UBIT promotes computer-security awareness

October is National Cyber Security Awareness Month and the Information Security Office in UB Information Technology has planned a variety of activities to increase the campus community’s awareness of computer security issues.

The focus of the campaign this year is on raising awareness of phishing and the importance of creating strong passphrases — and changing them regularly, says Nadira G Persad, UB’s information security officer.

While we’ve all been warned repeatedly by UBIT about phishing activities targeting UB email accounts, it’s hard not to get hooked.

“We are seeing much more sophisticated phishing messages than in the past,” Persad says. “Grammar in the messages has improved and they are very well done. Links in many of the messages take the victim to websites that look very similar to the UB login page and attempt to get the victim to enter his/her UBITName and password.”

And by entering that confidential data, students, faculty or staff may unwittingly be downloading a virus or malware that infects their computers and takes control of it, or installs keystroke-logging software that collects all the information that is typed in, including UBITNames or user IDs, passwords, credit card and debit card account information, PIN numbers and social security numbers.

Passwords also are often stolen through vulnerable websites or when a website is hacked, Persad says. “If you use the same password on multiple websites and one of these sites is compromised, all of your accounts could be accessed and your personal information obtained.”

She notes that hundreds of UB accounts are compromised every semester and used to send spam or phishing emails. “Armed with your UB password, an unauthorized person can access your UBmail, MyUB and HUB Student Center to view your personal information, which could lead to identity theft,” she says. “Changing your password regularly limits the amount of time a lost, stolen or forged credential can be used by someone else to do damage.”

Catherine Ullman, information security analyst, offered an analogy to further stress the point: “Passwords are like toothbrushes,” she said. “You shouldn’t share them with anyone else and be sure to change them every six months.”

Ullman recommends replacing passwords with a strong “passphrase” and switching them up periodically.

A passphrase uses a combination of multiple words, upper- and lower-case letters, special characters and numbers. Most importantly, she says, it is typically longer than a standard password for added security.

To reinforce its message about phishing and password security, the Information Security Office is sponsoring a variety of activities on campus during October. Among them:

• Members of the university community can take part in weekly quizzes on such topics as social media, malware, phishing and passphrases. Those taking the quizzes will be entered into a weekly drawing for $25 in Campus Cash (students) or FlexiBull Bucks (faculty and staff).
• Posters, featuring a hard-to-ignore image of a shark and hook, have been hung around campus promoting phishing awareness — “Phishing: Don’t get hooked! — and headliner displays on UB Stampede buses promote the message “UB has your back.”
• Articles outlining computer security have been posted on the UBIT website.
• Messages promoting security awareness are being posted on UBIT’s social media sites.
• Information tables will be set up as part of UB Business Day on Oct. 14 and in the Student Union on Oct. 22 and Harriman Hall on Oct. 28.

Visitors to the tables can change their UBITName password; take “selfies” with a mockup of Shark Girl — the popular part-girl, part-shark sculpture residing at Canalside — as a reminder not to fall for phishing attempts; and win prizes by correctly answering security questions at a Phish Tank or Phish Pond.

The tables will be set up from 11 a.m. to 1 p.m. on Oct. 22 in 210 Student Union, North Campus, and on Oct. 28 in the lobby of Harriman Hall, South Campus.

Employees attending UB Business Day at the Ramada Hotel & Conference Center also can hear a presentation on “Everyday Computer Security Risks” at 2:30 p.m. Persad and Ullman will talk about how employees can identify security issues and where they can get help.

Persad advises UB employees who receive suspicious email attempting to steal UB passwords to send the email to abuse@buffalo.edu. UBIT publishes such reports as security alerts to the campus community.