Web money

Simple Precautions Can Prevent Cyber ​​Heartbreak, Says Expert

Harrisonburg, Virginia — The Washington Post reported on October 13 that cyberattacks continue to be a concern for election security and Tech Crunch reported that social engineering attacks are on the rise, giving hackers access to data and services from well-known and well-resourced organizations such as Mailchimp and Uber.

The common target of these attacks are people who have the ability to stop criminal activity by following certain basic security practices, says James Madison University cybersecurity expert Ahmad Salman.

“The greatest threat is imposed by the human factor where people can fall victim to phishing scams and email spoofing to trick them into revealing sensitive information such as email account passwords, social media accounts and even bank accounts,” Salman said. , an information technology professor who studies cryptography for secure communications in lightweight devices and also explores security and privacy issues in IoT devices and intelligent transportation systems.

In respect of Cyber ​​Security Awareness MonthSalman answered a few questions on the subject.

Q: What is cybersecurity?

A: Cybersecurity is the protection given to computer systems and networks to maintain the confidentiality, integrity, and availability (known as the CIA triangle) of their resources, including hardware, software, firmware, data/ information and telecommunications.

Q: There has been a lot of news about cybercriminals using ransomware to hold corporate and government websites hostage until they receive large ransoms. Besides ransomware, what are the other cybersecurity threats?

A: Many threats can be categorized as cybersecurity threats. Some of them are more dangerous than others due to the extent of damage they can cause to institutes, companies or individuals. Phishing is a type of social engineering attack in which the attacker sends a fraudulent message designed to trick a human victim into revealing sensitive data to the attacker or deploying malicious software to the device/network of the victim. Spoofing involves disguising a communication from an unknown source as coming from a trusted source. This allows the attacker to access the victim’s internal system, causing system damage and financial loss.

Q: What are some best practices that individuals can use to reduce the risk of falling victim to cybercriminals?

A: There are several things people can do.

  • Always use a strong password that is at least 12 characters long and includes a combination of uppercase, lowercase, numbers, and special characters. Another way is to choose four random words representing a place, a name, an object and an animal (eg BostonJacksonTruckCow). This can make the password easy to remember, if needed, and long enough to be secure.
  • Never use the same password for different login devices and sites. Password vaults such as LastPass and Dashlane can be used to generate strong passwords and securely store encrypted versions of them, reducing the hassle of remembering multiple passwords.
  • Always use/enable two-factor authentication on all accounts that require login. It is perhaps the most important defense mechanism that can prevent financial loss and other damage.
  • Always keep your devices up to date by installing the latest operating system updates and security bundles released by their developers and device manufacturers as they become available.
  • Never click on web links or open attachments you have received in emails or text messages from untrusted sources
  • Never share your password with anyone and do not share sensitive data with anyone unless you are absolutely sure of their identity and know whether or not they need to know this information. Cybercriminals always try to add a sense of urgency when trying to lure a victim, to prevent them from applying rational thinking. It is important to take your time before reacting to suspicious messages such as those containing unusual requests for money from colleagues or supervisors.

Cyber ​​Security Awareness Month was launched by the National Cyber ​​Security Alliance and the United States Department of Homeland Security in October 2004 to raise awareness of the importance of cyber security in the United States. may seem like a complex topic, in the end it’s really about people.


Contact: Eric Gorton, gortonej@jmu.edu, 540-908-1760

More information about James Madison University, including rankings and recognitions, can be found at jmu.edu/about.