Skip to main content

Remote working and learning have brought greater phishing and ransomware threats

Alex Aragona: ‘It’s so important for users to be hypervigilant’
October 5, 2021
By Howard Bokser

Slightly smiling man with short dark hair, brown eyes and in a suit and tie. Alex Aragona: “We’re equipping people with as many tools as possible so they can help us identify threats.”

This is the first in a series of articles in October to mark Cyber Security Awareness Month.

Cybersecurity is a serious concern for institutions as well as anyone with any kind of internet presence — which certainly includes all Concordia faculty, staff and students.

And with more people around the world working, shopping, communicating, studying or doing countless other tasks remotely over the past 18 months due to the COVID-19 pandemic, danger from malicious actors has only been amplified.

“We live in a connected world, more so than before. Many more people are working or studying from home, using different devices and facing different threats such as phishing and malware,” says Alex Aragona, Concordia’s executive director of application portfolio management and chief information security officer.

Phishing emails look legitimate but are designed to trick individuals into revealing personal information, such as passwords and credit card numbers. They may include embedded links that can also lead to the installation of malware — software designed to cause damage to a computer, device or system.

One type of malware is ransomware, often sent through phishing, which makes the device or system unusable until a ransom is paid.

Every month, Concordia’s Instructional and Information Technology Services (IITS) blocks a significant number of malicious emails and intrusion attempts. However, the new reality of remote work and learning has brought added challenges.

“When faculty, staff and students use computers on campus, Concordia’s firewall and desktop tools provide a certain amount of protection. Now, with people using their own PCs or laptops more often, we often don’t know what level of protection is available on their home devices,” Aragona says.

“That’s why it’s so important for users to be hypervigilant. It’s important for people to recognize phishing emails, which usually have a call to action or a link or ask for credentials or personal info.”

The university has also stepped up its cybersecurity efforts over the past year. Beginning in January, Concordia accounts now have a multi-factor authentication that requires users to enter their username and password plus provide an additional approval, usually through their cellphone.

“We also activated Safe Links, which analyzes email links, and deployed SentinalOne, which adds an extra layer of protection against malware,” Aragona reports.

“Even though we’re adding these multiple layers, we have to have users be aware as well. We’re equipping people with as many tools as possible so they can help us identify threats, stop them or alert us.”

Important partners

In addition to external partners, an invaluable asset for Concordia — and cybersecurity in general — is Mourad Debbabi, dean of the Gina Cody School of Engineering and Computer Science.

Debbabi leads Concordia’s Security Research Centre and holds the NSERC/Hydro-Québec Thales Senior Industrial Research Chair in Smart Grid Security. His research involves cybersecurity, network security, cyber forensics, smart grid, privacy protection, cryptographic protocols, threat intelligence generation, malware analysis and reverse engineering.

“Mourad sits on our cybersecurity committee and brings us cutting-edge research knowledge,” Aragona says. “It’s a symbiotic relationship. We often work in tandem on projects.”

Debbabi explains that his centre elaborates advanced platforms that analyze various raw data feeds to discover patterns and events, detecting threats in near real-time using artificial intelligence and machine learning.

“As more and more of our business and affairs are conducted online, cybercrime prevention and detection has never been so important. Training is essential for everyone. Scammers are resourceful and are always looking for ways to bypass security measures,” he notes.

“Protecting against phishing and ransomware is imperative. We all have a role to play in cybersecurity.”

Concordia’s Instructional and Information Technology Services (IITS) website to learn more.


Back to top

© Concordia University