{"id":655,"date":"2020-04-01T22:24:29","date_gmt":"2020-04-01T17:24:29","guid":{"rendered":"https:\/\/dailystudent.lums.edu.pk\/?p=655"},"modified":"2021-09-18T16:32:43","modified_gmt":"2021-09-18T11:32:43","slug":"data-insecurity-at-lums","status":"publish","type":"post","link":"https:\/\/dailystudent.lums.edu.pk\/index.php\/2020\/04\/01\/data-insecurity-at-lums\/","title":{"rendered":"Data (In)Security at LUMS"},"content":{"rendered":"<p><strong>By: Zoha Fareed Chishti<\/strong><\/p>\n<p>\u201cIt is important to understand that malicious users always look for easy prey, first, and use social engineering to set up traps. Even if you have spent millions on hardware, one weak link internally can expose all that you have protected,\u201d says Tariq Sheikh, Senior Manager at Information Security (InfoSec) LUMS.\u00a0\u00a0\u00a0<\/p>\n<p>On 9th September 2020, just a few days before the commencement of the fall semester, Ayman Fuad \u201824 received an email on her outlook account that was meant for another student. The email thread which contained another student\u2019s private information was mistakenly forwarded to Fuad. She told The Post, \u201c[The email] contained a password, as well as the student\u2019s phone number and address. This is the second time something like this has happened.\u201d\u00a0\u00a0<\/p>\n<p>Over the past few years, students at LUMS have witnessed various cases of data security breaches. Back in 2018, major files containing sensitive information (like phone numbers, addresses, CNIC and passport numbers) were leaked online. With an increased reliance on virtual correspondence in the past few weeks, students took to LUMS Discussion Forum (LDF) to share their concerns after receiving suspicious links in their outlook inboxes.\u00a0\u00a0 <\/p>\n<p>Ramsha Fatima \u201822, who suffered a breach on her outlook account on 23rd September 2020\u2013wherein an email with a malicious link was sent to a lot of people on her contact list including the Vice Chancellor, the Dean of MGSHSS, the Coordinator of MGSHSS, multiple instructors, her student loan officers and fellow students\u2013talked about how jarring the experience was. She said, \u201cI discovered the breach at 6 p.m, exactly when my class had started. I was constantly panicking, trying to act fast but also trying to keep up with my class. I was very afraid of the consequences.\u201d She had to track down all the recipients, send out apologies and change her security details. She further added, \u201cI started thinking of worst-case scenarios [like] my student loan being delayed.\u201d\u00a0<\/p>\n<p>Madiha Tariq \u201820 says, \u201cThere have been multiple security breaches that were never addressed. Files were leaked with sensitive information. A private email thread of a first-year student was forwarded to [a lot of people at] LUMS &#8211; and that too by IST!\u201d <\/p>\n<p>Tariq explained that she noticed how frequently data privacy is violated at LUMS when a discussion regarding data security broke out on the SSE girls WhatsApp group. The discussion prompted Tariq to send an email to the administration to bring their attention to the severity of the situation.\u00a0 <\/p>\n<p>In the email, Tariq wrote, \u201cWe are expected to trust the university with medical information for Zambeel medical forms and OSA petitions, with personal family matters for why a student might need campus accommodation and even with mental health issues while contacting campus counsellors.\u201d She also highlighted how the entire student body felt the impact of these breaches in her email saying, \u201c[These] mistakes don\u2019t just affect one student; it makes every one of us afraid to share our information and many [out of fear of their private information being so carelessly leaked] won\u2019t even reach out to the university even when they most need the help.\u201d As of yet, Tariq has received no response from the administration to her email.\u00a0 <\/p>\n<p>Amna Khan* said (about the 2018 incident), \u201cEveryone felt violated, disappointed in lums facilities for their failure to protect sensitive data despite paying so much. Safety was completely stripped as anyone could literally come to your door.\u201d <\/p>\n<p>While talking to <i>The Post<\/i>, Tariq Sheikh said, \u201cFollowing the 2018 incident, Information Security (InfoSec) at LUMS was established. InfoSec communicates with the community to create awareness along with inviting industry experts to talk about the challenges [in cyber security].\u201d\u00a0\u00a0<\/p>\n<p>Sheikh, while talking about the 2018 data breach, explained that a malware (in one of the IST computers) had allowed a hacker to access the Zambeel database, and thereby leak the information online. He explained that LUMS had thoroughly investigated the 2018 data breach and upgraded the server infrastructure and security protocol.\u00a0 <\/p>\n<p>With the university going online, the reliance on digital modes of communication is greater than ever before. There is a pressing need to ensure that the information students relay to the university remains safe. Sheikh explained that Infosec has planned a security model based on the current compulsion of virtual correspondence. He said, \u201cDuring this year, we will be installing enterprise grade endpoint security software (antivirus\/antimalware) onto all our computers, which are presently secured with Microsoft\u2019s bundled software (Windows Defender).\u201d\u00a0 <\/p>\n<p>\u201cWe are ready to hold simulation sessions which can teach students about cyber security.\u201d Sheikh told the Post, \u201cBut the students don\u2019t attend them. The last session we held only was attended by just 3 students.\u201d He stressed on the importance of verifying data before engaging with it and expressed the importance of students being responsible. \u201cIt is a collaborative effort\u2014 we are ready to put in the efforts to improve security, but the onus of responsibility also falls on the student.\u201d <\/p>\n<p>Upon being asked for a solution, Sheikh replied, \u201cThe users need to be aware of the threats and how to avoid them. And institutions need to invest in endpoint security solutions that protect users\u2019 computers and not just server infrastructure.\u201d\u00a0 <\/p>\n<p>\u00a0<\/p>\n<p>*name has been changed to respect privacy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By: Zoha Fareed Chishti \u201cIt is important to understand that malicious users always look for easy prey, first, and use social engineering to set up traps. Even if you have spent millions on hardware, one weak link internally can expose all that you have protected,\u201d says Tariq Sheikh, Senior Manager at Information Security (InfoSec) LUMS.\u00a0\u00a0\u00a0 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":911,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5,13],"tags":[],"_links":{"self":[{"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/posts\/655"}],"collection":[{"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/comments?post=655"}],"version-history":[{"count":10,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/posts\/655\/revisions"}],"predecessor-version":[{"id":914,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/posts\/655\/revisions\/914"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/media\/911"}],"wp:attachment":[{"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/media?parent=655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/categories?post=655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dailystudent.lums.edu.pk\/index.php\/wp-json\/wp\/v2\/tags?post=655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}