Insights & Expertise
Monique St. John ‘94, chief technology and security officer at the Children’s Hospital of Philadelphia, discusses the ways that COVID-19 has created new or heightened cybersecurity concerns for health care providers.
Insights & Expertise
The use of technology has increased during the past months as schools, jobs and even some government functions have transitioned to conducting operations in a virtual environment. As reliance on video conferencing, instant messaging applications and telehealth increases, cybersecurity has become an increasing concern. According to a brief from the World Economic Forum, cybercriminals have been targeting consumers with COVID-19 themed phishing scams, marketing malicious apps that claim to provide information about the pandemic, and exposing flaws in business productivity software and home and corporate security networks.
We asked Babak Forouraghi, Ph.D., Saint Joseph’s University professor and chair of the computer science department, to discuss the different threats and to offer advice on how to ensure that your virtual communications remain safe and secure. Forouraghi and Monique St. John ’94, chief technology and security officer at the Children’s Hospital of Philadelphia, will be featured in a free Unlimited Learning webinar on cybersecurity in the COVID-19 era on May 20.
An edited transcript of the conversation follows.
Has the world seen an increase in use of virtual communications like this before?
Babak Forouraghi: In a word, no. Video chats have become our everyday way of life amid the coronavirus. A lot of the services that have seen an increase in use are free, and were used prior to COVID-19, but not nearly as much as they’re being used now. Zoom, for example, processed 10-20 million calls per day. Now, that number is upwards of 200 million per day. With the level of use and attention suddenly being given to these services, their vulnerabilities are being discovered. They existed before, but with the increased levels of usage, people have more of a reason to look for and exploit these vulnerabilities.
What are some of the vulnerabilities that have been exposed?
Forouraghi: To start, there are some vulnerabilities at the server level. Many companies have their servers housed in China, where they have little to no control over them. The good news is that companies are responding to it right now. By increasing their levels of encryption, and issuing patches and updates to correct any flaws that they might find in their programs, developers are showing a real commitment to their customers.
Do consumers and businesses have to download each security patch and update? Or can we put them off?
Forouraghi: Updates are important, even though they can be a hassle. Oftentimes, we find ourselves saying that we’ll put it off until tomorrow, but then that becomes us putting them off for weeks. The best option is to install updates right away, as the updates and patches are meant to deal with recently discovered vulnerabilities.
If you don’t update the program, you can be at the mercy of a cyberattack until you do so. Most times, you can schedule the update to be installed during the night so that it isn’t a hassle.
What else can we do to increase our personal security as we conduct more and more business online?
Forouraghi: Everyone should change their passwords frequently. Many systems and websites require strong passwords, which is great. And don’t use the same password for every website.
Another safe practice is to have any attendees of virtual meetings sign in with passwords if the software has that feature. Personally, I don’t upload anything to the cloud, and I’m very careful in terms of what I put in any emails. If a website doesn’t have a secure link (with an -s at the end of https://), you should reevaluate using it for anything.