Protecting tech devices and identity one and the same

When Caci Krieger was preparing for a night out on frat row with a group of friends, losing her iPhone 4 was not part of the plan. 

“I had it in my pocket all night and was dancing when I realized it was no longer there,” Krieger, a senior at Duquesne University majoring in health management systems, said. 

After asking fraternity brothers who lived in the house to keep their eyes open for her phone, Krieger’s friends spent the rest of the night calling and texting the missing phone.

“Finally, someone did answer, but it was a male who refused to give it back and kept teasing us about where to meet to give it back,” Krieger said. “I assume he then kept it, even though there was a password on the phone.”

Unfortunately for Krieger, a glitch in the device’s security system allowed the man to unlock the device after it received a phone call. 

Because Krieger had only stored pictures, text messages and apps on the phone and was not logged into an email account, no other personal information was compromised.

Leaving phones unlocked and without passcodes gives hackers the chance to obtain credit card and bank account information, addresses and other personal data stored on a cell phone.

While Krieger did have a 4-digit security PIN on her device that, if not for the glitch, would have protected her phone, many others do not. 

More than 30 percent of smartphone users aren’t protecting their devices with passwords, according to online security expert Robert Siciliano of McAfee, a global computer security software company. 

So what can be done about it?

According to Robert Sica, a junior rhetoric and communication major and host of Tech Talk, Pitt’s weekly WPTS radio show, much can be done to protect devices from potential threats. 

A strong password includes at least one letter and one number, including a capital letter, Sica said. Phone users should also avoid a “common password,” which Sica said includes some combination of the user’s address or name.

“While that may seem confined, they are risking the privacy of their personal information,” Sica said of users who use common passwords.

While strong passwords enhance security, Sica said fingerprint identification can be even more effective. 

Fingerprint identification technology, which Sica said is best for protecting mobile devices, can be found on Apple’s iPhone 5s, as well as Samsung’s Galaxy S5, among other devices. Some laptop computers offer similar security solutions. 

Ultimately, Sica said making sure people protect their devices is the key to staying safe on the Internet.

“Your email accounts, your contacts, social media accounts, often even your bank account, to say the least,” Sica said. “It is very frightening to think of the very harsh reality of the damage that can be done with all of this personal [information] when in the wrong hands.”

Krieger offered similar advice.

“I would create a more secure password than the 4-digit [PIN] as well as get an app for losing your cell phone so you can find out where to retrieve it,” Krieger said. “Also when you are out, you could always just keep your purse close by you and observe people around you that you are unfamiliar with.” 

When it comes to technology security at Pitt, students will be free from harm if they follow basic protocols, according to Michele Eichler, Pitt’s executive assistant to the chief information officer.

Eichler gave the following advice:

-Enable automatic security updates for computers as well as mobile devices.

-Install Symantec Endpoint Protection, provided to students for free by the University, to guard against malware and viruses.

-Never leave laptops unattended in a public area, and install Computrace LoJack device-tracking software provided to students for free by the University, in the event they are stolen.

-Create strong, long passwords containing numbers, letters and special characters.

-Never share passwords. Legitimate Pitt officials should never ask for a student’s password.

-Use different passwords for Pitt and non-Pitt sites, and change passwords at least every 180 days.

-Manage passwords securely with a program like KeePass, a password-storing program provided to students for free.

-Never open attachments or hyperlinks in emails from senders you don’t know or download software from untrusted sites.

-File sharing software should not be installed, as it often introduces harmful malware. 

-Always back up personal data and encrypt any files containing sensitive information.

Eichler added that access to PeopleSoft, Pitt’s student information system that helps manage the entire student lifecycle at the University, is governed by a federated authorization process. This process is designed to ensure users have access only to the data they require to fulfill their University responsibilities. 

“All critical University business and academic systems are monitored for security and operational health 24 hours a day, every day of the year by our network operations center,” Eichler said.

Eichler also said Pitt’s security team works closely with the engineers of its computer systems and collaborates with its auditors to ensure stringent security controls are in place.

In addition to following the protective practices outlined by Eichler, students can also visit the Technology Services Desk in the University Store on Fifth Avenue. There, students can meet with a technical consultant to discuss any potential threats, have malware removed from computers and ensure their devices are patched and protected against future threats.

Eichler also said that each October, which was nationally designated as Cybersecurity Awareness Month in 2004, Pitt holds a two-day fall tech fair known as “<3 UR Computer,” or “Love Your Computer.”

According to Eichler, the carnivals are designed to educate students on available computing services and the best computing practices. Other “Love Your Computer” events are held throughout the year as well.

“The most recent “Love Your Computer” event included a fall tech fair in September that allowed students to learn about many of the services that we offer to them,” Eichler said. 

Eichler said some of the information gathered by students at the event includes malware prevention, laptop protection, safe password practices, common phishing schemes and malware detection and removal.

Eichler knows cybersecurity is ever-evolving and said Pitt is committed to continuous improvement of its security practices and programs.

According to Eichler, in 2000, security had an entirely different emphasis. At that time, Pitt had one staff member devoted to security.

“One of that person’s primary responsibilities was to change the combinations on our door locks,” Eichler said. 

Today, Pitt’s security team has 10 full-time professionals who are responsible for implementing and monitoring the firewalls that protect the network, monitoring the computing environment, managing the spam and virus filtering, responding to individual security incidents, conducting security reviews, encrypting email messages, collaborating with departments on security awareness and much more.

Eichler said the security team’s current efforts involve measuring Pitt’s standards against the National Institute of Standards and Technology’s cybersecurity framework and using that framework to strategically improve Pitt’s security program. 

“We are also in the process of designing a new security awareness program to be used by all faculty, staff and students,” Eichler said. 

Not only has cybersecurity become an increasingly important issue, but the profits from cybercrime now also outpace those from illegal drug trafficking, according to Eichler. 

But Eichler knows that no matter how much the University does in terms of putting strong security protections in place, Pitt can never offer complete protection of the entire University community without the contribution of its users. 

“It’s also important to remember that the security threat doesn’t stop when off Pitt’s campuses,” Eichler said. “It is our hope that the security best practices our students learn while at Pitt will be carried into their home networks as well as their future workplaces.”