On March 22nd, 2016, McGill’s Information and Technology (IT) Services sent out a broadcast email informing students of a breach due to keystroke loggers on several computers at Concordia University and wrote that McGill would be screening the computers on campus for similar hardware. Keystroke loggers are devices which are externally installed onto a computer with the goal of tracking and logging keystrokes. The threat of these devices lies in their ability to evade antivirus and malware protection – because they track keystrokes with an external piece of hardware, which can easily (and discretely) be installed on any desktop computer, no amount of internal software can prevent these kind of security breaches.
Information Security On Campus
Concerns about information security are steadily increasing as both the technology and software used to steal data continue to advance. There is a falsely-perceived sense of security around campus due to our trust in the university and our fellow peers. We all know the horror stories of a quick bathroom break gone wrong – you leave for a moment, and the next thing you know your final paper, and the laptop you were typing on, is missing. Sometimes it takes security breaches such as these to realize that our libraries are not exactly the most secure facilities, and despite the fact that the security personnel are doing their best to maintain a safe environment, we still need to hold ourselves accountable for our possessions.
So what happens when a breach is entirely out of our control? Fortunately, no keystroke loggers were found on McGill’s computers, but it left us feeling concerned about the safety of our peers’ as well as our own personal information. We contacted the McGill IT Services directly, but they chose not to comment on the incident. It is little known what steps we can actually take to protect our information when using public computers, but there are some proactive insights to be aware of that can protect us from things like fraud and identity theft. Just as we have been advised to take our laptops with us when we leave our study area, there are things we can do to prevent these larger breaches in personal data.
Tips to Protect Your Information
Avoid Credit Card Fraud
Never enter credit card numbers on public computers. Yes, this may mean waiting until you get back to your apartment before placing an Amazon order, or paying off your Minerva balance, but trust us, it’s not worth the risk. This goes for personal banking as well – this is the kind of information keystroke loggers are searching for. These types of criminals tend to look for the biggest payout and it can often come in the form of credit card fraud. To make matters worse, the untraceable nature of keystroke loggers means that you may not be able to undo the damage.
Be Wary of Your Identity
Many job and apartment applications require an identification number, which usually comes in the form of social insurance or a driver’s license. Entering this information on a public computer puts you at risk for identification fraud, which the Royal Canadian Mounted Police’s (RCMP) website defines as, “deceptive use of the identity information of another person in connection with various frauds”, leaving victims with “financial loss and a difficulty obtaining credit or restoring their good name”. Spyware, phishing, and viruses are the most common avenues criminals take to acquire your information, and the risk of this is augmented when using public networks or computers.
Only Use Trusted Links
Phishing emails and fraudulent websites are a common way to gain access to a user’s personal information. These scams are set up to appear as though they are legitimate in order to trick you into entering your personal information, such as passwords, your birthday, or bank code. In order to avoid this, we recommend familiarizing yourself with the difference between trusted and risky sources. Scotiabank’s website lists several tips for protecting your banking information and they also include a list of trusted websites where your banking information can safely be entered. If you are ever unsure about the authenticity of a website, especially on a public computer, it is better to be safe than sorry when it comes to your personal information.
As some unlucky Concordia students have proven, it’s pretty easy to trust the online security of public devices in your own university’s library, without realizing the potential dangers. It seems almost natural, and is readily advocated, to use McGill’s platforms freely and as often as one would need. Although these platforms do have a great deal of software in place to protect the McGill community’s personal information, the risk of external hardware still lurks right around the corner. You can find out more about how to spot these devices here, and if you ever see any suspicious hardware on campus we recommend you immediately contact IT Services.
Safe computer practices are just another preventative step we can take to protect ourselves from the worst-case scenario. By incorporating these various procedures into our routines and passing the information onto friends and colleagues, we are eliminating any potential breach in McGill’s security network. It is easy to fall into a false sense of personal security on campus, but there is something that can be learned from the unfortunate security breach at Concordia – these events should draw our attention to the dangerous reality that some individuals are all too willing to take advantage of public services for personal gain. Let this be a reminder that we need to, and can be, active participants in the guarantee of better personal and public safety.