October is Cybersecurity Month at URI and across the nation. With data breaches reported on a regular basis, and new cyber threats—from ransomware attacks to identity theft—emerging daily across the globe, it’s evident that everyone must be aware of cybersecurity and of their own vital role in it.

URI is embarking on a month-long email marketing campaign aimed at sharing tips and vital information with faculty, staff, and students—all aimed in keeping information secure. A member of the URI Communications and Marketing team recently asked Karlis Kaugars, URI’s chief information officer, a number of questions on this vital topic.

5 questions with URI IT and cybersecurity expert Karlis Kaugars

1. What is the most widespread cybersecurity threat we should be aware of in the U.S. and here at URI?
Business Email Compromise (BEC) continues to target both the public and private sector. This threat attempts to use email attacks to gain access to confidential or highly sensitive information. A university is an attractive target not only for identity thieves but also various foreign entities that find tremendous value in the intellectual property of our world-class faculty. From hull designs to electronics and pharmaceuticals, we are engaged in research vital to our national interests, and industrial and state-sponsored hacking threats are and will continue to be of significant concern.

2. What is your opinion on how big technology companies, such as Facebook and Google, use consumer data?
It seems clear, given the recent news reports about the misuse of our personal data, that these organizations have not done an adequate job of disclosing how they are using our data. This is true for not just the large tech companies, but many individual startups as well, and we should all keep in mind the phrase “If you are not paying for it, YOU are the product to be sold.” Much of the economic model of the tech boom is built on selling data about individuals.

Tech firms should be required to clearly state what information they will be selling to whom and be held accountable when they violate these agreements. It may be nearly impossible to write blanket regulation on these issues—each service may offer individual benefits sufficient to offset the marginal loss of privacy, and blanket regulations about data sharing will limit individual freedoms and stifle innovation.

3. Cybersecurity covers a lot of ground. What specific areas of cybersecurity do you think most individuals should be concerned with?
As quickly as we have improved cybersecurity in our data centers and databases, the bad actors have found ways to infiltrate through indirect attacks. Malware apps, bogus links, and spearfishing email are all targeting individuals around the world. We need to harden end-point computers, phones, and tablets, while maintaining a continuous training and education program for our faculty, staff, and students. Most of all, we all need to increase our vigilance against the flood of seemingly innocuous attempts to access our data. Simply downloading a new app and granting access to that app could open up your contacts, photos, phone numbers, calendar, and even Wi-Fi access to hackers.