Skip to Main Content
  • About
  • Academics
  • Admissions
  • Campus Life
  • News & Media
  • Athletics
  • Support BC
  • Our Campus
  • Fast Facts
  • Administration
  • Initiatives, Plans and Policies
  • A Nationally Recognized Institution
  • International Education
  • Research
  • Our Past, Our Future
  • Offices and Services
  • Consumer Information
  • Contact Us
  • Schools
  • Academic Departments
  • Majors, Minors and Concentrations
  • Interdisciplinary Programs
  • Graduate Programs
  • Doctoral Programs
  • General Education
  • Honors Academy
  • Special Programs
  • International Programs and Study Abroad (IPSA)
  • Academic Resources
  • Library
  • Centers and Institutes
  • Academic Honor Societies
  • Technology
  • Research
  • Faculty
  • Course Schedules and Bulletins
  • Academic Calendar
  • Incoming Freshmen
  • Transfer Students
  • Graduate Students
  • International Students
  • Second-Degree Students
  • Other Students
  • Apply
  • Tuition, Fees and Payments
  • Financial Aid
  • Request Information
  • Visit Campus
  • Undergraduate Admissions Events
  • Graduate Admissions Events
  • BC News
  • BC In the Media
  • Research
  • Videos
  • Brooklyn College Magazine
  • Office of Communications and Marketing
  • Visit us on Facebook
  • Follow us on Twitter
  • Email us a question
  • What the Campus Has to Offer
  • Vice President for Student Affairs
  • Division of Student Affairs
  • Student Clubs
  • Intramurals / Recreation
  • Health and Wellness
  • Orientation
  • Commencement
  • Veteran and Military Programs
  • Living in Brooklyn
  • Brooklyn College Foundation
  • Donate Now
  • Visit us on Facebook
  • Follow us on Twitter
  • Email us a question
Brooklyn College

Brooklyn College logo
  • BC WebCentral
  • We Stand Against Hate
  • Calendar
  • Offices and Services
  • Library
  • Career Services
  • Honors Academy
  • Special Programs
  • Prospective Students
  • Current Students
  • Faculty & Staff
  • Alumni & Friends
  • Admissions
  • Undergraduate Admissions
  • Graduate Admissions
  • Apply Online
  • Transfer Evaluations Office
  • Campus Life
  • Financial Aid
  • Honors and Special Programs
  • Library
  • News and Media
  • Public Safety
  • Annual Security Report
  • Registrar
  • Academic Advising
  • Annual Security Report
  • Bookstore
  • Bursar
  • Calendars
  • Campus Life
  • Career Development and Internships
  • Commencement
  • Course Schedules and Bulletins
  • CUNY Blackboard
  • Enrollment Services Center
  • Financial Aid
  • Graduate Studies
  • Initiatives, Plans and Policies
  • International Programs and Study Abroad (IPSA)
  • Library
  • News and Media
  • Offices and Services
  • Pathways
  • Public Safety
  • Registrar
  • Registration Information
  • Resources for Undocumented Students and DACA
  • Scholarships and Awards
  • Student Handbook
  • Sustainability
  • Technology
  • Transfer Evaluations Office
  • Log into CUNYfirst
  • BC WebCentral Login
  • Forgot Your Password?
  • Forgot Your WebCentral ID?
  • New Users
  • College Directory
  • Academic Affairs / Office of the Provost
  • Annual Security Report
  • Senior VP for Finance and Administration
  • Bookstore
  • Calendars
  • Campus Directory
  • Campus Life
  • Center for Teaching
  • CUNY Blackboard
  • Faculty Council
  • Faculty and Staff Development Opportunities (CUNY)
  • Human Resources
  • ITS (Information Technology Services)
  • Library
  • News and Media
  • Offices and Services
  • Public Safety
  • Sustainability
  • Transfer Evaluations Office
  • Webmail
  • Writing Across the Curriculum
  • Log into CUNYfirst
  • BC WebCentral Login
  • Forgot Your Password?
  • Forgot Your WebCentral ID?
  • New Users
  • College Directory
  • Annual Security Report
  • Benefits and Services
  • Brooklyn College Alumni Association
  • Brooklyn College Foundation
  • Brooklyn College Magazine
  • Calendar of Events
  • Chapters and Affiliates
  • Get Involved and Give Back
  • Office of Alumni Engagement
  • Stay in Touch
  • Transcripts
  • Public Safety
  • Contact Us
  • News & Media
  • BC News
  • Archive - 2020
  • Tips on Cybersecurity with Qing Hu

Dean of Koppelman School of Business lends expertise on timely topic.

 /web/new_2020news/201103_Professor-Hu_94x84.jpg

Tips on Cybersecurity with Qing Hu

Nov. 3, 2020

By Rich Pietras

Qing Hu, dean of the Koppelman School of Business

Qing Hu, dean of the Koppelman School of Business

Qing Hu, an accomplished scholar on IT strategy and cybersecurity, is dean of the Koppelman School of Business at Brooklyn College. He has co-authored over 140 research articles in academic journals, conferences, and books, and has been an invited speaker at universities and academic conferences around the world. Hu offered these helpful tips to the Brooklyn College community.

