Issues of Cyber Security and Access to WLU’s Email System by Retirees

by Gerry Schaus

On Thursday, April 28, the WLU Retirees’ Association was pleased to host a special virtual presentation by Nela Petkovic, Chief Information Officer for WLU, Scott Elliott, Director of Information and Computer Technologies, Infrastructure and Information Security, and Yi Ruan, Internet Download Manager and Security Manager at WLU. This presentation was prompted by problems that several of our members were having in being able to access the archive of their WLU email account and indeed, access to the WLU email system as a whole, especially with recent changes introduced to improve cyber security.

The presentation focused on two main issues—cyber security in general at a time when hacking into computer systems and databases has become a worldwide plague and, secondly, the steps recently taken at WLU to provide additional security for users of the University email system and other computer-accessed services such as through Jatheon, LORIS and Eduroam.

The first point that Nela and Scott stressed was that the use of a password to access accounts, i.e., a single line of defense against hackers, is becoming a thing of the past and that additional lines of defense are now more and more necessary. At present, 81% of security breaches are due to weak or stolen passwords. We were told that with current computer capabilities, an eleven-character password using upper-and-lower-case letters as well as additional keyboard characters takes about 41 years for a computer to crack. With faster computers, this time will be reduced exponentially. But by “phishing” for passwords by spool emails and “spear phishing” with a more customized approach, computer accounts can be readily broken into. Nowadays, “ransomware” is the largest cyber threat. By freezing computer systems or locking users out of their own accounts and demanding certain things in order to regain access, hackers are gaining financially and informationally rewarding returns on their criminal efforts. Year-over-year between 2018 and 2020, ransomware attacks increased by 500%! One in every 3,000 emails is a phishing email. The number one target for ransomeware attacks is in the area of Education—at 63% of all attacks.

Hackers can sell your personal information once they get it and hackers can be hired to steal information from specific organizations. Not so long ago, five Canadian universities were targeted in these attacks by hackers.

To counter these cyber threats, better security measures have been taken, as we’re probably all aware. One of these measures is the rise of Multi-factor Authentication (MFA). This is where a more complex password is required, a series of personal security questions must be responded to and a text message or email with a verification code is sent to users, for example. WLU has introduced MFA as of last year. By May 1, 2022, to access WLU computer systems, 89% of accounts and users have been moved to this MFA method for cyber security. We were told that Jatheon security access now requires a VPN (virtual private network) MFA as of November 2019 and through Jatheon, we can now reach our email archive for the WLU email accounts many of us still have. This is important for many reasons, for example, research projects or for legal matters at times.

Nela, Scott, and Yi responded to various questions from among the 32 members of the Zoom audience for their presentation. One take-away was that over this past summer, a few more retirees (I was one of the early ones last spring) would be introduced to this MFA security system, and the rest who still use WLU computer systems should expect to see this increased cyber security in the near future.