JMU expert offers advice on cybersecurity

Harrisonburg, Virginia — Computer networks are only as secure as their weakest link and often the weakest link is the people using those networks. 

"The biggest threat is imposed by the human factor where people may fall victim to phishing scams and e-mail spoofing to trick them into revealing sensitive information such as passwords to e-mail accounts, social media accounts and even bank accounts," said Ahmad Salman, a professor of integrated science and technology who researches cryptography for secure communications in lightweight devices and also explores the security and privacy concerns in IoT devices and intelligent transportation systems. 

In observance of Cybersecurity Awareness Month, Salman answered a few questions for us on the topic. 

Q: What is cybersecurity? 

A: Cybersecurity is the protection afforded to computing systems and networks in order to preserve the confidentiality, integrity, and availability (known as the CIA triangle) of their resources, including hardware, software, firmware, data/information and telecommunications. 

Q: There has been a lot of news about cybercriminals using ransomware to hold corporate and government websites hostage until they get paid large ransoms. Besides ransomware, what are some other cybersecurity threats? 

A: There are lots of threats that can be categorized as cybersecurity threats. Some of them are more dangerous than others because of the amount of damage they can cause to institutes, companies or individuals. Phishing is a type of social engineering attack where the attacker sends a fraudulent message designed to trick a human victim into revealing sensitive data to the attacker or to deploy malicious software on the victim’s device/network. Spoofing is the act of disguising a communication from an unknown source as being from a trusted source. This allows the attacker to gain access to the victim’s internal system causing damage to the system and financial loss. 

Q: What are some best-practices individuals can use to lessen the chances of being victimized by cybercriminals? 

A: There are multiple things people can do.

• Always use a strong password that has a minimum of 10 characters and includes a combination of uppercase characters, lowercase characters, numbers and special characters.
• Never use the same password for different login devices and sites. Password vaults such as LastPass and Dashlane can be used to generate strong passwords and securely saving encrypted versions of them, reducing the trouble of memorizing multiple passwords.
• Always use/enable two-factor authentication on all accounts that require login. This is perhaps the most important defense mechanism that can prevent financial loss and other damages.
• Always keep your devices up to date by installing the latest operating system updates and security batches released by their developers and device manufacturers as they become available.
• Never share your password with anyone and do not share sensitive data with anyone unless you are absolutely sure of their identity, and whether or not they need to know that information. Cyber criminals always try to add a sense of urgency when attempting to lure a victim, to prevent them from applying rational thinking. It is important to take your time before reacting to suspicious messages such as those containing unusual money requests from colleagues or supervisors.

Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in October 2004 to raise awareness about the importance of cybersecurity across the U.S. The theme for 2021 is, ‘Do Your Part. #BeCyberSmart’, helping to empower individuals and organizations to own their role in protecting their part of cyberspace. 

###

Contact: Eric Gorton, gortonej@jmu.edu, 540-908-1760 

More information about James Madison University, including rankings and recognitions can be found at jmu.edu/about.