University community has role in IT security
Everyone is online and connected. Each device—computer, tablet or smartphone—fills every nook and cranny of life with zeroes and ones, putting the virtual you at risk.
By Colleen MacPhersonMaking sure those nooks and crannies on campus are as secure as possible is the job of Lawrence Dobranski, director of security in Information and Communications Technology (ICT), a position he started this past June.
"It took 40 years for the internet to grow to having 12 billion devices—things connected to the internet. In the next four years, that number is expected to grow to 50 billion devices," said Dobranski on what is on the IT security horizon. "Everybody brings their own device with them to school and work, and that's only going to continue."
This new reality, a reality Dobranski said is called Bring Your Own Device (BYOD), creates and escalates all sorts of IT risks, from identity theft and phishing emails to viruses and cyber stalking. "How many people are aware of the security issues and risks associated with BYOD? My job is about risk management for the university and creating a balance between acceptable and not acceptable risk."
With that overarching mandate, Dobranski sees three main tasks for the office of ICT Security: help the university community understand and manage IT security risks; manage IT security risks that occur; and be the architect of IT security at the U of S.
"Awareness in the campus community is a priority. People must understand they have a responsibility and their contribution is important. It is a community issue."
Some of the easy steps everyone should take, he explained, include not using the same password for everything, ensuring antivirus software is always up to date, and simply logging out of a computer when it is not in use.
"You wouldn't leave your door unlocked so don't leave your computer logged into. A lot of it comes down to your own personal philosophy on risk. Some people jaywalk with cars coming and others won't cross unless the street is clear."
Another important thing to be aware of are phishing emails—like the phony emails from banks claiming there is a problem with an account or correspondence from "princes" of foreign countries asking for help transferring their money.
"If it says ‘click here' and you are unsure, just don't," advised Dobranski. "They are hoping to get bites to access your information or your device."
Those phishing emails can be sophisticated, like one that recently purported to come from Rick Bunt, the university's chief information officer. That email featured the U of S logo and Bunt's signature block.
"I was in the airport and got a very official-looking email from Rick and I thought ‘That's odd, why would Rick send this?' Upon closer look, it was clearly phony, but it is not always apparent when reading these emails on small screens of mobile devices."
That recent spear-phishing, or targeted, attack was sent directly to 2,700 university accounts in the hope of accessing information. These attempts, explained Dobranski, vary in success, but because of how people are bombarded with information on mobile devices and rapidly assess it, people do sometimes click.
"There are no new crimes or attacks, just modern versions," he said. "What used to be done by phone is now done by email. I don't know what it will look like in 25 years but it's not going away. Crime is crime. My role is not enforcement. I'm a business enabler, which you don't usually hear from a security guy. I am like a safety crossing guard, or maybe the traffic reporter—warning listeners about collisions, road-conditions and road-blocks and suggesting routes that might be safer."