October is National Cybersecurity Awareness Month, meaning now is a fitting time to talk about cybersecurity. At the end of September, Facebook, the largest social media network in the world, announced a giant security breach that impacted roughly 50 million users, allowing for potential account takeovers. The threat of hacking is actually a more serious problem than the average tech user may perceive—or may be willing to admit. The Department of Homeland Security reported a 400 percent rise in cyber attacks to the nation’s critical infrastructure from 2013 to 2016, and as the world becomes increasingly digital, the threat will only grow more pervasive. According to StaySafeOnline.org, over half of the U.S. population experienced some form of cybercrime in 2017. This was more than just petty theft; hackers stole more than $172 billion dollars from 978 million consumers in 20 countries (staysafeonline.org, “National Cybersecurity Awareness Month Champions Backgrounder,” 2018).
One of the most critical threats to personal cybersecurity is phishing, the fraudulent practice of sending emails purporting to be from reputable companies in order to persuade individuals to reveal personal information, such as passwords and credit card numbers. It goes something like this: A stranger sends you a fake but urgent email that appears to be from your bank. You click on a link in the email that takes you to a website that a hacker has set up to look exactly like your bank website, and you log in like you would normally. In just a few seconds, a hacker gains the username and password to your online banking account as well as access to whatever information that account provides. There are ample threats to cybersecurity here at Vassar as well. With the College’s OneLogin system, access to your email password will afford a hacker entry to a myriad of services besides just your email, including Workday and Nelnet (Vassar’s student loan servicer). If you’re a Vassar student, you have most likely received numerous campus-wide emails about phishing attempts, only to quickly relegate them to the trash bin. These emails, which come from Vassar’s Computing and Information Services Department (CIS), remind students about any online scams that specifically target Vassar students. According to CIS Information Security Officer Emily Harris, who commented via email, these phishing attempts are as common as they dangerous: “A significant challenge [for CIS] is the threats that come in by email. These can come at any time from a variety of sources.” Harris explained that, due to the unpredictable nature of the attacks, CIS relies on Vassar community members to identify new potential threats and alert CIS to their existence.
Beyond sending out emails warning students of possible scams, CIS takes a variety of other measures to ensure the safety and security of Vassar community members’ personal information. As Harris explained, “Computing and Information Services oversees all aspects of computing technology at the college including desktop computing, academic computing, administrative information services, telecommunications, networking, media resources and the campus Card Office.”
One major resource CIS provides to students is their “Catch of the Day” website, which includes regularly updated examples of different phishing or scam emails detected by Vassar community members. Harris stressed, “We really want your suspicious emails! If you get one and don’t see it on the site, make sure to send it to catchoftheday[at]vassar.edu.”
Should your username or password be compromised, one way to mitigate the damage is to use multi-factor authentication for any account that has sensitive information. This protective measure can take the form of texting a code to users when they try to log in on a new device, or asking extra security questions when a suspicious login is attempted. Harris emphasized the importance of this measure, stating, “Our biggest recommendation is to use Multi-Factor Authentication (MFA) wherever you can. Vassar College offers MFA using Duo Security and it is available for all students and employees.” If a user chooses to activate MFA, they must authorize any attempted account access with a cell phone, landline or tablet as well as a username and password. MFA users may also choose to be exempted from Vassar’s password expiration rules (Vassar Service Desk, “VassarOne: Setting up Multi-Factor Authentication with Duo”).
Another potential threat to students’ online safety is the presence of viruses, malicious programs that, once downloaded onto a device, attempt to steal stored information. The most effective way to combat viruses is to avoid downloading anything to your digital device, such as illegal copies of movies or music, that does not come from a trustworthy source. Firewalls and antivirus programs can also protect your computer, but it is crucial to keep these programs up to date and active at all times. Harris suggested antivirus tools for students: “For Mac users, we recommend Sophos Anti-Virus and Malwarebytes, both of which are free for personal use. For Windows users, the Microsoft Security Center has all the tools you need.” Microsoft offers 12 months of its Azure Security Center protection services free of charge, after which users are billed on a pay-as-you-go basis.
While it may seem simple, the most surefire way to keep yourself safe in the cyber world is to be conscious of the activity in which you’re engaging online. Download and update anti-virus software. Pay attention to and read emails from CIS to ensure that you’re aware of the latest phishing attempt. Don’t click suspicious links or download anything from unknown sources. Adopting a laissez-faire attitude toward internet security is not only counterproductive in the short term but also becomes more and more dangerous as students graduate, become fully responsible for their own finances and handle increasingly sensitive information both in the personal and professional spheres. As the most tech-immersed generation yet, the onus falls on us to set the precedent for safe computing—not only for ourselves, but for everyone yet to be born into an ever more digitized society.
For further information, CIS offers a guide to Secure Computing and Best Practices on Vassar’s Service Catalog website.
—The Staff Editorial expresses the opinion of at least 2/3 of The Miscellany News Editorial Board.