24 May 2022, by Niklas Keller
Krassen Deltchev has been the information security officer in the Digital Office since January 2022. The office is funded through Excellence Strategy funds, and coordinates the process of development and updating the digitalization strategy.
When criminals access a laptop, smartphone, or tablet, the theft of sensitive personal data often swiftly follows. Krassen Deltchev has been an information security officer of Universität Hamburg and part of the Digital Office since 2022. He identifies potential weak points, and alerts the University to threats.
What do you do as the information security officer for University Hamburg?
My job is to secure the exchange of information at the University, and to encourage all my colleagues to pay more attention to data security. I’m sure many staff members have received scam emails or phone calls. Universität Hamburg has a complicated structure, which makes it very difficult to prevent everything. We can however help people to recognize attacks or scams before any damage is done.
What do data attacks look like, and how can University members protect themselves?
Often attacks occur through what looks like a harmless attachment to a completely normal looking email. Opening that attachment on your computer installs malicious software on the computer, often without the user realizing. Another classic is a notice that the Outlook inbox is full, urging recipients to click on a link to remedy the problem. These emails or links often look deceptively real. Phone calls and SMS are also being used to access data.
In the future, we want to provide a new website about phishing, to provide all the relevant information and contact people in one place. It will provide easy to use tools that help people build up their knowledge of data protection and IT security, and protect themselves against phishing and similar attacks, hopefully in a way that is fun and interesting. There will also be advice on how best to handle them.
What should I do if I have actually clicked on a link in a dubious email?
Don’t be ashamed. Many people do not want to admit that they have fallen for a scam. But it can happen easily, as malicious scam emails often look professional.
It is important to contact me quickly after every event. If personal data is being stolen, the data protection officer and the Legal Unit also need to be involved. You should talk about these situations with your colleagues, to help raise their awareness.
What do you do in the Digital Office to protect data?
Some universities have already reported suffering malicious phishing or ransomware attacks. Of course, we do not want that to happen at Universität Hamburg. We are working on identifying any potential gaps in our security and closing them immediately. At the same time, we are working closely with the Regional Computing Center to develop a response in case of an attack. If we were to end up in such a situation unprepared, it could have severe consequences. But if we prepare our defenses in advance, we can respond as effectively as possible.
It is also important for us to stay up-to-date. We are always investigating trends in data security and checking current threats.
What sort of trends are those?
For example, currently, the best way of protecting technical equipment is through preventative communication. Imagine you are working on a Windows PC in the internet with other colleagues. Suddenly, the computer registers a malicious event, which it analyses and informs all the other devices in its network. It says: Be on the lookout. The machines talk to each other and collect information. The security server evaluates the feedback from the individual devices and provides a uniform answer on how they can protect themselves.
Two-factor authorization has also been established. We want to give this the highest priority at the University, particularly for those members of staff who work with sensitive information. We check how we can make information exchange at the University more secure in the face of all the trends an innovations we see. The chief digital officer, Sebastian Gerling always says: “As an excellent university, we need excellent digital solutions.” Our status as a University of Excellence is a benchmark against which we measure ourselves every day.