Want to raise awareness about computer security

Published: 20 November 2017

Do not use your children's names as passwords, update operating systems, and prepare for threats or attacks. Some tips shared by lecturers during the lecture The threats to our digital systems, which are part of the lecture series University presents in Skellefteå.

The interest in hacker attacks was significant both for private individuals and business representatives who were in place to take part in the final lecture for the year. Researcher Christer Åhlund, Professor of Distributing Computer Systems at Luleå University of Technology, conveyed during the lecture how important it is to raise awareness that computer systems we use need to be secured.

– You must start with the lowest hanging fruit and it is for us to become more aware of the security within our systems and how we use them.

Backdoors into the systems

He believes that most attacks have been implemented because the operating systems are too badly updated and that there are known backdoors to enter the systems. Using the features, algorithms, properly, they are quite safe.
– The problem is that we take our children's name, the dog's name or the place where we live as a password. Also keep in mind not having the same password for all logins. Breaking a login will make to all your other systems available, says Christer Åhlund.

As a password, he recommends taking a phrase, such as Hello how are you today, use the first letter of each word and have it as a basic password. Use that as the root of the password and then find a system how the password can be changed, for example, by adding three letters at the beginning or end that identifies that particular system.

Simple advice makes a big difference

The second tip is to look for the padlock when visiting different web pages. If someone has built up an exact page like Handelsbanken's website, you can see the difference on the padlock, which is https. If it only says http, it  means that the page is fake. By pushing the padlock iyou can see Handelsbanken in the certificate and then the page is safe.

– Some simple tips that make a big difference are to check the padlock and find a password system. Another tip is not to open the attached documents in an email without considering whether it is safe or not, says Christer Åhlund.

Preparations are important

John Lindström, Researcher and Operations Manager at Process IT at Luleå University of Technology, talked about the importance of preparing for an attack or threat, both as an individual and as an organization or company.
– Things will happen, but if you have prepared before, planned and practiced, the consequences need not be so serious. The problem is if it is not prepared. An organization may undergo failure to handle the consequences that have occurred in a sensible and good way.

He thinks that the preparations should be risk-based and that the activities should go through and find what's critical, what must work and then see what risks are there. Then costs can be calculated if something happens and also what it costs to be fixed.
– I think one should make a risk-based business decision and then have this done in a thoughtful way, says John Lindstöm.

Work regularly with security

It is also important to prepare for what can happen in the home. For example, having prepared with emergency numbers and police numbers written by the phone can make you arrive faster. Even connected appliances like refrigerators and freezers, should have a firewall or router to prevent someone from hacking and shutting them off, just to avoid losing food for several thousand crowns and possibly also getting water damage.

– I think you should work with this in a structured way over time,  not just do it once and then forget it. Otherwise it will be wasted. You have to work with this occasionally, prepare and practice, says John Lindstöm.

Voices from the audience

Josefin Lundberg, business developer

– The importance of security is something I will remember från the lecture, and that I ca do myself, such reviewing the passwords, not having the same everywhere or having it written down and creating a system for it. I think it's great that lectures are held at Luleå University of Technology, especially when it's interesting subjects.

Niklas Sellberg, IT consultant

– The lecture is a reminder of what to do with a disaster recovery plan, incident reporting and such, which we forget about in your daily work. It's good to be reminded.

Photo: Erica Lång
Photo: Erica Lång

In the media

Christer Åhlund

Christer Åhlund, Professor, Chaired Professor

Phone: +46 (0)910 585331
Organisation: Pervasive and Mobile Computing, Computer Science, Department of Computer Science, Electrical and Space Engineering
John Lindström

John Lindström, Professor

Phone: +46 (0)920 491528
Organisation: Information systems, Digital Services and Systems, Department of Computer Science, Electrical and Space Engineering