Colin Couchman wants you to take inventory of your digital life.
The new Director of Cyber Security and Business Services at Western hopes you will always protect your passwords; remember that your identity, activity, work and intellectual property are all vulnerable when connecting to an unsecured wireless network; and that you will secure your wireless network and back up your data.
And Couchman really, really hopes you won’t fall for those pesky e-mail phishing attempts.
Failing to take precautions, he noted, results in significant risk not only to you, the university community and the university itself.
“Cybersecurity at Western is a priority. Whether we are dealing with issues related to student, staff or faulty safety, theft of intellectual property, protection of areas related to privacy, there are multiple ways we each currently face significant risk,” said Couchman, whose position is new to the university.
Couchman recently stepped into the role, having previously worked in the Faculty of Education where he was the Director of Information Services and Information Systems, as well as the faculty’s IMPACT Group.
In his new role, he is responsible for providing strategic leadership related to information systems and cybersecurity for the university, institutional business intelligence and data analytics initiatives, and financial and resource administration of Western Technology Services.
“Western is committed to working towards providing a secure campus – which extends to the cyber realm. However, in this day and age, each of us must be diligent in how we engage with digital media,” Couchman continued.
“Western is proud to foster an open learning environment, providing unfettered access to the world through our digital connectivity. But each of us has a role to play to ensure we remain safe. This goes back to ownership of how you protect your own data and the types of things you might post or share online.”
For instance, that email phishing attempt asking for your money – or offering you money – is more dangerous than you might think, he added. Universities “keep getting pummelled by them” because they offer a target-rich environment. The Western community grows by roughly 5,000 new members every year and that makes it a more attractive target for scammers, Couchman said.
If only 0.1 per cent of the campus community clicks on a link in a phishing e-mail and provides personal information, that makes money and puts the university community, its data and information at significant risk.
The risk depends on the kind of account you have, Couchman explained. Whether you are a student, faculty or staff, there are financial access points and responsibilities associated with your account.
“If you compromise your account and you are a staff member that has certain power within the Human Resources system, or in Finance, you are providing a mechanism for those actors to gain control of systems that are not just you and your e-mail and your bank account,” Couchman said.
“Depending on how much privilege you have in the system, you are granting those actors the ability to manipulate other accounts, procurements, payments, and so on. You, as a bad guy, can get control of an HR administrator’s credentials or even an individual’s account and you go onto the HR profile and you can change banking info to one of your choosing.”
There are controls in place to counter-act negative consequences, but people still click on links in phishing attempts. The often-poor syntax and grammar in those e-mails is deliberate, he explained, as malevolent actors are looking for individuals who are willing to overlook clues in a suspicious e-mail because those individuals are more likely to follow through to the next step of the scam.
Phishing attempts are getting more sophisticated, Couchman said, and it is important to know how to recognize them. If they appear to come from a Western address, hover over (but don’t click on) the address to see where reply e-mails go.
“These scams have a real-world impact. But in a deeper sense, at the university, you can compromise confidential information, the ability to generate lists of people, students, research participants and data, university planning data, intellectual property – all of that can be taken from the organization,” Couchman said.
“Now, we move into the realm of exploitation not just for financial gain, but now you’re talking about forms of corporate espionage, or research espionage where people can unwittingly give keys to these bad actors and get access to information they should not have.”
October is Cyber Security Awareness Month and there are a number of resources that members of the university community can access to help them navigate the digital realm, he added. These resources are available at cybersmart.uwo.ca.