What are a couple of the biggest and most common threats ordinary people encounter regarding cyberattacks?

Identity theft: Identity theft happens when your online or real-world identity, such as your name, date of birth, driver license, social security, address, and other key person data, are stolen through online hacking or physical action. Once the criminals get these data, they can use them to open bank accounts, get auto and home loans, and even file for tax refund before you file for taxes. Personal identify data are often stolen from hacked computers and found in personal and business trashes.

Hacked online accounts: This happens when hackers or criminals get your online account usernames and passwords, or credit card data, either through direct hacking of your computer or purchasing hacked data on the dark web. It often takes only a few minutes to a few hours from your account data being compromised to these data being used or sold to criminals on the dark web. This happens to personal accounts and organizational accounts. This has been the primary way for hackers to steal money from individual and organizational bank accounts, as well as other valuable information such as credit card data and personal identity data.

Ransomware attack: This is the most direct way for hackers and criminals to profit from their hacking activities, and a relatively new phenomenon. When a hacker takes control of a computer or computer system through malware planted on the computer, the hacker runs a software that encrypts most, if not all, of your data files and the system database files, making them inaccessible to you or the organization. Then a computer message is displayed on your computer screen, informing you that your computer data have been encrypted, and ask you to follow instructions on how to purchase and send certain amount of Bitcoins to the hacker in order to decrypt the data to its original state.  

What are the best ways to protect yourself against them?

In all three cybersecurity threats, the most common way of being compromised is for hackers to steal your personal online or computer login credentials. The commonly used hacking techniques to steal online and compute login credentials are the following three:

Password cracking: Since most of our usernames are public, such as our names, organization, and email addresses, in many cases all hackers need to do is to figure out our passwords. There are free password cracking software tools available for anyone to download and use. However, the worst problem is that people tend to use simple and easy passwords. There have been multiple studies in the past that show the most common passwords used by individuals are “password” and “123456789.” So, it does not take a genius to break into many user accounts.

The best ways to protect password cracking are:

  • Always use sophisticated passwords, which are now almost universally required by organizations and operating systems, such as long passwords with combinations of upper- and lower-case letters, numerals, and symbols.
  • Never write your password to a post-it note and stick to your computer, and never share any of your passwords with anyone, even your co-workers, family members, and close friends.
  • Changing your passwords every 6 months is a great way to prevent hacking, but also challenging to implement, because our memory is limited. Using password management apps from reputable vendors (e.g., Norton Password Manager by NortonLifeLock) that use encryption could be one of the ways to deal with this challenge.

Phishing emails: We have seen a dramatic increase in phishing emails in the last decade, and even with sophisticated email filters installed in most organizations, phishing emails still managed to penetrate these filters and create havoc in organizations and to individuals. Once a person clicks on a link embedded in a phishing email, a spyware is often downloaded on the person’s computer. Some spyware transmits key strokes on that computer to the hacker (keylogger) to steal usernames and passwords, others let the hacker to remotely control the computer and execute programs to install ransomware, and more stay in the background quietly for a long time waiting for commands from the hacker to launch attacks.

The best ways to protect against phishing attacks:

  • Phishing emails are relatively easy to identify if you are careful and aware of this type of cyber-attack. Phishing emails usually pretend to be from people you know (CEO, supervisor, co-worker, because these data are readily available on the web). However, it is technically difficult for them to hijack your organization email domain. If you see an email from your co-worker John.Doe@brooklyn.cuny.xyz.com, you must know this is a phishing email, and delete it immediately. If you happen to have clicked on a link embedded in the email, notify your IT service immediately to disinfect your computer.
  • Some phishing emails ask you to fill in a form with sensitive data or claim to verify your identity by requesting your username, account ID, and password, etc. These are clear indications of a phishing email. In these cases, just delete the email and report to IT services.
  • More sophisticated phishing emails use an image to cover their illegitimate email domain. For example, you might see an email from your co-worker John.Doe@brooklyn.cuny.edu, but the font is different from the rest of the email, when you use your mouse over the email address, you might see John.Doe@xyz.com showing up, revealing its true phishing identity.

Malware attacks: In addition to phishing emails, hackers can install spyware, ransomware, and other malware when a user visits a website that offers free downloads of popular books, music, games, and even gift cards. Once an unsuspecting user provides names and emails (usually required for such free downloads) and click on the download button, the malwares are downloaded along with the free offers to the user’s computer.

