A new internet safety course among options to protect schools from cyber threats
Benjamin Fung is forthright when asked about the weakest link in cybersecurity. “The most vulnerable attack channel is always humans,” said the McGill University professor, who is also Canada’s research chair in data mining for cybersecurity.
The best way to avoid cyber threats is to ensure the person operating an electronic device is well-informed and knows what to watch out for, Fung explained in a recent interview with The Concordian.
Phishing emails—fake emails that appear to be legitimate and ask a user to enter personal information—are an example of a common threat that can easily be avoided if the email user is well-informed.
On Aug. 31, an article posted on the McGill Reporter reported “several McGill email users have recently received phishing emails that look like legitimate McGill correspondence but are actually designed to steal your confidential personal information.”
A similar message was published in May on Concordia’s website. It explained that Concordia email service users had received phishing emails and asked users to “delete [the email] immediately and to not open any attachments or click any links within the body of the message.”
In an interview with The Concordian, cybersecurity expert Terry Cutler said, “It’s very important to keep control of your digital life […] You never know how your information can be used against you.”
Last week, Cutler released a consumer course called Internet Safety University, geared towards teaching university students and staff effective ways to avoid cybersecurity attacks.
The program contains about six hours worth of tutorials and is currently being tested out by students and staff at a local CEGEP. According to Cutler, the college’s staff will then have a six-month trial period to observe the impact of the training on its cybersecurity.
Different modules instruct users about numerous hacking techniques and tools, including keylogging, a hardware that records keystrokes on a keyboard without the user’s consent or knowledge.
According to director of public relations and university spokesperson Mary-Jo Barr, Concordia employees are provided workshops during orientation sessions to teach them about IT security measures. She said faculty and staff are also routinely updated on effective IT security measures via email.
Barr added that the university holds an IT security awareness campaign every October to teach people about “laptop safety, password safety and phishing.”
Cutler said one module in his course also explains ransomware, a software which renders data on a device inaccessible until a ransom is paid. In May, approximately 120 computers at Université de Montreal were compromised by the WannaCry ransomware, reported CBC News.
In an email to The Concordian, Barr also pointed out that Concordia—specifically its IT services—routinely distributes information through social media and the NOW newsletters for students.
In comparison, Fung described McGill’s training as “very comprehensive.” Staff, faculty and students at McGill have access to the university’s IT Knowledge Base, an online tutorial consisting of 16 modules.
McGill’s IT services website also features a series of online IT security awareness courses, including videos about email phishing, phishing websites and mobile security.
Concordia’s Instructional & Information Technology Services (IITS) provide information and guidelines about how to avoid email phishing and cybersecurity threats on their webpage. The guidelines offer strategies for anti-virus protection, password security and protecting devices from keylogging.