The recent surge in remote instruction and working from home has brought new threats to computers. In fact, a chaotic event like the COVID-19 pandemic can create a perfect storm for bad actors to attack vulnerable devices.
To understand more about the threats viruses pose to our computers and learn how we can protect ourselves and our devices, Pittwire turned to three experts in the University community: Joel Garmon, chief information security officer; Trent Wissner, security operations team leader with Pitt Information Technology; and Prashant Krishnamurthy, professor and chair of the Department of Informatics and Networked Systems in the School of Computing and Information.
What is a virus, anyway?
Garmon: So, we talk in terms of malicious software, which is any unwanted software on a computer that will do actions that the user is not aware of or may not want. For example, it can compromise a computer, download your personal information or log onto your bank account. A virus is a subcategory of malicious software looking for vulnerabilities in a computer system.
Do we need to be worried about viruses on our smartphones and tablets, too?
Krishamurthy: Typically, the iPhone in particular is less susceptible to these kinds of things. Unless they're jailbroken, you can only install something that is coming out of the App Store. Apple has a process for vetting software applications that are in the App Store. With Android, you should only download apps from the Google Play store.
Garmon: One point, though, is that the Apple Store and Google take down about 100 applications a month they have found to be malicious. So just because it means it’s in the store, doesn’t mean it’s safe.
Krishnamurthy: I agree—and they also take down apps because they many not follow certain policies.
Is it a myth that Apple devices are not susceptible to viruses?
Wissner: I know in the past that has been a common statement, but as time has come along, that has definitely turned into a myth. We see a lot of virus alerts related to Apple devices coming across our enterprise.
How has the pandemic—with more of us working and learning from home—created new threats to our computers?
Krishnamurthy: Whenever there is some kind of a chaotic situation, there are always bad actors who try to exploit those things. Understanding that most people are now working online at home, some bad actors are trying to disrupt the way organizations are operating. There are also phishing and other attacks which make use of chaotic situation. These are not new, but they’re exploiting the situation.
Garmon: Piggybacking off of the phishing example, there are the COVID dollars that are out there as subsidies and payments for students. There’s a lot of phishing out there saying “Click here to get your dollars for your student reimbursements,” things like that. We’ve seen an uptick in that.
Krishnamurthy: The other thing that’s happening is, when people are working from home, including students, staff and faculty members, we’re working with other people in close quarters. They may be distractions from kids, pets or roommates—and people otherwise getting stressed and overextended. That makes it easier to make mistakes and click on something we’re not supposed to.
Let’s say I’m a student. What do I need to be on the lookout for while trying to keep my device safe?
Garmon: Be aware of the privacy concerns of what you’re doing. Your phone has a location on it and can tell everywhere you’re going. Pay attention to these things.
See something phishy?
If something looks questionable to you, email firstname.lastname@example.org and Pitt IT will evaluate it and respond to you. You can always call the Help Desk at 412-624-HELP, submit a request or email email@example.com.
Krishnamurthy: Don’t click on anything until you have counted up to 10. This was not my idea but my colleague Leona Mitchell, who is director of the Professional Institute at SCI, and she actually just wrote a blog post about it.
Garmon: Yes, and also, when you are installing things on your phone or even a computer, always check permissions. For example, why would a game need to know your location or even have access to your contact list? If it does, it’s probably a poorly designed application or it is going to be hacked.
Wissner: If you get an email from someone you don’t know, it’s not going to be something you want to respond to or download. Especially if there’s an attachment or a link that they want you to click on, just don’t do that.
Pitt has adopted Microsoft Defender ATP as its new antivirus client, replacing Symantec Endpoint Protection. What do I need to do?
Garmon: We want to make sure all students—including faculty and staff—activate Windows Defender, which is built-in antivirus as part of Windows 10, on their personal PCs. We offer Windows 10 for free to all students through Pitt IT, so we encourage them to upgrade their operating system and activate Windows Defender. If your device is Pitt-owned, you need to remove Symantec; if you’re on a Windows 10 device, Defender will automatically start.
Wissner: And if you’re faculty or staff, and you work in a department that has a dedicated IT support staff, they will take care of this for you. If your unit does not have dedicated support, Pitt IT has instructions for you to follow.