Critical for big companies as well as individual users

Gerald Beuchelt, chief security officer of Demandware, speaks at Cybersecurity Awareness Day at UMass Lowell.
Gerald Beuchelt, chief security officer of Demandware, speaks on Monday during his presentation at Cybersecurity Awareness Day at UMass Lowell.

11/02/2016
Lowell Sun
By Chris Lisinski

LOWELL -- One can become exposed to cyber attacks, UMass Lowell professor Xinwen Fu said, simply by using the internet.

Just last week, a massive distributed denial of service, or DDoS, knocked several of the world's most popular websites offline for several hours. The past few months have seen several high-profile email hacks, some of which allegedly came from foreign state-sponsored actors attempting to sway the upcoming election. And on top of all of that, individual internet users are always at risk of being lured into schemes or having personal and financial information stolen.

"People need to have awareness of cybersecurity," Fu said.

Fu, who co-directs UMass Lowell's Center of Internet Security and Forensics Education and Research, helped organize a "Cybersecurity Awareness Day" on Monday featuring expert speakers from both the public and private sector.

His goal beyond raising awareness was fostering cooperation between educational institutions like UMass Lowell -- which was honored by the National Security Agency and the Department of Homeland Security earlier this month for its research -- and companies and government agencies. Working together, he said, is necessary to address the ever-changing threats that lurk online and to help average consumers become more secure.

"Security stuff is hard to use," Fu said. "Most people cannot configure it.

We need a better design for people to really use it."

Speakers shared various insights and experiences before an audience of about 120, much of which focused on improving business cybersecurity and digital infrastructure. But experts said even individual internet users face risks every day.

Kevin Swindon, a supervisory special agent with the FBI's Boston division of the cyber program, outlined a number of strategies that criminals use online. Some will set up a fake WiFi network in a public place and lure unsuspecting victims into using it, then access users' personal information through the network. Others will install malware often referred to as "ransomware" that locks down a user's computer and demands money to restore it.

Cindy Cullen, chief cybersecurity strategist for Hewlett Packard, said ransomware attacks can hit anyone.

"They target large companies as well as your mom and pop," she said. "They like to go after people that are elderly because they generally don't have backups, they don't really understand technology and when they're told, 'send money so we can give your pictures back,' they'll do it."

Most such attacks go through email, Swindon said. A hacker will send an email purporting to be legitimate -- say, a shipping confirmation for something that was never actually ordered -- and when the user clicks the email attachment, software is installed, giving the hacker access.

Various experts said Monday that users should be careful when opening emails and never click on an attachment if the email seems suspicious or if it was sent by an unusual account.

Cyberattacks can often have huge implications on organizations as well. Swindon pointed to several examples, including the Associated Press's Twitter account being hacked in 2013 and used to tweet about a made-up bombing at the White House.

"I think the three tenets (to staying secure) are: to make sure you have antivirus software installed on your computer, to make sure you have good, different passwords -- utilizing the same password across multiple platforms is as dangerous and risky as having weak passwords -- and utilizing firewalls," Swindon said.

Fu also offered some tips for the average internet user: avoid downloading software without being sure it is clean, immediately change the "default" password on any new devices and verify any strange email requests in person.

"Whenever people ask for money from you, don't do it -- you must actually call them, or meeting face-to-face is the best choice," he said. "Whenever money is involved, you cannot just do a wire transfer."

There is some good news, though, at least for those interested in the field: speaker Gerald Beuchelt, chief security officer for Demandware, cited an industry report listing unemployment in the cybersecurity field to be 0 percent.