By Larrisa Beth Turner
Can you believe that more than 4.39 billion people now use the internet? That’s more than half (57 percent) of the global population.
With that many people online, it might be strange to imagine cybercriminals would target students or researchers in Salt Lake City, Utah — but it does happen, and probably more often than you think.
The truth is whenever you’re online, you’re vulnerable. And as a student or employee of a public institution, you are even more at risk. That’s why it’s increasingly important to practice good data security.
And University Information Technology (UIT) is here to help you succeed.
For the sixth year, UIT’s Information Security Office (ISO) will participate in National Cybersecurity Awareness Month (NCSAM), an annual nationwide initiative to ensure people have the resources they need to stay safer and more secure online. For the first year, the University of Utah has been designated an NCSAM Champion.
“National Cybersecurity Awareness Month is a good opportunity to take stock of our online activities and refresh our knowledge on the latest threats and hear from specialists,” U Chief Information Security Officer Corey Roach said.
During the month of the October, ISO will launch several outreach initiatives, including an appearance at Hack the U, where the Governance, Risk & Compliance (GRC) team will hand out cling block U decals; a video campaign about mobile phone security; and the NCSAM website highlighting the U information security policy and rules, training, and tips focused on this year’s theme, “Own IT. Secure IT. Protect IT.”
GRC Associate Director Trevor Long said this year’s NCSAM theme is focused on understanding your digital profile — information you’ve created or left behind, or information others have shared about you — protecting your privacy, and maintaining all your data and devices going forward.
“Many times, we found that people post a little bit too much information about themselves, which can be used as an attack against them. So we're encouraging people to be mindful about what they post about themselves, their family, or friends,” Long said. “We also encourage people to make sure that their devices are encrypted … and that they enable two-factor authentication (2FA) on as many accounts as possible.”
Long said one of the best things people can do to understand their digital profile is a Google search. What information is available about you? Do you need to enable some privacy controls — especially on social media?
For example, Roach said, you wouldn’t advertise in the local newspaper that you’re going out of town — so you shouldn’t post publicly on Facebook or Instagram that you’re not at home either.
You also should pay just as much attention to the information you receive as the information you push out. Roach said U students and staff often are targets of social engineering attempts — like someone who claims to be a college dean asking you to buy gift cards or provide personal information. Phishing attempts — not just emails, but voicemails and text messages, too — are also common.
“If someone shows up at your front door wearing an FBI hat and tells you that you need to give him gift cards, otherwise, he’s going to issue a warrant for your arrest, you wouldn't do it. But if somebody says the same thing in a text message, sometimes people fall for it,” he said. “If you just apply the same common sense from your day-to-day life in your online life, you can spot a lot of bad threats.”
Long agreed, noting that many social engineering or impersonation attempts seize on an element of fear and urgency — “and so without checking our Spidey-sense that says this is a little weird, we just rush out and do it.”
And although ISO monitors and responds to threats at the university, it relies on students and staff to follow the U information security policy and rules.
“Each of us can be used as a gateway into the university and from there a springboard into other locations or accounts, to more sensitive information," Long said. "And so, we want to be mindful that even if we think we're not that important, we all are. And our accounts are important to keep safe.”
In addition to taking advantage of all the materials available during NCSAM, Long suggested that U students and employees watch the Beware of Phishing video or take the Canvas security training course. Additionally, anyone can follow the ISO Twitter account or access the ISO website for more resources, as well as recent news.
“Training and awareness is not a one-and-done,” Long said. “… We’re always happy to meet with departments, colleges, or student groups, where we can do more personalized trainings for their specific use cases. And we will be working on cybersecurity initiatives throughout the year, not just October.”