Our cybersecurity experts share tips for good electronic hygiene. In this installment: best practices for hardware and browser management, Wi-Fi, and safety with cellphones and email.
The cybersecurity experts
Dr. Zumrut Akcam, assistant professor of computer science
Dr. Kimberly Cornell, assistant professor of computer science
Dr. Mark Gilder, assistant professor of computer science
Dr. Ian MacDonald, professor of computer science, dean of the School of Mathematics and Sciences
What can we do to protect ourselves?
Cornell: There are simple things, like ensuring that you’re using encrypted email and using virtual private networks (VPNs). If you’re transmitting anything on a website, make sure the address starts with “https:” rather than “http:.” The S stands for “secure.” It’s more widely used now, but that technology has been around since 1994!
MacDonald: Most computer cameras have a switch that you can use to cover them. Microphones are a little more difficult, but you can go into your settings and see if your microphone is on or off. I personally don’t have my laptop on if I’m not using it. If I’m having a sensitive conversation, I close my laptop and mute my phone.
I have a lock on the computer that activates after a minute or so.
What computer-hygiene practices do you recommend?
Cornell: Be careful about apps you put on your browser – you might assume they’re safe because they’re from the Chrome store, but they’re not all vetted by Google. An app can siphon off information without your knowing. Make sure your apps have trusted certificates. If you’re using Chrome, only use apps made by Google.
Don’t keep a lot of tabs open (some may not have been created by you and if you have many open you may not notice).
Safely log out of websites.
If you’re using public Wi-Fi, don’t access important systems where your password and identity could be stolen. Looking up things on Wikipedia is OK, but don’t do anything that can compromise your data.
Be sure that your social media privacy settings are what you want them to be – sometimes, after I update mine, I notice they go back to the default settings.
Whenever companies update their terms of agreement, read that documentation.
This is useful and somewhat empowering. Are there other simple guidelines we can follow to protect ourselves?
Cornell: Protect your cell number. I’ve seen people post their number on flyers that are up in public places.
Protect your email address. For example, don’t list it as is on websites. You’ve seen people spell out the “at” rather than using the @ symbol; this is because web crawlers can pull that sort of data and record your email. You might consider having separate email addresses – one for work and one for private correspondence.
Protect your credit cards, too. Watch out for anything odd, like an extra piece of plastic on the card readers on vending machines, ATMs, or gas pumps. People can install devices called skimmers to steal your credit card information.
If possible, use a credit card for purchases instead of a debit card, which is linked to your bank account.
Gilder: Don’t click on something if you don’t know where it’s from or who it’s from.
MacDonald: If you get an email that purports to be from a company, say a financial company you use, you can go directly to that company’s website, log in, and see if there are any notifications.
Gilder: That goes for emails from people you know, too. Say you get something from a classmate, and it says “Click here to check this out.” Talk to the person and ask if they sent you anything.
A confession: I clicked a link on a phishing email.
MacDonald: Go to IT and have them investigate the extent of what you did.
If you downloaded something and ran it, or clicked through and entered some information, now you have to think, “What did I release?” Hopefully not your Social Security number.
What can people do with Social Security numbers?
MacDonald: Many of our Social Security numbers are already in the hands of hackers, but the hackers don’t always have complete information to correlate. If you put out your Social Security, name, and address, etc., you have a serious problem. Contact your credit card companies to get a new card. Run your credit report and put out an alert.
Cornell: If you have a secondary ID number, like a student ID, memorize it, have it on hand, and use it. Don’t fall into the trap of using your Social Security number as your primary ID – you want to protect it. Don’t ever send it in an email.
Even sometimes you’ll get legitimate requests for your Social Security number, like from prospective employers. Are they asking you to send it in a manner that’s safe? Do they have to have it? If they do, does their system encrypt your confidential data?
Next installment: Backups, encryption, and protecting your most-valuable information
Miss any of our previous installments?
Part 1: How Our Behavior Puts Us at Risk
Part 2: Protecting Yourself Without Turning into a Hermit
Part 3: Privacy? What’s That?
Part4: The Antisocial Side of Media