October 22, 2019

The folks in Information Technology have been talking a lot about herd immunity, but not in the way you think. Sure, flu season is nearly upon us, but it’s also National Cybersecurity Awareness Month, and just as widespread vaccinations prevent viruses from taking hold in a community, good personal cyber practices can keep entire computer networks healthy.

“We’re all together in the WPI community. If I get sick, I can get you sick. If my machine gets sick, your machine can get sick,” says WPI information security engineer Charlie Davidson.

The IT department has joined the National Cyber Security Alliance’s "Own IT. Secure IT. Protect IT" campaign, devoting the month of October to strengthening campus-wide commitment to online health.

If it seems odd reminding a tech-savvy campus to be, well, tech savvy, consider that schools like WPI are rich targets for cybercriminals. Last year, more than $3 billion in intellectual property was stolen from 300 American and foreign universities. Earlier this year, a data breach at Georgia Tech exposed the personal information of 1.3 million students, alumni, faculty, and staff.

WPI IT is constantly monitoring for new threats. Filters catch 100,000 spam emails each day, with roughly 100 of those containing malware. Another 1,000 or so are phishing attempts. Security software flags suspicious links in emails. To thwart spoofers using a wpi.edu address and posing as students, faculty, or staff, all emails that originate from outside WPI are marked as external.

But like bacteria that evolve to resist antibiotics, cybercriminals slip past filters and trick users by rapidly changing their tactics.

“Because they continue to evolve, we have to continue to educate,” says IT change management and training manager Veronica Brandstrader.

IT recommends the following ways to build your personal—and herd—immunity from cybercrime—not just this month, but every day:

Think before you click

Spoofing, or spear phishing, has become increasingly common and sophisticated. These “urgent” emails appear to be from someone you know and trust, and they demand you act quickly. If you get an email from a colleague directing you to log into an account, or a text from your boss urging you to wire money, check your instincts by contacting IT or showing the email to someone else. Verify the email with the sender by calling, emailing, or texting that person directly.

“Phishing emails try to put you into a fight-or-flight response. The best thing to do is to talk with someone first,” says chief information security officer John Schwartz.

Use strong passwords

These should have mixed case letters and numerals. Change your password frequently.

Keep your devices with you

If you’ve ever walked away from your laptop or phone while in the library, Campus Center, or elsewhere on campus, you might have returned to find an Unattended Device Warning. This friendly reminder from IT to always secure your devices includes the following factoids: a laptop is stolen every 53 seconds; 70 million smartphones are lost each year; 17 percent of security breaches in higher education occur via portable devices.

Always bring your device with you, leave it with someone you know, or use a cable to lock it up.

Keep your security software current

Regular updates are the best defense against viruses, malware, and other online threats.

Leave your computer equipment safely at home while traveling to high-risk countries

Borrow a laptop or tablet from the Academic Technology Center, which has a loaner program for those doing project work in regions with inadequate cyber security protections. The ATC is beefing up the program to make sure students and faculty have the equipment they need without risking their personal information and other sensitive data.

“Otherwise they may lose their equipment or information, become a victim of identity theft, or be dropped from the WPI network,” Davidson says.

Use WPI’s virtual private network when using public Wi-Fi

Public networks give hackers a route into your device where they can implant malware or steal your data. Remember to log into the WPI VPN for secure access to WPI network resources whenever you’re on a public network.

Report any concerns to Information Technology Services

If you suspect you’re being targeted by a cybercriminal, IT wants you to notify them.

“The threats and attacks are becoming much more sophisticated. If it affects you, it affects your classmates and the entire institution,” says Schwartz. “We need you, and you need us.”

IT representatives will be at the Campus Center with tips and giveaways Oct. 22–24, 11:30am to 1:30pm; and Oct. 29–30, 11am to 1pm. With the ever-morphing nature of cyberattacks, and 1,000 newcomers joining the WPI community each fall, staying educated and aware is critical to keeping up the herd’s immunity.

“The important things is to keep your virtual vaccinations up to date by staying aware of whatever new strains you need to protect yourself from,” says Kerrie Sacovitch, who handles IT communications and outreach. “That requires a certain amount of vigilance throughout the year.”