Computer safety issue brought to forefront
U.Va. participates in first Cyber Security Awareness month
By Katherine Ward
When the evening news alerts you that there is a predator in the community, do you go to bed with the doors unlocked? Do you walk alone at night? Of course not. But what most people don’t know is that their computer is just as vulnerable to a dangerous attack.
Cyber security is a term that relatively no one knew 15 years ago. Computer viruses? Hackers? Identity thieves? Unheard of. Today, however, the issue is critical, because we rely on our computers as vital tools to do our work, which means that our personal information is not so personal and may be vulnerable to even the least sophisticated hacker.
With all this in mind, the National Cyber Security Alliance designated October as National Cyber Security Awareness month to raise awareness of computer safety. The alliance targeted home users in week one, small businesses in week two, education audiences (K-12 and higher education) in week three and child safety online in week four.
U.Va. is a founding partner of the Virginia Alliance for Secure Computing and Networking (VA SCAN), formed to strengthen security programs within the commonwealth by sharing information and possible solutions. The group held a conference at the Darden School on Oct. 11 and 12 to provide an up-to-date national perspective on one of the toughest problems information technology professionals face – security.
According to Shirley Payne, director for security coordination and policy in U.Va.’s Department of Information Technology and Communication, the biggest problem computer users have is a lack of awareness. The National Cyber Security Month initiative is trying to help people think about computer security within the overall context of safety and security. Even on the safest college camp-uses, computer security is at risk.
“It’s reported that 100 new viruses are unleashed on the Internet each week,” Payne said. “Fifty-plus new computer software vulnerabilities are found each week, and the time between the announcement of a new vulnerability and the development and release of an exploit for it is shrinking.”
There are ways to protect yourself, Payne said. Don’t ignore the necessity of using antivirus software and keeping it updated, or disregard the patches that computer companies release for download; use firewalls and back up your files, she recommended. On the Stay Safe Web site, there is a list of the top 10 ways to protect yourself (see sidebar). Payne added some of her own advice to those:
• Remove or turn off computer software features you don’t use. The more software you have on your computer, the more opportunity there is for someone to exploit it.
• Keep computer media (such as CDs) containing sensitive data in a safe place. When they are no longer needed, destroy them. Don’t just toss them in the trash.
• When it’s time to replace your computer, ensure that the hard drive is properly wiped clean of data or destroyed.
• Take advantage of security services offered at the University, such as free operating system patch service for
employees, free antivirus software for employees and students, and e-mail greylisting service for employees and students.
Payne also described a new kind of exploit that has surfaced during the past year. Called “phishing,” it’s a scam being used by identity thieves to trick people into sending them personal information such as credit card numbers, bank account IDs and passwords via e-mail.
“It’s reported that phishing scams are growing at the rate of 110 percent per month,” Payne said. “The FBI considers this one of the most rapidly growing crimes in America. I’ve heard that nationwide, 5 percent of people who receive phishing e-mails respond with the requested information. We want computer users here at U.Va. to be aware of this problem and not become a statistic.”
A common misbelief computer users have, Payne said, is that someone else will take care of security for them. That may be true in some cases, but don’t assume it.
“Remember too, that technical safeguards aren’t enough,” she said. “It also takes responsible action on the part of individuals. University policy holds every computer user accountable for the security of his or her own computer.”
Even with all this information, many computer users are still careless with their security. But the reality of what can happen should be grounding: your personal data could be stolen. All of your files, e-mails, bank account information, pictures of your family you keep in a file — all of this could be stolen and used by a stranger — possibly to damage or steal your identity. But computer users at the University can be safer.
“Be vigilant,” Payne said. “Heed alerts from ITC and Health Systems Computing Services — protect your home computer and teach your family members to do the same.”
A study released Oct. 25 by NCSA and America Online revealed some shocking statistics, including:
• 77 percent of home computer users think they are safe from online threats, but most have no firewall protection.
• 67 percent of computers lack current antivirus software, and one in five are infected with viruses.
• 80 percent of home computers are infected with spyware/adware (programs that let advertisers track a computer’s activities and can allow hackers to steal or transmit information); 88 percent didn’t know they were
• 49 percent of broadband users lack any firewall
|Fiction vs. Fact
Shirley Payne, director for security coordination and policy in U.Va.’s Department of Information Technology and
Communication, stresses the importance of cyber security awareness. She reviewed some common misconceptions University computer users have, and what the real answers are:
Fiction: You can fix security and be done with it.
Fact: Security is a process, not a project.
Fiction: You don’t have anything on your computer a hacker would want.
Fact: The computer itself is valuable to the hacker. He/she can use it as a platform to launch attacks on others.
Fiction: Security is technically complex. The average user can’t address it.
Fact: That’s been partly true in the past, but the newest operating systems, such as Windows XP, are delivered with preconfigured, secure settings. The vendors also provide Web sites that provide nontechnical information about how to keep the systems secure for the long term.
Fiction: Security costs too much. I can’t afford the time and expense of learning and doing something about it.
Fact: The direct and indirect costs of security breaches can cost even more. That’s why security awareness is so important. As a popular bumper sticker says, “If you think education is expensive, try ignorance.”