October is National Cyber Security Awareness Month, which the University is observing, appropriately enough, by increasing your security.
BU’s Information Services & Technology has erected a so-called perimeter firewall, a monitor programmed to block unauthorized access to the campus data network. (Find more information here.) Your devices and data fall under this cyber-shield whenever you connect to the network, although it can’t protect you if unauthorized parties gain your password or access to your online accounts. That’s where personal “digital hygiene” comes in.
You—most of you, anyway—wouldn’t go through a day without showering, brushing you teeth, or washing your hands. Eric Jacobsen (CAS’93, MET’03), director of information security, predicts future generations will be as vigilant about digital hygiene, which he says is “understanding the things you need to make habits to take care of yourself and your identity. It includes protecting your online presence and your internet-connected devices through good security practices, and managing the information you share about yourself.”
BU can help, not just through techie measures like the firewall, but with retro strategies such as paper shredding and throwing away old computer equipment. This week, the University will run its sixth annual program of shredding personal documents and destroying unwanted hard drives. Students, faculty, and staff may bring their disposable documents and hard drives to three sessions: tomorrow, Tuesday, October 4, from 9 a.m. to noon, in the parking lot behind Agganis Arena; Wednesday, October 5, from 10 a.m. to 1 p.m., in front of the Talbot Building, 715 Albany St., on the Medical Campus; and Thursday, October 6, from 9 a.m. to noon, in the Granby Street parking lot on the Charles River Campus east.
Jacobsen offers these additional tips for keeping personal information safe:
- Frequent updates of your system and applications are a good idea. Automatic updates on your devices can help with this. “Most security patches are released in response to publicly known vulnerabilities,” Jacobsen says, “and until you apply that patch, your devices are at risk.”
- Never, never, never give out your password. “Passwords are the first and often the last line of defense for your personal information,” he says, and no one should be asking for them. If you get an email asking you to email back your password, think one thing: Scam.
- Putting a PIN or password on mobile devices, like phones and tablets, ensures that their data will be protected if you lose them. “Even the federal government with all its resources has trouble accessing devices that are protected by a simple code,” Jacobsen says.
- “Encrypt the data on your laptop,” he stresses. “Apple and Microsoft have provided ways to enable encryption from within the operating system. Make sure you follow their instructions on saving the configuration or key to a USB device and keep that somewhere safe, but separate from your laptop.”
- Vary your passwords with different internet sites. Using the same password everywhere means that if it’s compromised on one site, all your sites and personal information are jeopardized. At the very least, Jacobsen says, “you should use a unique password for the University to protect your student data; a unique password for anything financial, like your bank; and a different password for your social media sites.”
- “Remember that every piece of information you put in social media sites may be seen by anyone. Make sure the information you share in these forums is something you’re prepared to share with the world and for all time,” he says. People who have failed to heed this advice have, on occasion, lost their jobs.
Most of any individual’s information on the internet, whether it’s social media or banking, is protected by one thing: a password. People who would like access to your data are well aware of this and will attempt to trick you into giving them your password. The most common form of this attack is “phishing”: the person who wants your password will email you and ask you for it. This works a lot more often than most people realize, and some of the ways they ask for your password are clever. The easiest to spot is the email that simply asks you to email the password back. More creative attacks will try to convince you to go to a website and log in, except that site you are logging in to is not the one you are expecting. It’s advisable to be skeptical of links within email sent from sources you don’t know that take you to a page requiring you to log in.
More information can be found here.