With cybercrime on the rise across the nation, BJU is committed to maintaining high standards in the area of cyber security. Meriam-Webster defines cyber security as “the measures to protect a computer or computer system against unauthorized access or attack.”
Bob Wesley, the University’s information security specialist, defined the term cyber security as the “basic level of protection of information.”
Matt Gardenghi, CISSP (Certification for Information System Security Professional) and director of IT academic technologies, said cyber security is simply “preventing bad actions.”
Gardenghi and Wesley described phishing, a common cybercrime. “Phishing is an effort to get information [usually] with malicious intent,” Wesley said. This often occurs through phishing emails, which can contain harmful links leading to websites containing malware.
“The goal in a phishing email is for you to do something,” Wesley said. “They want you to give them your information. Don’t do it.”
BJU uses multiple programs to protect University information. “Our approach [to cyber security] is defense in depth, which looks like layers of defenses on top of each other,” Gardenghi said.
One layer is the spam folder. All electronic mail that comes to campus addresses is first filtered through the spam folder. This includes emails received in student, faculty and staff accounts.
“Around 85 percent of [incoming] mail gets blocked,” Wesley said. Gardenghi said that the spam folder filters out objectionable content such as pornography, links that lead to malware and other harmful issues.
Wesley said he works directly with the spam folder and would like to be notified of any emails not filtered out. He asks students who receive any type of spam content in their inbox to forward it to firstname.lastname@example.org.
Another layer of defense is the proxy server, which one dictionary defines as “a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service.”
Both Gardenghi and Wesley said students often think negatively of the proxy server, but the proxy server is there to protect them. “[The] proxy is a security tool that has a lot of benefits,” Gardenghi said.
The proxy server detects when a website has been compromised and blocks the website from being accessed on the BJU network. A website becomes compromised when malware is present.
“Some legitimate sites will become compromised for a short period of time,” Wesley said. “When that happens, they will be [blocked] until they become [uncompromised].”
Proxy also blocks ads that could contain harmful malware. When this happens, users will not be aware that ads are being blocked.
Wesley said students sometimes think BJU manually blocks websites. However, that is untrue. The proxy is managed by a third-party organization that controls which websites are blocked.
The IT department will also try and hack into their own network, this is called “ethical hacking.” This allows them to push security. “[During these scenarios] we think like an attacker,” Gardenghi said.
PROTECT YOURSELF ONLINE
Cyber security, a concern of corporations, business and colleges, begins with the individual. Matt Gardenghi, CISSP, director of IT academic Technologies, said being knowledgeable is one of the first steps in protecting oneself against cyber harm.
Gardenghi said students may believe they won’t get hacked or have their identity stolen because of their financial status. However, hackers may wait until students graduate and begin to accumulate assets.
“[The bad guys] are able to sit and wait three to five years possibly until you get that job and have that amount of money,” Gardenghi said. If hackers can access information now, they could possibly devastate lives in the future. Gardenghi encourages people to protect themselves by never sharing passwords with others.
“I’ve seen people share their passwords,” Gardenghi said. “[Eventually], they get hacked.”
Social media accounts are often hacked with the purpose of stealing information like usernames and passwords because many people use the same passwords for multiple purposes. For example, if a Facebook password is the same as a bank account password, and that Facebook account is hacked, then the hacker potentially has access to that person’s bank account password.
Stephen Yurkin, a junior computer science major with an interest in cyber security, said he changes his passwords often.
“Have your passwords updated,” Yurkin said. [BJU] doesn’t [have mandatory password updates] just for fun, they have it for reasons, and one of those reasons is that you have a new password [for your protection].”
Yurkin said that when making a password, he uses phrases instead of just words. “I like using passphrases so that it isn’t a really long word that you have to remember, and it is harder for [someone] else to guess,” Yurkin said. One example passphrase Yurkin gave was “Glory4God”.
Yurkin said students should be careful when receiving an email with a link or URL in it. “[One big thing hackers use are] these URLs that come in that people click on randomly just because they look appealing,” Yurkin said. “Don’t click on a link that you didn’t expect to receive.”
Yurkin also said having devices up to date will help keep information secure. “The company is literally doing the work for you, that’s why the updates are there,” Yurkin said. “It’s so that you won’t be as vulnerable.”
Gardenghi recommends using the pre-installed security program on an electronic device and using a program like Adblock Plus for increased protection.
Cyber security is important to maintaining a safe life. Gardenghi encouraged students with questions about security habits or who would like to know more about cyber security to contact the IT department.