October is National Cybersecurity Awareness Month. All month long, ITS News will highlight how we can all secure our world. Check out all Cybersecurity Awareness Month events, or for year-round tips on staying cybersafe, visit Safe Computing at UNC.
You likely know it takes a collaboration to keep you — and campus — safe online, but the partners in the cybersecurity joint effort may not be exactly who you think.
Yes, IT professionals across the University deploy and maintain technical controls — the hardware and software that protect our systems — but there’s more to cybersecurity than firewalls and encryption. Your actions, behaviors and habits are an essential part of the partnership, too.
Technical controls protect against skyrocketing threats
“One of the things about information security is that old threats never really go away,” said Michael Williams, Network Security Team Lead in the Information Security Office. “This means all the old ways of trying to compromise a network, such as scanning it from outside, identifying targets and then testing exploits against them, still happen.”
In fact, Williams said, they happen more than ever. The Information Security Office tracks metrics, like matches against intrusion prevention signatures and campus computers trying to reach malware sites. “We only ever see those go up,” he said.
Phishing, scams, bots that influence public discourse on social media, bots that target individuals through email and other messaging are the types of threats that Williams said have “skyrocketed” in recent years. These threats against decision-making processes are “enormously popular” and can be “exceptionally convincing.”
Campus is more secure than ever
Campus IT security can handle both types of attacks. “We block plenty of those scans and exploit attempts, but we also block a lot of phishing links and other more dynamic, person-oriented exploits,” he said.
The good news, Williams said, is that the campus network is “more secure than ever, all due to the extremely hard work and long hours put in by many teams across many organizations within the University.” The not-so-good news — “there are still many risks, especially those targeting users.”
Your part of the cybersecurity joint effort
“A person who has been sufficiently persuaded can get around just about any protections we put in place,” Williams said. Bad actors know that — they entice you to bypass the technical controls, like by having you click a link, install software or continue a conversation on an unprotected platform.
This is where you play a role in the cybersecurity joint effort — you need to know how to keep yourself safe.
At a recent conference, Tiffany Temple, an information security specialist and risk analyst in the Information Security Office, learned a new favorite quote — “cybersecurity isn’t just something you learn, it’s a lifestyle.”
To Temple, the “best practices and habits we apply in our personal and professional lives” are what cybersecurity really means at the individual level. These best practices and habits, she said, are what “protect our sensitive data and the data we work with from theft and misuse.”
And good security habits don’t have to be complicated. Here’s one way to start — use a password manager. ITS provides free access to the LastPass Premium password manager for students, faculty and staff.
One of the best security habits to build is using unique passwords across your accounts. That way, if one password is compromised, your other accounts will remain secure. With LastPass, you can store and autofill your long, strong and unique passwords instead of trying to remember them. Even better, when you need a new password, LastPass will generate a random one for you.
It takes a village
Williams said that the days of “putting up a firewall, dusting off one’s hands, and forgetting about security are long over,” so we can expect that all of us will continue to play an essential role in our cybersecurity.
“Cybersecurity is a joint effort in that it takes a village to be successful and vigilant,” Temple said. “Users must be proactive in following best practices and reporting issues, while cybersecurity professionals provide the expertise and tools needed to protect systems and data. Effective cybersecurity depends on this joint effort, with each party supporting and reinforcing the other’s contributions.”
You can learn more about your role in keeping yourself, and campus, secure at Safe Computing at UNC.