We hear about identity theft almost every day. It’s the new “flavour of the day” in crime. If you search the net, you can find people selling personal information almost anywhere.
We frequently hear of breaches at universities where thousands of student records are compromised. Did you ever wonder why criminals would be interested in trying to hack into university computer systems?
By their nature, student systems at universities contain large amounts of personal information. This includes information on active students, as well as applicants and alumni. If you consider how many new students register each year, you can begin to understand the amount of personal information we maintain.
These students trust us to keep their personal information private and secure. If you are dealing with student data, they trust you to do your part.
It is said that a chain is only as strong as its weakest link. We have hundreds of people working with student data; hundreds of links in the chain. Criminals are always trying to find the weakest link… don’t let it be you!
Consider computer viruses. In the past, they were written by kids. It was like graffiti; a way of showing off. This is no longer the case. These days, viruses are written by criminals, by professionals. They don’t simply spread around and shut machines down; they become dormant “backdoors” into your computer. If your computer is infected and not cleaned, it is essentially under the control of someone outside. Keystroke recorders, for example, record where you go on the web, and the passwords you use to access certain sites.
Torpig is just one example. There are many similar viruses and worms out there. It is important to have up-to-date antivirus software on your computer.
While the antivirus provides a level of security, there is another weakness: You. Criminals are always trying to trick you into running something or providing them with information.
We’ve all received forged emails from “banks”, telling you to update your account information. A similar technique is used by criminals wanting access to student data. In this case, however, they will not send a generic letter. They browse through a university’s website, looking at organizational charts, cataloguing who works in which department, etc… They then write a well-crafted letter and send it to a select crowd. It may ask them for some information, or, more likely, it will be a link to a web site containing malware (malicious software). Once this is installed on your computer, they wait a few days, and then collect the information from the keystroke recorder. They now have your passwords and access to your information.