Published October 24, 2019
October is National Cyber Security Awareness Month, and UB Professor Alan Katerinsky shared some practical ways UB community members can keep themselves secure all year long.
Professor Katerinsky is a professor in UB’s Management Science and Systems department, specializing in Information Security, among other areas.
One easy way to avoid becoming a victim is by using passphrases instead of passwords. Also, it’s important to never use the same password for multiple accounts.
“When one organization is breached, all the passwords and logins are stolen and sold on the Internet,” Professor Katerinsky said. “They try every login-password combination they’ve got and, eventually, someone has used the same password and login at another organization."
“Re-using passwords and even logins is pretty much a sure way to get yourself hacked.”
“Using public Wi-Fi is a big risk, and should be avoided if possible,” Professor Katerinsky said. “Use a free VPN if you can get it.”
UB provides a VPN to all faculty and students to protect data when connecting to the university.
“Information security has a triad: confidentiality, integrity, and availability. Sometimes, availability and confidentiality are in conflict,” Professor Katerinsky said.
“The more secure your [device] is, the more difficult it is to get to. If you could get any advantage at all, a VPN, a password manager, anything like that, use it!”
Professor Katerinsky added: “Close the extra tabs on your browser when you do any transaction."
“It is very possible that someone has compromised another, less-secure site, and while all those tabs are open, it’s effectively the same connection. There are pieces of software that can grab your passwords right off of the other [tabs].”
In addition to closing tabs, Professor Katerinsky said, “Take an extra minute to look at where your emails come from. It can have someone’s name in it, and the actual email address is totally different."
“That is one of the things they do at schools like UB—they take a Dean’s name and try a standard scam, but it looks like it has the authority of someone trying to make a real connection with you."
Report suspicious email—even if it appears to be coming from someone trustworthy—by sending the email and its header information to UB’s Information Security Office for analysis.
“All of these things work based on age old con men tricks. They appeal to your kindness, or appeal to your greed, or appeal to your curiosity. All of these things work. Why do they work? Because, humans are still humans.”
“[The biggest threat to the UB community is] the same as it is for everybody else… phishing attacks. A well-crafted phishing attack will get past about 50% of alerted security professionals.”
Professor Katerinsky continued, “Take an extra second, don’t be in a hurry. It doesn’t matter how smart you are if you’re not paying attention.”