Shaji Khan shares tips to help bolster cybersecurity on ‘St. Louis on the Air’

by | Feb 12, 2017

The assistant professor of information systems joined a panel of experts to discuss cybersecurity issues with host Don Marsh.
Shaji Khan from his appearance on St. Louis on the Air

Shaji Khan joined a panel of experts to discuss issues of cybersecurity with host Don Marsh on Tuesday on “St. Louis on the Air.” (Photo by Kelly Moffitt/St. Louis Public Radio)

Cybersecurity became an issue increasingly prevalent in the news in 2016, particularly during the U.S. presidential campaign.

Hacked emails obtained through a breach of Democratic National Committee email servers as well as the personal email of Hillary Clinton campaign chairman John Podesta were released via WikiLeaks, and there were subsequent revelations of Russian involvement, prompting investigations from Congressional intelligence committees.

But cybersecurity isn’t a topic only applicable to the realm of geopolitics.

“Just pick last year, and you look at the number of security breaches and the number of records lost – it’s mind-boggling,” said Shaji Khan, an assistant professor of information systems at the University of Missouri–St. Louis. “I do this exercise with my students. Within like 10 minutes, we were able to find probably 100 breaches that dramatically affected how organizations work. There are plenty of executives that have lost their jobs and moved on because of major security breaches.”

Khan made those comments on Tuesday while appearing on “St. Louis on the Air” on St. Louis Public Radio. He joined host Don Marsh as part of a panel that also included Jason Clark, chief security and strategy officer at Optiv Security, and Poonam Verma, vice president of vulnerability management at MasterCard.

Much of their discussion focused on cybersecurity as it is applies to ordinary people, and they offered tips to try to protect privacy and safety in an increasingly connected world.

One growing point of vulnerability – as Marsh brought up – are devices like Amazon’s Echo that are capable of voice interaction and can be used for playing music or other audio, setting alarms and providing users with real-time information, including the weather. What’s more, they can act as a home automation hub, controlling other smart devices in one’s residence.

That also means they’re constantly “listening” to what’s going on around them.

“As long as you have the devices at your home, there’s a possibility of being compromised,” Clark said.

But he noted that they are far more dangerous in someplace like a corporate boardroom than someone’s house because would-be cybercriminals have far more to gain from the information they could obtain there.

The biggest area where most people need to be concerned about their own cybersecurity is their email. If people are tricked into clicking on something that puts malware on their machines, that allows hackers to monitor every keystroke and possibly obtain valuable passwords or bank account information.

Social media is another area where people need to use caution to protect themselves.

“If you imagine somebody’s after you, if you make that assumption, they would have to know a lot about you,” Khan said. “Social media is probably the best place where they could start gathering information about you.”

While users can adjust their privacy settings to limit who has access to information about them, they don’t always take those steps. It can also be difficult for people to control what information others share about them in the public space.

Khan, more generally, offered a list of recommendations people could take to maximize their own security.

He suggests people keep the operating systems on their devices updated, use basic antivirus/firewall protection, use good and complicated passwords and be careful when using public Wi-Fi so that they aren’t conducting personal business in insecure space.

Clark recommended never sharing private information over a public Wi-Fi network unless users see “https” in the web address, as those sites are automatically encrypted.

The UMSL cybersecurity program offers several other resources for people to learn more about protecting their personal information. They can be found here.

“It’s not all doom and gloom,” Khan said. “Follow the basics, you’ll be just fine. On the other hand, if you don’t follow the basics, you’re putting a big target on your back.”

As for the problem of geopolitical actors battling in cyberspace, that’s not an issue that is going away.

“Nation states are not just fighting each other, they also are conducting systematic espionage on corporations,” Khan said. “Pick any major U.S. corporation and you’ll hear about espionage from other nations. Long story short, if you think we are going to be in a cyber war the short answer is: We’re already in it.”

To hear the full “St. Louis on the Air” conversation, click here.

Steve Walentik

Steve Walentik