IT Risk and Compliance Manager Erica Ferreira details how staff and students can protect themselves from cyberattacks.

Erica Ferreira has served as the IT Risk and Compliance Manager in UP’s Department of IT Services for 12 years. Ferreira, who was born in Piet Retief and who graduated from UP with a Master of Science degree, coordinates the security, risk and legal compliance requirements for IT Services. This includes increasing the level of awareness of cybersecurity-related issues by coordinating initiatives such as the CyberUP awareness campaign.

Tukkievaria spoke to Ferreira about the objective of the campaign, and what precautionary measures staff and students should take to avoid compromising their devices and ultimately the UP network.

TV: When the cybersecurity awareness campaign comes to an end, what will you hope to have achieved?

EF: The campaign is set to continue indefinitely. The objective is to reach UP staff, students, their families and the general public. Cyberspace has become an integral part of our daily lives, and our digital wellbeing can be affected by cyberattacks and our own wrong decisions. The campaign focuses on all aspects of our digital lives, including our work, study, home and social activities. The campaign will not only focus on what can go wrong, but will promote responsible and respectful behaviour to ensure a positive digital experience. My vision is for a UP community that takes responsibility for its cyber activities through behaviour that ensures their digital wellness and that of the University.

TV: What should staff and students be aware of to avoid becoming easy targets for cybercriminals?

EF: We should not blindly trust everything we read and see on the internet, email and our social accounts. We should always ask ourselves if something makes sense: for example, would my boss ask me to pay a huge personal account on his behalf, or would UP delete my email account if I don’t immediately click on a link to verify my login credentials?

We should not necessarily trust that someone is who they profess to be. An email might not come from who it appears to be; a link might not go to the site we expect it to go to.  

Also, avoid visiting ad-heavy websites, as malware is often spread through poisoned advertisements. Gambling, adult content and illegal software sites are high risk and should also be avoided, as they are sources of possible malware infection, which can occur just by visiting a site without clicking on anything.

TV: How do cybercriminals typically attempt to compromise personal information?

EF: Most often, an action by the targeted person is required for an attack to be successful. The criminals need you to reply to an email, click a link, visit a website, provide information, download an app, etc. They will prompt you to do so by raising your curiosity, making you feel important or causing you to panic, requiring you to make a quick decision – anything that will prevent you from thinking rationally.

TV: What is phishing, and what steps can staff and students take to avoid becoming victims of phishing attacks?

EF: Phishing is when someone posing as a legitimate institution lures you to reveal personal information such as a password or credit card details. This can happen through email, telephone or text message.

Be wary when you get a request that has a sense of urgency and that does not offer sufficient information. Check sending email addresses or web addresses in detail – note that the lower case “L” in most fonts looks the same as the upper case “I” [so the URL looks legitimate but isn’t]. Do not be fooled by a website that looks exactly like the real one – these templates can be bought on the cyber market. If you really need to look at your bank account, for example, do not use the link provided in the email or text message. Rather open the website from your browser.

TV: Working from home has required many to use the webcam on their device. What should we be cautious of when using it?

EF: In theory, a webcam could be used to spy on you. Covering the webcam can do no harm, but unless you are a celebrity, I would not worry too much about this  – especially if your device is updated regularly and you have an antivirus and firewall in place. However, access to a webcam can be obtained via phishing. So ensure that all members of your household, including children, are educated and aware of cyber risks.

TV: What sort of risks do cellphones and tablets carry?

EF: People tend to be more relaxed with security on their cellphones and tablets, which is why cybercriminals are increasingly targeting these devices. The most common method that hackers use to spread malware is through apps and downloads. Apps should be downloaded only from official app stores, and permissions should be allowed only if necessary for the actual function of the app.

Theft of mobile devices is a big risk. So the mobile device should be protected by a PIN or password, and sensitive data should be encrypted.