The Hub An inside scoop on cybersecurity

An inside scoop on cybersecurity

October is recognized internationally as Cybersecurity Awareness Month, so we sat down virtually with one of AU’s cybersecurity experts, Cleopatra Mushonga, to talk about cybersecurity, what’s at stake, and what you can do to protect yourself.

Athabasca University Shield

Athabasca University News

I’m sure most folks understand what cybersecurity is, but what exactly does it mean from your perspective?

We exercise security practices in our day-to-day lives. When we leave the house/car we lock the doors. When travelling we make sure that our personal belongings are secured. When making a purchase in a store using our cards, we ensure that no one sees the PIN. Institutions invest in advanced locks and monitoring systems to secure their premises and physical assets.

Cybersecurity closely tracks the practices described above—except in these cases our homes and cars are replaced by digital assets, and all actions are executed in cyberspace. This means cybersecurity is the collective efforts that an institution, or an individual, makes to protect digital assets from cyber threats.

These efforts include the use of technical controls like firewalls, anti-malware and antivirus systems, management controls such as policies and procedures, and human controls such as equipping employees with the tools and knowledge necessary to help protect digital assets.

Cybersecurity is not limited to cyberspace; it also extends into physical security because a lapse in physical security may lead to a cyber breach. For example, a malicious individual could follow someone into a secured office space, gain access to restricted information, and steal a digital asset.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

How can people protect themselves?

First of all, people should understand cyber threats and risks that we face.

One of the major weaknesses that we have as humans is that we overestimate highly visual risks and risks that we are not in control of. We tend to underestimate cyber-risks because we often feel like we are in control. In other instances, we do not understand the actual impact if something goes wrong or how it could affect our lives and businesses.

Once we understand these threats and risks, we can begin to take immediate precautions to protect ourselves. An important way to protect ourselves is by learning and implementing good security practices. We should also practise newly learned information and adhere to business security policies and procedures.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

Are there any other good tips you might have for folks to avoid becoming victims of cyberattacks?

The AU Cybersecurity site has lots of resources and tips on how individuals can protect themselves and also protect AU from cyberattacks.

We don’t want folks to merely be aware of these tips, we want them to effectively put them into practice. What you do with the tips is more important than just knowing what to do.

In the very near future, the AU’s Digital Security Program, partnering with other IT and AU teams, will also introduce cybersecurity training courses that will be available through the AU Moodle learning management systems. This will help individuals understand how they can protect themselves and AU.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

What should someone do if they get a call from the “CRA” who is sending a sheriff over to arrest them right now unless they send payment (i.e., Bitcoins)?

Cyberattacks are orchestrated by human beings just like us, so they use the same human ingenuity that we have. They know that when humans are under pressure, they can act without having enough time to think.

They use fear, uncertainty, and doubt to pressure the potential victim and also invoke a sense of urgency. When encountering such situations, you need to remember to calm down, take a step back and think. Does the sheriff know where you are right now? Does CRA transact in Bitcoin?

Reputable organizations will not ask you for payment or sensitive information over the phone. When in doubt hang up the phone and call the official number listed for the organization—do not call back the number that just called you.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

What should someone do if they think they may have accidentally given some of their personal information? Specifically, what should an AU team member or student do if they think they’ve been scammed? When should I call AU’s IT HelpDesk?

Whenever you encounter, or suspect, that you have been involved in a security incident, it is important to report the incident. This helps to contain the incident from getting out of control.

Even if a user falls victim to a cyberattacker, the fact they have recognized and reported it is an important step in the security-incident response process. By reporting, they are facilitating the containment of the incident to other users, or the rest of the network.

If you are a team member, you should call the AU IT HelpDesk if you suspect that your AU device or account has been compromised, and be ready with screenshots and a detailed account of the events that led to the incident.

If you are a student, contact the Student Information Centre. If it is a personal device or account, report the incident to your service provider. If you believe that an incident is of a criminal nature, contact the local police.

You can learn more at the Canadian Centre for Cybersecurity.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

Is there anything else you’d like to add?

Yes. I would also like to dispel a few cybersecurity myths.

MYTH: Cybersecurity is a job solely for a security team or IT department job.
FACT: Cybersecurity is everyone’s responsibility, and we all need to take steps to create a safe environment.

MYTH: The cybersecurity team is out to get you!
FACT: The security team is not waiting for you to make a mistake, but instead wants to help you not to make the mistake. Or, if a mistake is made, the team wants to help you resolve that mistake.

MYTH: Once I create a good password and install antivirus software, I can forget about cybersecurity!
FACT:
Cybersecurity is not a “implement once and forget” practice. It is also not executed by simply installing new security technology.  Cybersecurity requires the implementation of multiple layers of security controls throughout an information technology system. For example, strong passwords alone or antivirus alone will not stop all cyber threats.

MYTH: Cybersecurity is an abstract phenomenon which matters only to certain type of businesses (e.g. financial) or size of business (e.g. large).
FACT: Any entity can become a victim of cyberattacks at any point.

MYTH: Cybersecurity can be 100-per-cent achieved.
FACT: No organization can have 100-per-cent cybersecurity as threats are evolving daily. The best we can do is to work collectively to prepare for and limit the impacts of cyberattacks.

Cleopatra Mushonga, AU cybersecurity expert

Athabasca University Shield

Athabasca University News

Are there any resources folks should know about?

Filed Under:
Published:
  • October 1, 2020