Tufts' recent ranking as the most dangerous school in the country might have students clutching their handbags close to their bodies, but one hazard remains overlooked: Internet crime. October marks the seventh annual National Cybersecurity Awareness Month, and Tufts' network may be less secure than one would expect.
The contemporary world has become increasingly reliant on technology to store large amounts of personal information and to keep that information safe. But the process of securing data is a difficult task — especially at an institution like Tufts, whose network stores an immense amount of information and needs to make that data available to a large number of users.
The broad range of digital resources to which Tufts offers its students and professors access is only made possible with very limited censorship and a relatively open network, according to Dawn Irish, the director of communication and organizational effectiveness for University Information Technology (UIT). Most universities use similar open networks, Irish said, but they do necessarily mean less security and privacy for users.
An open network "does make us more vulnerable, but we need to remain open in order to get our work done," she said.
Much of the network's security lies, quite literally, in student hands, Irish said. In order for students to protect their information, UIT officials stressed the importance of clicking responsibly, choosing strong passwords and using anti−virus software, especially when using social networking sites.
"We forget how much people can find out about us," Chuck Young, UIT's director of information security, said. "Think before you post."
Passwords, more than anything else, grant direct access to the information they protect, which is why Tufts lays out stringent requirements for network passwords.
"A strong password slows [hackers] down because it takes a very long time to guess a very complicated, long password," Young said.
Last October, an unusually strong hacking attack compromised over 100 computers on Tufts' Medford/Somerville campus. Hackers cracked a number of passwords that allowed them onto the network, subsequently taking over storage space, Irish said at the time. She said then that no lasting damage occurred.
Young recommended students use phrases instead of just simple words and that they incorporate characters like @ in place of "a" and // in place of "n" in effort to complicate the password and lengthen the amount of time it would take for a hacker to break the password. He also advised against using common expressions or dictionary words, which are easy to guess, or using the same password for multiple sites.
"I highly recommend that you don't use Tufts passwords for outside sites like Facebook or Twitter because they are probably bigger targets than we are," Irish said. "If you use the same password, you are much more likely to have your password compromised."
In addition, Tufts requires network users to change their password regularly.
"If it takes six months to figure out what your password is and you change it every three months, well, that's the reasoning behind changing your password," Young said.
Chris Smith, a junior minoring in computer science, conducted an experiment last summer to test that theory.
"After spending three days on Google, I found out enough information to hack into both my computer and my parents' computer," Smith said. "The second you understand the process behind it, the more you know how to protect yourself."
Controls like passwords are generally only the first line of defense.
"Security controls are designed to slow people down," Young said. "If somebody wants to get into your computer, they're probably going to be successful. There's not much you can do."
For this reason, he stresses the utilization of data backups to store documents in case a computer part fails or is attacked and information is lost.
Freshman Justin Kim is no stranger to this tactic.
"I've had instances where I was working on a paper, and I had to start all over again because I didn't have a backup, and the computer crashed on me," Kim said. "It's always good to make a backup of your data because you never know when your computer is going to crash."
Backup methods include online services such as Google Docs and Microsoft Online Storage, automatic service providers and equipment such as external hard drives, data disks and flash drives. In addition, Tufts provides one gigabyte of storage for every student on what is called the "personal drive," or "p: drive," Irish said.
"P: drives are backed up several times a day, so it's a great place to store the things that you absolutely don't want to lose," Irish later said in an e−mail.
In honor of National Cybersecurity Awareness Month, Tufts UIT will hold a Technology Fair at the Mayer Campus Center on Wednesday from 11 a.m. to 2 p.m.
"There will be a host of information there for students, ranging from the latest digital collaboration resources to where to go on campus for free computer repairs and maintenance, to how to keep your data safe," Irish said.
Smith and Kim both feel that the Tufts network is safe enough for their purposes. Kim said, though, that hearing about instances of cyber attacks in the past is unsettling.
"I feel pretty safe as of now. I personally haven't had any major problems, but I've heard stories about people I know who have had their e−banking accounts hacked," he said. "That scares me a little bit."
