About 40 people attended N.C. State’s kick-off event for Cyber Security Awareness Month — a lecture sponsored by the Office of Information Technology. The lecture, titled “How to Take Control of Your Digital Life,” provided faculty, staff and students tips on securing their privacy online.
Tim Gurganus, an information technology security officer for OIT and Friday’s lecturer, said he thought the event went well.
“I think our role is to raise awareness of the attacks and scams that are out there,” Gurganus said. “There is a risk, and there are things the students can do to reduce it. That’s how we help the campus in general with these presentations.”
Gurganus said this is the fifth year he’s helped with Cyber Security Awareness Month, which is sponsored by the Department of Homeland Security. Although CSAM is in its 10th year nationally, Gurganus said it’s still growing in popularity.
“I saw a PSA about passwords a couple days ago on NBC,” Gurganus said. “I was surprised – it was the first time I’ve seen something about this on TV.”
During the event, Gurganus provided several tips for keeping personal information — such as passwords, Facebook photos and bank accounts — safe from hackers.
First, Gurganus encouraged students and faculty to always turn on the “Do not track” feature, which is supported by Firefox, IE and Google Chrome. He also said Internet users should seek to use encryption as much as possible.
“When you see ‘https’ in the URL online, that means you’re on an encrypted website,” Gurganus said.
Second, Gurganus said Internet users should be extremely protective of their passwords and should use different passwords for different accounts. The password strength should be relative to the importance of the account. For example, a student’s bank account password should be far stronger than his or her Twitter password.
He also said Facebook users could request a one-time password, which could be used when logging on from an insecure location such as a public computer. Facebook sends the password to the users via text message, and they are good for only 20 minutes.
Gurganus said people should be extra sensitive about passwords because they are a common target for hackers.
“Password guessing and phishing are a very common way for breaking into your accounts,” Gurganus said.
Gurganus said one way hackers obtain passwords is through social engineering.
“Hackers study what you open,” Gurganus said. “They’ve gotten very good at it.”
Gurganus said hackers will commonly email users with fake Facebook requests, UPS and FedEx orders, credit card memos and even parking ticket notifications. To avoid accidentally downloading a virus or giving away private information to a hacker, Gurganus said students should hold their mouse over any links in the email. If the link is to a foreign website, students should open the link and instead delete the email.
N.C. State is not immune to these attacks. Gurganus said he often thwarts attempts from hackers to imitate Shibboleth, Moodle, WebAssign and MyPack. A large part of his job is to prevent these malicious emails from reaching students.
“We’ve got some good filters with some updates from me every now and then,” Gurganus said. “If we didn’t have those filters, you would probably get at least one [malicious email] a month.”
Lastly, Gurganus advised students and faculty to keep various programs, including Adobe Reader, Flash Player, Internet browsers and Java, updated. Each of these platforms sends out updates on a rotating basis — usually monthly — to help combat the latest hacker tools.
“Java is the most important thing to patch,” Gurganus said. “I find that Java is most often exploited.”
Gurganus said events like the one Friday help keep the campus community informed.
“A lot of these are just attacks on all universities because the attackers know we don’t have a large security staff and they know we have a lot of students and that our networks are generally open because this is an open environment,” Gurganus said. “My goal is that students come here and use their computers for four or five years and they don’t have any problems with malware or phishing.”
