Duke students should take measures to protect themselves from breaches of cyber security, information technology administrators said Tuesday.
In honor of National Cyber Security Awareness Month, the Information Technology Security Office hosted a campus event to promote awareness about phishing and ways to prevent it from occurring. Phishing attacks try to fool people into either giving their information through an apparently safe site or installing malicious software to steal information. These attacks happens frequently on the Duke network, said Richard Biever, chief information security officer and head of the IT Security Office.
“Phishing is probably our number-one concern for the entire Duke community,” Biever said. “Everybody’s a target. It’s important to have an awareness of what you’re doing online and how you could be targeted by somebody that’s trying to get [to] an account, get access to your computer.”
Recent cyber security breaches at Duke include phishing attempts that install Cryptoware, where hackers hold data hostage and refuse to unlock it if the victim refuses to pay a hostage fee. People have also put information on Duke-sponsored websites that did not originate from Duke, said Shelly Epps, clinical research coordinator of the Data Management Solutions Team.
“Whenever [attackers] think there’s a window that you’ll be more vulnerable, you’ll see spikes [in attacks] in that time,” Epps said.
A large number of attacks are routinely blocked, Biever said. Around 600,000 network-based attacks on Duke computers are blocked every day. Additionally, of the 130 to 140 million messages received every month, 90 percent of them are automatically blocked before ever reaching somebody at Duke because the security system recognizes it as spam or phishing, Biever said.
Biever said the most important thing for the future is working with students to continue to raise awareness of cyber security.
“[It’s about] finding that balance of helping the community, [keeping] computer security and at the same time continue to promote the freedom and openness we’ve come to expect in these ideas of academic freedom,” Biever said.
OIT analyst Harrison Muse said students should keep cyber security in mind because it is becoming increasingly important.
“All your communications are online now [and] people are putting all of their information on social networks like Facebook,” Muse said. “If you don’t secure that information, that can be a bad thing.”
Freshman Zack Reavis said he stopped by the table in front of Perkins Library because he had gotten viruses on his old computers and his friend had his email hacked multiple times.
“He tried getting on it and it said [the] password’s been changed, and he had to change it and things were deleted,” Reavis said.
The IT security office is also hosting three lunch seminars on various security topics throughout the month, as well as a “Phishing Tournament” on their website. Students, faculty and staff can read up on information about phishing and then take a phishing quiz for the chance to win an iPad Mini.