Computer science students at Simmons are tracking current events and research in cybersecurity through the student research group, CyberBits. The group provides undergraduate students with cybersecurity research opportunities, industry experiences, and specific exposure to different agencies actively involved in global cybersecurity concerns, such as the National Security Agency (NSA).
Assistant Professor Lauren Provost is an active member of the NSA-sponsored Science of Security group, an initiative to promote a foundational cybersecurity science needed to underpin advances in cyberdefense.
“The CyberBits research group strives to contribute to creative scholarship by addressing issues currently in cybersecurity, many of which have been in the news recently,” says Provost, “including tracking studies related to recent telehealth security challenges.”
Hackers are continuously hunting for vulnerabilities, and the year 2020 has opened many new doors for exploitation. As physical access to medical care has been limited due to the pandemic, the number of telehealth primary care visits has increased exponentially. The CyberBits group is also tracking interference with online learning, mobile device security risks, and security issues around the presidential election.
“Working on this research has been exciting in so many ways,” says Rebecca Labitt ‘21, a computer science student and a CyberBits member. “It has shown me how many disciplines go into cybersecurity.”
With the dramatic increase of online learning, faculty and students are at increased risk for ransomware, phishing, and hijacking of virtual classrooms. Students in Concord, New Hampshire experienced this first hand with a “Zoom-bombing” incident exposing students to inappropriate images. To avoid interruptions to online classes and meetings, Simmons Vice President, Chief Information Officer David Bruce, who oversees the university's Information Security Program, has implemented a number of additional protections. In August, the Simmons Technology team implemented additional security features in Zoom, including waiting rooms for unauthenticated users and a meeting passcode requirement.
“The cyber-safety of our community and protection of the online educational moment is of great concern in light of Zoom bombing,” says Bruce. “Additionally, working with Zoom, we have extended our compliance with HIPAA regulations to allow telehealth appointments to be conducted with our Health and Counseling Centers.”
Often, hackers seek to exploit our anxieties to manipulate behavior. Labitt had her own experience with this during her virtual internship. “I received what was, in retrospect, an obvious phishing email,” she recalls. The email was an alert: she was late for a meeting with her boss, who was waiting for her in Zoom, and here was the link to join. “I panicked and clicked on the link. I failed the phishing test sent out by the company I was interning for, right in the middle of my research about cybersecurity!” The experience made her realize how effectively hackers can exploit human error. “Most emails shouldn't make you panic and rush,” she notes, “if that is the intent of the email, remember to take a breath before moving forward.”
This semester, Cyberbits is also researching recent security issues involving mobile devices discovered by researchers at Purdue University and security concerns around the presidential election. As of mid-October, there has been evidence of Iran and Russia accessing and obtaining voter registration data for the United States.
With increased security concerns, there are increased measures taken and excellent strategies we can all use to expand cybersecurity awareness. “There are many ways you can keep yourself safe online,” says Provost, who suggests the FBI’s Cybersecurity Awareness page for safety guidelines.