Skip to main content

Take the IT Security Quiz, Win an iPad

IT security is a job for all of us

When it comes to computer infections, no one is immune.

John Board, Duke's associate CIO, learned the hard way after his 8-year-old son clicked a popup window, warning that one of the family's computers had been infected with a virus.

"He thought he was doing the right thing, because it looked similar to real alerts from anti-malware applications," Board said. "Hackers are sufficiently slick now that they can trick even savvy people into clicking on one button. Now that machine is toast."

Fortunately, the family's home network was segmented, so the infection was limited to one machine - not the computer Board uses for Duke business.

In today's hyper-connected world, employees face increasingly sophisticated threats from all directions as cybercriminals seek new ways to get their hands on personal information and Duke data.

Analysts in Duke's IT Security Office are seeing an increasing number of infected computers, in large part due to the increasing use of social networks.

"With Facebook and LinkedIn, people are using the Internet in ways they didn't before, but they're also exposed in new ways," said IT analyst Rachel Franke. "People are using more devices and more applications. Our multitasking has scaled up, and the malware is getting better."

Malicious code distributed via social networking sites successfully infects about 10 percent of users, making it 10 times more potent than malware distributed via e-mail, according to a 2009 report by Kaspersky Lab, a security software firm.

Universities make especially appealing targets. Unlike corporations - which often restrict access to social networks, put up firewalls and implement strict policies to protect assets - the academic environment is more open.

At Duke, for instance, "there are no rules against accessing social media or Google Apps from your work computer," Franke said. "But you run the risk that you're exposing your computer and work data to unknown people."

Duke is continually expanding its methods and tools to increase information security. But as part of National Cyber Security Awareness Month in October, Duke IT analysts want to remind employees and students to do their part, too.

"Thinking before you click is like driving defensively," Franke said. "We all have to be vigilant."

 

Tips for social networking security:

  • Set appropriate privacy and security defaults and choose a complex/unique password.
  • Be careful installing third-party applications.
  • Only accept friend requests from people you know directly.
  • Read the privacy policy and terms of service carefully. Limit personal information you share.
  • Consider all information and pictures you post as public!

Source: SocialMediaSecurity.com