Article: Security Bytes

Hi and welcome to the first in what will be a regular commentary on computer security. The title is “Security Bytes” because let’s face it, how much fun is safety?

Discounting the nonexistent fun factor in computer security it is nonetheless very important. I don’t like stopping at red lights but I understand why I have to. The same is true about computer security. Over the next year and beyond DoIT is going to be focusing on computer security and it’s going to reach EVERYBODY on the campus network. So, let’s dig right in.

Q. What is the most important thing to know about computer security?

A. The most important thing is awareness. First, you need to be aware that computer security is YOUR job. People always seem to think that safety is someone else’s responsibility, that DoIT is safeguarding computers because we support them. While DoIT does strive to protect the network and Creighton property we can’t begin to do your job. YOU are responsible for the most important aspects of protecting Creighton’s assets. Who locks your desk at night? If anybody does it is you, not Public Safety. Same is true for your computer. DoIT can make it harder for strangers to come in on the wire, but if your password is on a sticky note on your monitor then anyone passing by your machine can get into your computer.

Q. Okay, somebody gets into my computer, so what? I don’t have anything anybody would want.

A. Well, I think you may not understand the ramifications of a break-in. If someone breaks into your computer they can use it for their own purposes. They can use it to store their files (they can delete yours if they need space) and they can use your computer to attack other computers around the world. I also suspect you may want to rethink your assessment of what is on your computer. You don’t keep any records? Social Security numbers? Grades? Credit Card numbers? Addresses? Budget spreadsheets? Account numbers? Business related e-mail? Nothing? The person with no sensitive or useable information is a very rare bird. Remember, awareness is the key. KNOW what is on your computer. Always be aware that someone who isn’t as sweet or decent as you may be looking for information that is in a file you have forgotten about.

Q. So, someone gets some Visa numbers that I keep in Excel. A few charges get run up, the card gets cancelled and the bank eats the majority of it. That’s not the end of the world.

A. Whose world are we talking about here? Imagine it’s my credit card. My credit rating is impacted (the credit reports don’t care that it wasn’t me) suddenly I can’t get that loan I wanted. My life is impacted. I lose my time shutting down my card, getting a new one, and fixing (if I can) my credit rating. I get angry and sue the University (out of fairness Creighton has advised me of the breech). It makes the news. Parents question the wisdom of sending their children to an institution where this could happen. Donors might be reluctant to give credit card numbers to a place with that history. The University must spend money to recover its reputation and repair the security breach. And since that security breech was you, wanna hazard a guess how your evaluation is going to look? So, while it wasn’t the end of the world, things can be pretty bad without approaching total oblivion.

As I said, the first step in computer security is awareness. Be aware of how important computer security is. Remember, if you are secure, U. is secure.

Plugged In highlights go here, news, initiatives, spotlight, designed to draw the user who is done finding or browsing, further into our content.