The best ways to protect against malware attack:

  • Always turn-on the operating system’s built-in firewall protection program, and if possible, install commercially available virus and malware protection software from reputable vendors. The software will alert you when malware is detected when you are visiting a website or downloading a free offer. They also do periodical scanning of your hard drive to discover and quarantine known and suspicious software agents on your computer.
  • Always be suspicious of free product or gift offerings that show up in your emails or on websites you infrequently visit. Keep in mind that there is no free lunch. If you are offered something for free, you are paying for it one way or another. You either provide some personal information, or you get malware installed on your computer, for the free stuff.

Zoom meetings have become so commonplace with so many people working remotely. What are some commonsense protections you can administer to ensure your meetings are safe?

The biggest hazard to Zoom meetings today is Zoom bombing, where uninvited parties gained access to or hijacked Zoom meetings for the purpose of disrupting the meeting, making political statements, or the worst, showing racist, lewd, or obscene materials, that eventually shuts down the meetings. To prevent Zoom bombing, the administrators must exercise many safety precautions when setting up a Zoom meeting. There are numerous tutorials and guidelines available on the Internet on this issue, here are a few most important steps:

  • Chose not to embed password in the meeting link. Embedding password in the meeting link makes participation in the meeting super easy and is a popular choice. However, that makes anyone who get the link be able to join the meeting easily as well.
  • Never send meeting links with password or embedded password to the public media channels such as Twitter or Facebook. If the meeting is intended for public access, make sure to set up a meeting registration page. Depending on the estimated risk, the registration can be automatically or manually approved, but at least you know who will be at the meeting.
  • Only allow the host to share the screen and disallow participants to rename themselves. This will prevent unwanted materials to be shown to the audience and prevent unwanted messages to be displayed using usernames.
  • Always disable “Join before host” and disable “Allow removed participants to rejoin.” If the host finds someone become disruption and behave inappropriately, the host can remove the participate who cannot rejoin the meeting during the remaining time.
  • Always choose “Mute participants upon entry” and enable “Waiting room” so that the host has total control about when to admit participants, and when to allow a participant to speak.
  • Zoom security has significantly improved from its original release earlier this year. Most notably better host controls through many settings, and end-to-end encryption of the meeting data that are communicated between the host and the participants. However, it is recommended that Zoom meetings should not be used to discuss highly confidential and sensitive data and conversations. Many large companies still ban Zoom for official business meetings for concerns about data security.

Online shopping has also exploded over the past few years. What are some easy "dos and don'ts" you can suggest for online consumers?

  • Do your online shopping only on reputable websites and for known brands. Do not chase low prices on unknown websites, especially the sites that require more personal identifying information beyond your name, address, and credit card. If you must buy something on a new website, make sure you do some research online about the site and the merchant before making any purchases.
  • Do your online shopping only on personal computers, ideally on a dedicated device. Do not do online shopping on office computers. Not only this might violate your workplace policy, in case malware are downloaded to your office computer, the damage could be much more server.
  • Keep in mind that all your online transaction details, such as item, price, time, frequency, device, and location, are all recorded by the online platform and the merchants. Reputable platforms and merchants have better privacy protection policies and processes, while unknown sites may rely on selling customer data as a major source of income.
  • Protect your identity information as if protecting your own life in this highly connected digital world. The information you provide on different websites could and likely will be aggregated into a detailed digital portrait of you, shared or sold among different businesses. There is some truth in the saying that companies like Amazon and Google know more about you than you do.

What is the best way to protect your home computer, particularly if you have children using technology?

  • Always turn-on the built-in firewall that comes with your computer operating system and install additional anti-virus software package from reputable and known brand name companies.
  • Always turn-on parental control functions offered by computer operating systems and websites. Make sure you set up the parameters properly and do not count on the default settings.
  • Be highly suspicious on unknown websites that offer free books, games, gift cards, and other freebies for download in exchange for your registration. The free stuff often comes with malware that could cost you a lot more.
  • Have frequent and open conversation with young children about the dangers of social media, the prevalence of malware, and the criminals trolling the Internet. Never give your credit card information to your children for convenience, and never allow young children to make purchases on the Internet by themselves.
Back to BC News
  • Additional Content - Text and rightColumn: Tweet

News & Media

Back to News & Media

Image of a phone with social media icons.

Let’s Stay Connected

Our social media directory features all our accounts from across campus.

Fall 2022 COVID-19 Guidelines

Fall 2022 COVID-19 Guidelines

Prepare for a crucial transition for the fall 2022 semester.

Group of faculty members

Outstanding Professors

Our highly trained faculty are leaders in their fields. Come learn from them.

View of the upper portions of buildings from the residential neighborhoods around the Brooklyn College campus.

Housing Options

Learn about housing options that are available in Brooklyn. 

  • Home
  • Directory
  • Employment
  • IT Remote Support
  • Remote Technology Resources
  • Privacy Policy
  • Policies
  • Contact
  • Text Only Website
  • Site Map
The City University of New York

© 2025 All Rights Reserved Brooklyn College
2900 Bedford Avenue, Brooklyn, NY 11210
718.951.5000 -10.1.1.11