This has been Homecoming Weekend at our local university, the University of New Brunswick (UNB). It’s been a glorious early fall weekend for alumni to gather and reminisce. Yesterday morning, as part of the festivities, an enthusiastic crowd of computer science and electrical engineering grads, along with current and former UNB computing employees and other interested attendees, enjoyed a presentation on the innovative, trailblazing history of computing at UNB, followed by a panel of experts giving fascinating and provocative perspectives on cybersecurity. There was plenty of food for thought.
Cybersecurity has a significant presence in our town. Several IT companies here focus on IT security, from IBM’s global security division and other established companies to exciting new start-ups. As well, UNB is home to the new Canadian Institute for Cybersecurity. In fact, IBM’s security software, QRadar, was acquired when IBM took over a local company that had successfully commercialized earlier versions of that software, developed in partnership with UNB.
Yesterday morning’s panel discussion got me thinking that it might be instructive to share some of what I’ve learned from this and several other discussions and lessons about online threats and precautions.
Physical privacy and security
We’re all aware of the need to secure our physical personal belongings. We would be irresponsible not to recognize potential threats. We lock up our bikes from the time we are kids. We lock our homes and cars; we think about installing security systems. In recent discussions with someone close to me I learned that some of the endless irritating unsolicited phone calls that I never answer may be coming from people trying to see if I’m home or not, with a view to trying a break-and-enter. Good grief. I’m not planning on starting to answer any of these calls, but it shows the kind of tricks people play when they are out to cause trouble. And what about the notion that if you cancel your paper delivery while you’re away (instead of arranging for them to be retrieved by a neighbour), your paper deliverer and dispatcher will know you’re away? Is this really something to be concerned about? Am I too trusting?!
Online privacy and security: cybersecurity
Most of us now carry out a significant amount of our lives online. That’s not likely to change, except to increase. We bank online, shop online, renew our driver’s licenses online, pay our taxes online, donate to charities online, and register for courses online. We communicate with friends and family online, post personal pictures online, and share personal information and feelings online. We do it all. In the process, we provide our names, addresses, phone numbers, bank information, credit card numbers, birthdates, passport numbers, SINs(SSNs), and passwords. And that’s not going to change, it’s far too convenient.
We read altogether too often about major corporations – and governments and political organizations – being hacked. 500,000 Yahoo accounts, Target customers’ credit card info, the DNC, the New York Times … and these are just the ones you hear about because they couldn’t keep it secret. Keep in mind that no organization wants the public to find out that they’ve been hacked; it’s not good for business! There’s a hacking target for every hacker. Some hackers are 15-year olds in a basement who are attracted mostly by the challenge (which is still illegal, 15-year olds). Other hackers are seasoned criminal coders who are in it for the money (and there is gobs of it, in the billions of $s), for stealing corporate or national secrets, or for causing serious political/international disruption (including countries hacking other countries).
For companies, banks, governments, and public institutions, this is serious stuff. They increasingly require the ongoing expertise and responsive software provided by leading-edge cybersecurity companies and researchers such as those found in my hometown of Fredericton. Not taking seriously the cybersecurity of your data and that of your customers, clients, and citizens, is like not locking the doors, not doing security checks on your employees, not having fire insurance … or worse.
For individuals, it is worth considering the following:
- No computer company, bank, or government ever calls a home owner out of the blue and asks for information about your account or your computer. Never. Ever. This is a scam. Hang up … and consider reporting the call.
- No computer company (Apple, etc.), bank (or PayPal), or government agency (IRS, CRA, etc.) ever sends you email out of the blue telling you they want to update your information (or telling you anything else) and asking you to click a link. This type of emailing hoax is called “phishing”. DON’T CLICK ON ANYTHING. More likely than not, this click will install malware (malicious software) that will take control of your computer, allowing the “bad guy” to access everything on your computer. If you click by mistake, take your computer to a computer doctor right away to be cleaned.
- As per #2, if such an email has an attachment such as a .pdf file, DON’T OPEN ANYTHING. More likely than not, opening this attachment will install malware on your computer.
- Make sure that your antivirus protection on your computer is current.
- Do not do any computer transactions that require private personal information (banking, including credit card information, etc.) while on non-secure public WiFi networks. These public-access connections are wonderful and convenient, but easy targets for hackers when they are not password protected. Stick to Facebook when at Tim’s!
Some phishing emails are extremely convincing; they may use the real corporate logos, colours, and fonts, plus email addresses that look authentic. DON’T FALL FOR IT. If you’re really not sure, don’t click on a link or open an attachment, instead call the purported organization to check, report it, or just ignore it.
Cyber physical security
Many of you will have heard of the Internet of Things. This speaks to the pervasiveness of the Internet and how everything is connected to it. Increasingly, everything really does mean everything. More and more devices, appliances, and vehicles are available to us, marketed as “smart”, are computer-enhanced and Internet-enabled. Fancy vehicles with smart features are actually sending data back to the vendors, so that they can analyze how your vehicle is working. At the same time, ostensibly, the vendor can know where you are … and where you aren’t. Worse, it means that you are now driving a vehicle that can be hacked. Depending on the vehicle, a hacker may be able to take control of your vehicle and use it for nefarious purposes.
Apparently we now have the luxury of purchasing smart refrigerators that can keep track of what food we are running low on and let us know when to shop again! Personally, I find that just writing this down on a piece of paper works well, but then again, I am old(er). People seduced by this type of feature should, however, bear in mind that this too is Internet-enabled and is storing information about your use of this appliance. As well, your smart WiFi refrigerator may be able to be hacked and used for other unpleasant purposes altogether! Similarly, the smart WiFi thermostats being introduced embed the ability for your utility to monitor what settings you have in your home at all times, which let people know whether it’s likely you are home or not.
I hope you can see that, while technology provides us with huge advantages, it also brings new challenges, including what price we pay for privacy and how we manage it. Understanding what it all implies and what our options are in deciding how to use technology is important. I for one am not planning on purchasing a smart refrigerator!
Photo credits: blog.unb.ca, dreamtime.com, techhive.com