The internet wasn’t built to be used as it is today. It was built for academics to share information with each other. Nobody expected it to be one of the main channels for commerce, communication, espionage, and sabotage. That means that in many ways the security networks that have sprung up to protect our interests are playing catch up. They’re constantly trying to plug holes and protect networks that were supposed to be wide open and not need protection.
But that, as The Economist has pointed out, isn’t the only problem. There is another one and that is that for most companies there isn’t really that much incentive to actually build a Fort Knox of the internet. The reason for this is that many internet companies have managed to get themselves into a situation where they’re not held liable for the damages that are caused when there is some sort of breach or problem.
That means that they have little incentive to go all out on protection.
And that’s not even the worst part. By far the biggest problems and weakest link in all things internet are the users themselves. And some of the least careful people you’re going to find in this world are university students. Now, to be clear, I’m not saying all university students aren’t careful. There are plenty who are.
The thing is, you don’t need most of them to be as that still leaves holes the size of a bus for anybody who wants access. You need all the people to take steps to protect the integrity of the internet. And that’s just not going to happen with university students. There will always be somebody who cares more about going out tonight than changing their password tomorrow, or who is more interested in the latest new software than checking if it’s authentic. They can’t help it. Their brains are changing and that makes them impulsive.
And so they will click on things they shouldn’t, use insecure passwords and forget other security issues. And those are probably the most controllable. Then there are going to be another group who will actively try to subvert the network in order to get what they want. At my undergrad program, there was a student who had hijacked a whole bunch of computers so that he could use their space and processing power to run his own projects.
The worst part? He was the system admin!
Of course, it’s not hopeless. There are opportunities to actually educate university students. It doesn’t take that much work to impress on them the need to be more secure. Mainly it’s down to making them aware of what risks they’re running by not being secure (with the focus being on how they will get harmed).
Generally having somebody who can explain in vivid detail what the dangers are and give examples of things that have happened before to people who were not secure will already impress on many students the need to change. It is probably best to use somebody who they actually respect (that does exclude most system admins, unfortunately). As long as there is then an immediate opportunity to be more secure so that they can immediately take steps, security can be improved dramatically.
Of course, these types of workshops do need to be mandatory. Otherwise, the people that will show up are the exact people who are most likely already secure while the worst offenders are going to find other things to do, like browse TrustMyPaper and you can find them here.
And some parts should simply not be accessible
As for those looking to crack the system, it’s important for any university to realize that there are always going to be better at getting into systems then your system admins are going to be at keeping them out. That’s down to the fact that there simply are so many more students going in and out of your system than admins. And though the vast majority won’t know a USB plug from an HDMI socket, some will understand the inner workings of the computer world better than your system admins do. That’s how probability and large numbers work.
That’s a given.
For that reason, some systems that are vital to the university should simply not be accessible from any computer. Yes, this can inconvenience staff and sometimes be a real annoyance. But it’s a better choice than leaving your important documentation out there for anybody with a misspent youth to find.
And, of course, make sure every system is backed up regularly. For even if you think you’re secure, some student will probably find some way you’re not.