In celebration of Internet Safety Month, Brian Keltch, UA Little Rock’s chief information officer, has provided tips for how we can stay safe online. One of the first things Internet users can do is to be vigilant of the threat of online attacks.
“There are a lot of organized folks trying to attack us online,” Keltch said. “Anyone can go on the dark web now and buy lists of identities and passwords that have been breached. The level of sophistication of the attackers has really risen in recent years. People need to be on their toes and aware of threats on the internet.”
The sudden onset of the COVID-19 pandemic in 2020 brought the abrupt closure of many offices and workplaces that resulted in a shift to remote work for millions of Americans. A 2022 report from the Pew Research Center said that roughly six-in-ten U.S. workers who say their jobs can mainly be done from home (59 percent) are still working from home all or most of the time more than two years after the pandemic began.
Keltch, who has more than 30 years of experience working in information technology, said that this new era of working remotely can lead to security risks when employees don’t take the proper security measures for their home devices. Those who work from home are especially vulnerable to sophisticated phishing attacks via email and texts that impersonate co-workers and bosses.
“These attacks are no longer the ‘Banking request from a king in a foreign country’ email, but have become much more sophisticated and targeted,” Keltch said. “I might get a false email from my supervisor that tells me to purchase this software right away, and I need it tomorrow. If I didn’t validate it, I might go purchase it from an unknown provider or provide my account information. Knowing how to recognize and combat these phishing attacks is important.”
It can be hard for employees to identify these messages as false since they often come from someone they know, include the company’s logo and email addresses, and contain inside information that strangers shouldn’t know.
“Cyber criminals really count on what they call social engineering,” Keltch said. “It’s tricking individuals to provide information they shouldn’t provide or to allow something to be installed on their machine that shouldn’t be installed. They rely on connectedness. They study social media to understand who your boss is, who your friends are, and they use that information to gain your trust and try to take actions that will harm you.”
Keltch recommends several tips for how remote workers can protect themselves online:
Strengthen your password hygiene. The most important step you can take to protect yourself is to not use personal information in passwords and repeat passwords for account logins. Instead, use passphrases and a password manager to keep your login information more secure. If you are using the same passwords over and over, you are definitely putting yourself at risk. Hackers are constantly running algorithms trying to crack your passwords.
Secure your home devices by updating your computer’s operating system and set it to automatically accept security upgrades and patches, encrypt hard drives and other electronic storage devices, and use a virtual private network to encrypt data.
Harden your home’s WiFi network by making sure your WiFi router has a unique and non-default password and that you have enabled WiFi encryption. Regularly update your router’s firmware and install patches.
For those working on campus, Keltch recommends using UA Little Rock’s Google for Education suite and a virtual private network. People should not save their passwords to internet browsers since that information can be easily accessible. When in doubt about the authenticity of an email or text message, you should call that person directly to see if they sent the message.
Another major concern for employers is ransomware attacks where hackers will lock a system, encrypt files, and demand a ransom payment in order to access the system again. The perpetrators of the ransomware attack often demand payment in cryptocurrency because it’s untraceable. Furthermore, ransomware attacks are hitting the education and healthcare industries hard nowadays, so university employees and students should be more aware of the potential for these attacks.
“On campus, a big cyber threat is ransomware,” Keltch said. “A bad agent will attempt to get into our network, penetrate our firewalls, and lock us out of our databases. Imagine what it would be like if we didn’t have access to Banner or Boss. The hackers usually require payment in cryptocurrency because it’s untraceable. That’s happened to a couple of universities in Arkansas. UA Little Rock, like most universities, protects themselves by backing up critical data at sites off campus in case of ransomware attacks.”
Today’s online world means students, faculty, and employees can work from anywhere, but it doesn’t mean that we have to put our data, information, and systems at risk. Following these precautions, remote students and workers can be more confident in their remote security and shut the door to any hackers who might want to take advantage of them.