Georgetown University in the Cyber Risk Management Program