In this installment for our cybersecurity series, our faculty experts discuss the judicious use of social media, potential risks from the Internet of Things, and hints that you may have been hacked.
Dr. Zumrut Akcam, assistant professor of computer science
Dr. Kimberly Cornell, assistant professor of computer science
Dr. Mark Gilder, assistant professor of computer science
Dr. Ian MacDonald, professor of computer science, dean of the School of Mathematics and Sciences
We’ve heard not to broadcast our whereabouts on social media.
Gilder: You might not even be aware that you’re providing this information. For any type of media file, image, video, or audio file, there will be additional data present, known as metadata. If you take a photo, the metadata could include the date, time, location, and even GPS coordinates, so it’s important to make sure you disable this feature in your device. Someone could download a picture from your Facebook account and see the photo you posted of yourself at an event, for instance. They would be able to see it was taken five minutes ago, and that you’re out of town.
Cornell: Don’t “check in” from places. On vacation? Wait until you get home to share your photos.
Some people post photos of their children. Even on Instagram, which can be seen by anyone.
Cornell: Someone could read your posts and learn enough to trick your kids into thinking you sent that person there to pick them up from school. It’s too easy to enable cyberbullying or kidnapping. I don’t post photos of other people’s kids without the parents’ permission.
MacDonald: Two of the most investigated cyber crimes are harassment and stalking. Think about it: Stalkers are just as high tech as anyone else. Your metadata, patterns, locations – you’re putting all that out there. No social media profiles should be public.
Cornell: Young people, in particular, can be very vulnerable. They’ll post things, like “I’m feeling sad today.” That can make them susceptible to predators.
People probably share things they don’t mean to.
Gilder: It’s really astonishing to see some of the things posted on public websites that people may think are benign, or someone trying to be funny. Always remember that this information never goes away. Potential employers will see it. Your customers may see it. Before sharing information with someone, make sure you’re OK with making that information available for everyone to see.
MacDonald: One thing I’ve learned is that if I have to contact someone regarding a sensitive topic or private matter, I’ll send an email that sounds like I’m Tony Soprano: “Want to talk about the guy, about the thing? Come to my office.” There’s no detail, personal information, or sensitive information.
Private conversation? Nothing beats face to face.
Or, if you have to, talk to each other over the phone – don’t text if you desire privacy.
Speaking of insecure sources of information, what about smart devices and the Internet of Things?
Cornell: People can hack everything: your computer, your webcam, your computer, your fridge camera that’s supposed to tell you when to buy more eggs, thermostats, baby monitors. Be sure to use devices that use encryption, and make sure to check the devices’ security settings.
MacDonald: These days, just about every device contains some form of computer. Take your car, for example: There could be 100 different devices, sensors, a lot of them potentially connected to the internet. It’s scary to think you are driving a weapon that could be hacked. There have been cases of cars being shut down remotely, or allegations of bugs being inserted to cause engine failure.
Gilder: Also, we provide so much information to corporations without even realizing it: Think of Amazon Alexa, or Google Home. They have a keyword they listen for; therefore, the devices must be listening all the time. The corporations claim they’re not storing that information, but you have to be aware of the devices we install in our homes, and how they might be misused.
Cornell: If your webcam light is on for no reason, you may have been hacked. If you notice anything abnormal, like your mouse moving or an open program that you didn’t open, someone else could be in control of your computer.
What about wearable fitness devices like Fitbits?
MacDonald: Every device is designed to collect data that you hope will be used for your benefit. The information is likely being stored in the cloud somewhere, where a hacker could obtain access to it.
Cornell: Whatever it is, if it’s sending data, it already has a lot of information about you and your habits. If someone knows you go for a run every evening at 6, you could be stalked.
Gilder: I have this watch that’s connected by Bluetooth to my phone. It tracks quite a bit of data about my daily activity: It can record heart rate, GPS location, whether the wearer is awake or sleeping, and so forth. Again, we have to raise our awareness about these devices we allow into our homes and on our person, and what kind of data they capture.
MacDonald: The important thing to remember is that nothing is 100 percent secure. You take as many precautions as you can. So, the question is not, “How can I make myself secure?” but rather, “How do I make myself insecure?” Then, don’t do those things.
Gilder: We have to initially focus on the critical assets that we should be protecting. Do I care if someone sees my vacation pictures? Not so much. My financial records? Yes, definitely! I’ll take some steps to protect those. It’s a different mindset.
Cornell: Assume the internet is hostile. Assume we are working in an insecure network.
MacDonald: Assuming that your information is safe and nothing can happen to you is the biggest mistake you could make. It’s not a question of “if” but of “when.”
Next time: Our experts share tips for being more secure.
In case you missed any of Parts 1 through 3, take a look at: