Simple precautions can prevent cyber heartache, expert says

JMU News

by Eric Gorton

 
ahmad-salman-lead-image

Harrisonburg, Virginia — The Washington Post reported on Oct. 13 that cyberattacks continue to be a concern for election security and Tech Crunch reported that social engineering attacks are on the rise, giving hackers access to data and services at well-known and well-resourced organizations such as Mailchimp and Uber. 

The common target of such attacks are people who have the ability to halt the criminal activity by following some basic safety practices, says James Madison University cybersecurity expert Ahmad Salman. 

"The biggest threat is imposed by the human factor where people may fall victim to phishing scams and e-mail spoofing to trick them into revealing sensitive information such as passwords to e-mail accounts, social media accounts and even bank accounts," said Salman, a professor of information technology who researches cryptography for secure communications in lightweight devices and also explores the security and privacy concerns in IoT devices and intelligent transportation systems. 

In observance of Cybersecurity Awareness Month, Salman answered a few questions on the topic. 

Q: What is cybersecurity? 

A: Cybersecurity is the protection afforded to computing systems and networks in order to preserve the confidentiality, integrity and availability (known as the CIA triangle) of their resources, including hardware, software, firmware, data/information and telecommunications. 

Q: There has been a lot of news about cybercriminals using ransomware to hold corporate and government websites hostage until they get paid large ransoms. Besides ransomware, what are some other cybersecurity threats? 

A: There are lots of threats that can be categorized as cybersecurity threats. Some of them are more dangerous than others because of the amount of damage they can cause to institutes, companies or individuals. Phishing is a type of social engineering attack where the attacker sends a fraudulent message designed to trick a human victim into revealing sensitive data to the attacker or to deploy malicious software on the victim’s device/network. Spoofing is the act of disguising a communication from an unknown source as being from a trusted source. This allows the attacker to gain access to the victim’s internal system causing damage to the system and financial loss. 

Q: What are some best-practices individuals can use to lessen the chances of being victimized by cybercriminals? 

A: There are multiple things people can do.

  • Always use a strong password that has a minimum of 12 characters and includes a combination of uppercase characters, lowercase characters, numbers and special characters. Another way is to choose four random words representing a place, a name, an object, and an animal (e.g. BostonJacksonTruckCow). This might make the password easy to remember, if needed, and still long enough to be secure.
  • Never use the same password for different login devices and sites. Password vaults such as LastPass and Dashlane can be used to generate strong passwords and securely saving encrypted versions of them, reducing the trouble of memorizing multiple passwords.
  • Always use/enable two-factor authentication on all accounts that require login. This is perhaps the most important defense mechanism that can prevent financial loss and other damages.
  • Always keep your devices up to date by installing the latest operating system updates and security batches released by their developers and device manufacturers as they become available.
  • Never click on web links or open attachments your received in e-mails or text messages from untrusted sources
  • Never share your password with anyone and do not share sensitive data with anyone unless you are absolutely sure of their identity, and whether or not they need to know that information. Cyber criminals always try to add a sense of urgency when attempting to lure a victim, to prevent them from applying rational thinking. It is important to take your time before reacting to suspicious messages such as those containing unusual money requests from colleagues or supervisors.

Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in October 2004 to raise awareness about the importance of cybersecurity across the U.S. The theme for 2022 is, ‘See Yourself in Cyber’, which demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. 

### 

Contact: Eric Gorton, gortonej@jmu.edu, 540-908-1760 

More information about James Madison University, including rankings and recognitions can be found at jmu.edu/about.

Back to Top

Published: Monday, October 17, 2022

Last Updated: Thursday, January 4, 2024

Related Articles