CIO Joanna Young
Ed. note: October is National Cyber Security Awareness Month.
Signals: What has changed about information technology security in the past decade?
Joanna Young: I’ll answer a question with a question to the reader – when was the last time you changed all your passwords, both those used at work and at home? If the answer is “I don’t know,” or “over six months ago,” stop reading this article and go and change all your passwords.
The stereotypical “hacker in the basement” used to be the one of the largest concerns. Typically, someone with mischievous intent who wanted to make a name for his/herself by having their viruses wreak havoc by bringing down email or other big systems. One of the greatest risks now, because everyone is vulnerable to it, is identity theft – when a thief steals your identity and uses it to steal – steal from you, your credit card provider, your bank – and so on. Depending on what is stolen (for example, money or additional identity information), your reputation or that of your employer can be significantly damaged. Nobody wants to see their organization in the headline “Thousands of credit card records stolen Due to Security Lapse.”
Signals: What is the latest security threat?
Young: There’s a relatively new and ugly trend called spear-phishing. It’s often a customized email to an individual, and asks the individual to call a certain number or go to a website and provide personal information. The email will purport to be from a legitimate business or colleague – but it isn’t. Businesses that value your patronage are not going to send you emails asking for personal information. Colleagues and friends are unlikely to send you email asking you to wire them money in a foreign country. If you get email like this, call the business or person using the phone number you have for them (for example, the number on a recent bill or your local phone book) and ask them about it. Don’t use any phone numbers provided in the suspicious email.
Any UNH faculty, students or staff who thinks they are targets of spear-phishing or other suspicious activity need to call the UNH IT Service Desk immediately at 862-4242.
Signals: What is UNH doing to keep students, faculty and staff secure?
Young: Communication, communication, communication. People have to know how to protect confidential information, both at home and at work. At a minimum, people handle their own social security number, birth date, online passwords, credit cards and financial records. They also might handle those of others as part of their job. At home, make sure all your personal information is secure, say in a locked file cabinet or safe. At work, make sure you know and follow the procedures for keeping others’ information safe.
We also offer a program called Identity Finder, which scans your computer for personal information which could be compromised by cyber criminals, and then allows you to either remove or relocate this information. (Read our previous article here)
Signals: What is UNH focusing on in regards to National Cyber Security Awareness Month?
Young: This month we’ll be doing a big communication push on using social media securely. Facebook, Twitter, LinkedIn, MySpace – all these tools are fun, interesting, and a great way to connect with people, and promote ideas and products. They are also scary as heck if used improperly. I’m amazed at what people will put out there. Every time I post or tweet, I think “would I want this on the front page of the New York Times or The New Hampshire? Do I want my family or my boss to see this?” If the answer is “no,” I stop. Here’s an example of what I think is dangerous use of social media: Posting when you are going on vacation or a business trip – you might as well say “my house will be empty from this date to that date – please try to break in and steal my television and jewelry.”
Also, if you use Facebook or other social media tools, keep an eye on the site and the posts. Check it every day. I saw an instance recently where a social media site had been hacked and the owner didn’t realize it for quite a while. In the meantime, a hacker had posted a lot of obnoxious and malicious posts. A lot of damage can be done in minutes. And it can be a huge hassle to “undo” the hacking. In this recent instance, the impact was mainly annoyance and embarrassment – but it could have been a lot worse.