Cybersecurity: Avoid helping attackers

Lanita Collette

     By Lanita Collette, university information security officer

In 1986, a man by the name of Clifford Stoll working in a lab at Berkley tracked down a hacker by following digital clues the hacker left behind. This was later recognized as one of the first examples of digital forensics. You may have heard of Stoll’s detective work from the book chronicling his adventures called the The Cuckoo’s Egg.

What is the NAU connection? Dr. Stoll is an astronomer and in 1984 he worked with NAU’s own astronomer and academic computing evangelist, Dr. Tobias Kreidl, on the Hubbell Space Telescope at the Space Telescope Science Institute at Johns Hopkins University.

As illustrated by Stoll’s detective adventure, the best approach to cybersecurity is interdisciplinary — neither the problem nor the solution is purely technical in nature.

As a former archaeologist, I have a fondness for studying the impacts of human behavior. Here at NAU, the artifacts my team and I uncover are digital rather than physical objects unearthed from the ground or stored in a museum, but they are still traces that result from human behavior. The resulting blend of technical and anthropological clues is fascinating – this is the most difficult job I’ve ever had –- but also my favorite so far.

Because cybersecurity has critical human behavioral components, individual contributions can make a big difference. NAU is actively growing our information security program to help protect campus resources from data theft and inadvertent breaches, but all of our cool technical solutions are only half of the picture. The attacker needs YOU to be successful.

What would happen if we all stopped helping the attackers and became part of the solution? We have had great success at NAU with our anti-phishing campaign. The number of faculty and staff accounts compromised through phishing attacks has dramatically decreased with the “crowd-sourcing” of detecting and reporting phishing emails. A big thank-you to all who have reported NAU-targeted phishing emails. If you’d like to join in this effort, visit this website for information.

What else can you do to help? Don’t share, re-use, or disclose your NAU username and password, lock your computer before walking away from your desk, and use encryption on laptops and mobile devices. For more information on how to keep both NAU and your own valuable research or personal data safe, complete the NAU Information Security training. If you have specific questions or concerns, call the ITS Solution Center at 3-1511 and request assistance.