With the start of a new term, security engineer Adam Goldstein sees students attempting to download free eBooks to avoid paying for textbooks. But the texts come with a hidden cost: “These books have malware Trojans,” Goldstein says. “By downloading them, students introduce harmful software that can delete files and steal data.” In addition, Goldstein has noted a significant uptick in copyright violations online—also fairly routine for this time of the year. “We caution students not to illegally download material because they’re subjecting themselves to lawsuits from media companies,” he says.
Ebook malware and copyright violations are just two of many security issues Dartmouth’s Cyber Security Team confronts on a daily basis, which is why the College is taking part in National Cyber Security Awareness Month. The U.S. Federal Government designated October as a time to reach out to the general community about various safeguards to protect privacy and personal data.
“It’s important for everyone to do what they can to protect themselves, and we hope to help them by giving them some tips on ways to conduct themselves online safely,” says Chief Information Security Officer Steve Nyman. According to Nyman, one of the most common threats at Dartmouth is phishing, a type of attack in which users receive an email link to a legitimate-looking site, click on the link, and enter sensitive information into a malicious website.
“No one is immune from it,” Nyman says. “Bad guys and spammers are out to take advantage of any resource and any information they can get their hands on. People find phishing emails popping up in their mailboxes and they need to be aware and delete those messages.”
Staying safe online is important at an institutional level, as well. Nyman and his team protect Dartmouth’s broader IT infrastructure to prevent economic espionage and attempts to steal university research.
“We had a system that was developed and maintained by a graduate student and a faculty member, which was not adequately designed and therefore was subjected to a routine type of attack,” Nyman says. If the College’s IT professionals had managed the system, the breach would have been easily prevented. Nyman: “Individuals who are going to set up systems need to reach out and get professional IT assistance in making sure those systems are secure.”
Cyber criminals also target higher-ed resources, such as library subscription services. According to Nyman, hackers have already infiltrated such systems at several universities. Once inside, thieves use subscriptions without charge and violate an institution’s licensing agreement to the point where vendors threaten to shut off a university’s access. Dartmouth’s Identity and Access Management project has deployed Knowledge Based Authentication (KBA), a series of security question challenges, to thwart the use of these hijacked accounts.
ITS offers several security tips online. In the coming weeks, we’ll post more information about cyber security attacks and how to combat them. In the meantime, Nyman says: “Be careful what you click on.”