How to protect yourself against malware, phishing and other cybercrimes
The IT Services community at Concordia is kicking off a new security awareness campaign this week to highlight the increasing risks of cyberattacks.
They have developed new eye-catching posters in an effort to educate students, staff, faculty and the general public about the security risks posed by intrusive software, or ‘malware,’ and other threats to IT security.
Mike Babin, the director of Infrastructure and Operations at IITS, says the rationale behind the campaign is to convey to students and staff the need to be vigilant about the everyday nature of security and malware threats.
“I think a lot of people are aware on some level that they need to be cautious, but they need to be reminded that certain behaviours are riskier than others,’ he says.
“A lot of these threats come through e-mail or through clicking on links in a web browser. All sorts of malicious software can be installed on your computer that way.”
Ransomware and ‘phishy’ emails
One of the spurs to action was the recent ‘ransomware’ cyberattack at the University of Calgary.
In June of this year, the university was forced to pay $20,000 in ransom after its email server was locked and encrypted by an unknown hacker. Ransomware attacks typically covertly encrypt a system’s files and demand a ransom in exchange for a decryption key.
‘Phishing’ emails are one of the more common malware threats on campus. They are electronic messages purporting to be from a reputable source — such as a bank, social media site, online payment system or IT administrator — which include requests to click on fraudulent links, open dangerous attachments or to provide personal details.
These emails are designed to fool the recipient and capture valuable confidential information, such as usernames, passwords and banking information. They often copy the logos and language of the trusted institution and can be quite convincing.
Beware of unknown devices
One of the riskier forms of behaviour, Babin says, is using unknown devices. For instance, picking up an unknown USB key and plugging it into your computer can result in the installation of unwanted keylogging software. This form of malware covertly copies every keystroke on your keyboard and transmits it to third parties.
While a good anti-virus system will protect students from keylogging software, it provides little or no protection against keylogging hardware.
Known as keyloggers, these physical devices resemble USB keys and are usually attached to a computer’s keyboard cable. Such technology has already been identified on campus.
IT Services recommends that students perform quick visual checks before using public computers to ensure that keyloggers have not been installed.
Be proactive
What else can staff and students do to protect themselves? Install good anti-virus software, such as Sophos, as well as web-browsing security software, says Babin.
Also, be mindful that giving out your e-mail address and other personal information online makes you a target for phishing scams and emails with malicious software attachments..
Be vigilant about where your software is coming from. And of course, when asked to provide account information by phone, URL or email, remember that this is not how business is normally conducted.
The best policy to deal with spam and phishing, according to IT security services, is to filter or delete such messages without opening them.
“People have to keep in mind that no amount of systems and programs will protect them from everything, and it’s really important that people proactively protect their information,” says Babin. “
Students are encouraged to complete the security incident report option on the MyConcordia Portal to report stolen and lost computers and mobile devices, as well as more serious security incidents that compromise their personal information.
To download the free Sophos anti-virus software, students should visit the MyConcordia Portal and select Software and Applications.
Download the free Sophos anti-virus software by visiting the MyConcordia Portal and selecting ‘Software and Applications.’
Were you the victim of a cybercrime? Was your computer or mobile device stolen or lost? Complete the security incident report available through the MyConcordia Portal.