October is National Cyber Security Awareness Month. Following the lead of the Department of Homeland Security and the National Cyber Security Alliance, Saint Vincent’s technical services have been posting cybersecurity information onto the SVC portal this month.
Justin Fabin, director of technical services at Saint Vincent, explained their purpose.
“Back in the 70’s, when it came to the coal mines and the steel mills, they had safety programs: ‘We’ve been without an accident for “x” of number days,’ physical safety awareness… things of that nature. This is really the next evolution of it, but it’s more cyber related,” Fabin said.
Br. David Carlson, O.S.B., associate professor of computing, described why he thinks cyber security is a growing concern.
“The threats have really ramped up over the last decade,” Carlson said, “partly because many of the threats are now coming from sizeable groups with a lot of resources behind them. Another factor is that we keep attaching more things to the Internet.”
While businesses were typically the only targets of cyber-attacks in the early ages of the Internet, Fabin said, everyone is at a risk nowadays since targeting individuals to acquire personal information has become a cyber attacker’s business model.
According to Fabin, the goal of National Cyber Security Awareness Month is to deepen the Saint Vincent community’s awareness of the safe ways to use technology.
“Have you ever had a cookie with sprinkles on it? Do they fall off? Yeah, they do. What about when the sprinkles are baked into the cookie, do they fall off then? No. That’s what the Department of Homeland Security wants to do, to bake security into the culture, not just sprinkle it on,” Fabin said.
Carlson mentioned that paying attention and being informed, when it comes to cyber security, is important.
On the SVC Portal homepage, there is a link in the upper left, which opens a page that lists hyperlinks to pamphlets, videos, and websites containing information and tips on cyber security. This content is being posted by technical services for the duration of October.
A pamphlet on the Portal, released from the information security training
organization SANS Institute, states that, “by using common sense, you can spot and stop most attacks.”
Fabin hopes that the SVC community will educate themselves.
“What I would hope is [that people in the community] just take some time and look at some of the resources we have there, and, again, make themselves a little aware,” Fabin said.
Fabin commented that young people could be at a disadvantage in terms of cyber safety, since they tend to share more about their lives online. By looking at social media, an attacker could learn the daily whereabouts of a child, or find the answers to password recovery questions for some online account, enabling the attacker to access that account information.
A practical outline on the steps to practice cyber security can be found in the Department of Homeland Security’s “Stop. Think. Connect.” campaign, Fabin explained.
“Stop, think about what you’re going to do, and then once you’ve thought about it, connect,” Fabin said. “It’s like crossing the street. You don’t just walk across the street without looking both ways. Same thing for what you’re doing, whether it’s clicking on an email — because it may or not be a phishing email, whether it’s searching the web, whether it’s posting online to your social media.”
Carlson explained the potential repercussions of malpractice in cyber security.
“Individuals should practice cyber security because not doing so leaves them much more vulnerable to the theft of their money, passwords and personal information. In the worst case, it can lead to identity theft,” Carlson said.
The problems that can arise from a stolen identity are grave, Fabin commented.
“The bad thing is that they are you. They can act as you. They can create new accounts, close your bank account, take out a second mortgage on your home. And they’re smart in how they do it. [They’ll] change the email accounts that your bank accounts, loans, or mortgages go to, so that now you don’t get any email notifications,” Fabin said.
On Sept.7, Equifax, the consumer credit reporting agency, announced that the company had a data breach. The company said that 145.5 million of its U.S. customers may have been affected.
“The full impact of the giant Equifax hack is yet to be known,” Carlson said. “However, the fact that roughly half of the adults in this country have had their personal information stolen - social security number, name, address, phone, credit card numbers - has many people worried and scrambling to handle this.”
Carlson warns that a cyber attack can happen to anyone.
“There are several lessons to be learned,” Carlson said. “One is that even large, prestigious institutions can be hacked. We, as individuals, need to realize that each of us can be hacked. We can and should take precautions, but it is always possible that we might become a cyber victim.”
The resources that technical services offer, according to Fabin, will educate individuals and keep them safe.
“We never want to live our life in fear, but we also want to live our life aware,” Fabin said. “The more a person makes themselves aware of cyber security, about phishing attacks, about how to keep your information safe, through either the resources we provide or any other resources out there on the Internet, the better off that they’re going to be… There’s every 32 flavors of security software out there, but it really comes down to people. The more your users are aware, the safer you are. And the safer they are, too.”
Photo 1: Matthew Wojtechko
Photo 2: stvincent.edu