Crimson and Gold Connection; Amanda Williams

Welcome to Crimson and Gold Connection, keeping you connected with the people and current events at Pittsburgh State University. Thank you for joining me this week for the Crimson and Gold Connection on 89.9 KRPS. I'm Fred Fletcher-Fierro. October is National Cybersecurity Awareness Month. It was developed by the U.S. Department of Homeland Security and the National Cybersecurity Alliance to ensure that people have their resources needed to stay safe online. The phrase, our digital lives is relatively new and has been mentioned more and more over the past 20 years or so. And because October is National Cybersecurity Awareness Month, I thought it would be a good time to speak with Amanda Williams. She is an IT Security Officer in the Office of Information Technology Services here at Pittsburgh State University. I am Amanda. Thank you for joining me.

Hello. The phrase National Cybersecurity Awareness, why is a whole month of October dedicated to that phrase and why is it important? Our lives have become very digital and very online and so the organization thought it just, you know, let's dedicate a month to educating people on things that they can do to protect their information. I think their purpose was, if everybody does their part, then the internet will be safer for everyone. Okay. Yeah. I don't know about you, but the first thing that I do when I wake up at 3.30 in the morning to come in and host morning edition, you check your phone. Absolutely. You know, it used to be, well, I turned off my alarm first. It used to be maybe turn on the radio, go to the bathroom, but you check your phone first and you're instantly connected to the world. So there is a real need to protect yourself. But you know what? I think a lot of listeners, they don't feel that that is a real threat because they're just one person. They're not a big company. So what is the need for them to protect themselves? A lot of people may not think that their information is out there online, that it's out there. Doctors' offices have gone into digital records. If you're doing any sort of shopping on their internet or browsing on the internet, then information is being tracked.

Your cell phone and your social media apps, those things are tracking you. They're gathering information about you. So you may not think that you're actually putting information out there about yourself, but it's out there. You just need to be aware that things that you can do to protect yourself. So you're saying I need to protect myself, for instance, I'm connected to my home Wi-Fi network that's supposed to be secure. I use an Android that's supposed to be secure, right? All these securities, because that's what we hear on stories. We have all these securities in these backup systems of securities, but somehow, and like you said, some of it's our own. You know, Amazon's tracking, what we buy, if you're on eBay, if you check Twitter, all of that is tracked. Yes. You know, how do we protect ourselves, for instance? A lot of people use Amazon to buy things. What's one way that we can protect ourselves from having just regular password on the account? Is there a way, another level of security? Sure. Most of these accounts and apps, they have what they call two-factor authentication. So you will have a password, but then there'll also be something else you'll do. Something that's really common right now is they'll send a code to your cell phone.

And so then, once you put in your password, you'll get a text on your cell phone and then you'll have to put that code in. So it's just another layer of security of verifying that you are, who you say you are. I use this for many of my accounts myself, and also will let you know if somebody's trying to access your account in another part of the world, like you'll get that alert in San Francisco. Well, I'm not in San Francisco. I'm in Pittsburgh, Kansas. Why is somebody trying to log into my Amazon account? Right. So that definitely, and it's free. There's no cost to this, either. Correct. Say that I'm traveling, though. And I log in, or I'm staying at a hotel, and I log into their Wi-Fi network. Should I do that, or should I not just use my regular internet on my phone? You can. You can use Open Wi-Fi. The thing to be careful with Open Wi-Fi is transmitting secure information. If you're shopping or doing anything like that log in into your account, it's really easy for hackers to spoof a Wi-Fi hotspot. And so therefore, if you're not connecting to what you think you're connecting to, somebody could be intercepting all of your traffic.

One of the things that we tell people to do is get a VPN client, which is called a virtual private network. And so that is an encrypted tunnel that will make sure that you're going where you think you're going. And so your traffic can't be intercepted. Yeah, I've heard that happening at Starbucks. Yes. You know, you got a Starbucks, you got a coffee, a sedan, you connect to their Wi-Fi, which I believe is free running dials. And if you want to protect yourself, I mean, obviously you could still use the internet on your phone, but Wi-Fi is so much more convenient and oftentimes free. And sometimes faster depending on how good your network is. Yes. So it's a good idea to use a VPN. It is. It is. Is there any cost, for instance, to use a free VPN client, just like regular apps that you can get? So yeah. Okay. And obviously email all of us, check it all the time, check it as often as we get text or whatever. Some of us use it just like a text, fishing. You know, and this isn't the kind of fishing that you go out in a lake and do here in Kansas in the summer. It's kind of fishing. We're talking about somebody's trying to get personal information from you that isn't who you think it is.

Correct. We get these a lot here at PSU, and that's one of the things I try and educate our users here is to be wary of emails that you get that are asking for personal information. One of the easiest and quickest things to do is take your mouse and hover over who it's coming from. You may recognize the name, but once you hover over that name, it may be a different email address. Also take your mouse and hover over any links that it's asking you to click on and provide information. So the best thing to do when you get an email, hover your mouse over the link to verify the address that it's going to. Because here at PSU, you want to make sure that it's a PSU website that it's taking you to. Because a lot of times they will say it's just a click here link. So once you hover your mouse over, you can tell it's taking to some other random website that's going to gather your username and your password. So once that happens and they have those credentials, they will start sending spam from your account. So that's just a continual loop of vicious emails that are being circulated. So once you go down that dark hole of being fished, it's hard to control it, get back control

of the account. So here on campus, what we do, we'll go in and lock that person's account. So that stops the fishing from continuing being sent from PSU and so then they have to go in and change their passwords. And so we really try and educate people. This applies to every day life when you get on your personal email account. I tell people that your banks and the companies that you do business with, your internet provider, your credit cards, they're never going to send you an email to ask you to verify your information. If you get an email and you're kind of leery, always go directly to that site. Don't ever click on the link within the email, but log on directly to your bank or to your credit card and go there instead of clicking on the link and providing that information. Now, as somebody who just uses the internet every day, it's kind of a pedestrian. You're not involved behind the scenes like you are. Here are a couple of good precautions or safety guidelines that somebody can use. A couple of things that people can do to protect themselves just as an everyday user is just making sure that their systems are up to date, making sure that your operating system is current, making sure that your software applications are current and making sure that you've

got an antivirus. And all of these systems and applications, you have updates, then you need to make sure that you're doing those in a timely fashion. Because those updates are patching holes and vulnerabilities in their systems that make you susceptible to viruses and malware and those sorts of things. I've been speaking with Amanda Williams. She is an IT security officer in the Office of Information Technology Services at Pittsburgh State University. To hear this and all of our episodes of the Crimson and Gold Connection, visit our website at krps.org. I'm Fred Fletcher-Fierro. Join us for Crimson and Gold Connection Wednesdays at 8.50 and Fridays at 350.