Online hacks affect millions

Yahoo informed the world in late September that anonymous hackers gained access to over 500 million users’ accounts in 2014.

“In the world today, it is very difficult to cover all aspects of information security,” said assistant professor of Computer Science and Information Systems Jason Watson. “Even organizations that rely wholly on security will likely find themselves a victim of an information security breach. Unfortunately, it is the nature of the world we live in.”

If a student is a consumer of a company that hackers have targeted, they should change their passwords, Watson said.

“In most cases today, passwords are encrypted and when stolen, the attackers would need to spend a significant amount of time to decipher your password text,” he said. “This would give most people enough time to simply change the password and keep their information safe.”

UNA officials sent an email Oct. 3 informing students and staff that there are new password requirements “in an effort to improve security surrounding all UNA accounts.”

The Executive Council made the decision to implement new security strategies, said Chief Information Officer Stephen Putman.

“There is no method to change the initial password when you log in to portal, so some students keep the same basic one for their entire time at school,” he said. “With these new requirements, at the worst case, students use one password for an entire year.”

The new requirements are too extreme, said senior Mary Beth Wilcoxon.

“Remembering a 12 character password is too much,” she said. “I can barely remember a four character password. I also feel that if someone does hack into my student account, they won’t be getting much.”

Watson said there is not much students can do to prevent someone stealing their information.

“When you place information online, you are essentially putting a lot of trust in that party to secure or be good stewards of your information,” he said. “I think people should expect their information to be compromised at some time and should establish a plan of action when it occurs. The good news is that this is not likely going to be common.”

Wilcoxon said she takes different steps to protect her privacy.

“I always use private browsing and I make sure I have no major personal info online,” she said. “If I ever want to shop online, I use a prepaid gift card.”

While Yahoo informed the public about the breach in September, they knew about it in August. Watson said not every company waits to release this information.

“This happened in the Yahoo case, but it should not happen,” he said. “More and more organizations are becoming transparent when dealing with (information systems) security breaches.

“I can’t be for sure, but most organizations that fail to timely release information to the public are trying to bury it and hope no one discovers the truth. There is a strong incentive to do this because of the financial and image damage done because of security breaches.”

Wilcoxon said she uses Google, and they inform her of when someone attempts to log into her account.

“I always get a notification asking if I was the one who recently signed,” she said. “Afterward, I usually change all of my passwords for any account I have, and I change my recovery email.”

Watson said the only way students can protect their information online is to be vigilant.

“People should always be concerned when placing personal or sensitive information in the hands of others,” he said. “I believe people should still use online services freely, but to exercise some caution with where they trust their data to be stored.”