In Part 6, our cybersecurity experts provide insightful tips on how to keep ourselves savvy and safe. They tell us how to make ourselves an uninviting target for hackers and thieves, and advise us on how to deal with and recover from a hacking attack, identity-theft incident, or ransomware attack.
The cybersecurity experts
Dr. Zumrut Akcam, assistant professor of computer science
Dr. Kimberly Cornell, assistant professor of computer science
Dr. Mark Gilder, assistant professor of computer science
Dr. Ian MacDonald, professor of computer science, dean of the School of Mathematics and Sciences
How big of a problem is identity theft?
MacDonald: If your credit card number gets out, or you find fraudulent charges on Amazon because someone got your ID and password, you have to know what the impacts are and how to respond to stop the bleeding as quickly as possible. Yes, you know to call the company and shut down your account, but remember that that account isn’t a standalone – it’s connected to a lot of other things.
Cornell: If someone gets into your email account, for example, they could reset your passwords for other accounts, like your bank accounts. Now you have a much bigger problem than just a stolen credit card.
What is our best defense?
MacDonald: There are a few things you can do:
- Be able to list all the sites you use, and whether you’ve used the same IDs and passwords at any of them.
- Check for any fraudulent charges on your account.
- Alert any other companies linked to that account. Do you have autobilling for your student tuition, utilities, rent payment, mortgage? Is your bank account linked?
- If you get a new credit card, call all those companies and remap your credit card. Address all the dependencies.
Gilder: You can put your accounts in a spreadsheet – you don’t have to include your user ID and password. I encrypt mine with a password. If someone grabs it, they can hack it, but that’s one more step that can discourage them.
MacDonald: Have a list of all your accounts, even if you’re no longer using them. Monitor your credit report (you can check your credit report from all three agencies, Equifax, Experian, and TransUnion, for free once per year) because you’ll see if there’s anything like Social Security fraud.
What if we’re affected by a corporate data breach like Marriott or Equifax?
Cornell: Change your password. Check your bank accounts, credit cards, email, anything else that’s related to your transactions and communications with the company. Read through the literature that the company sent you about the breach. What was affected?
If your Social Security number was involved, check your credit report. You can use something like LifeLock or CreditKarma. Put a freeze on your credit.
What if our email account is hacked?
Cornell: Contact the company immediately. Alert anyone who might be affected, like friends and family.
Also, be aware of any signs that someone you know has been hacked. If you ever receive messages from friends and family requesting money, be suspicious. Or you may start getting weird, spam-like emails from them.
MacDonald: I’d also add: Review your friends and connections on social media, say once a year or so. If you see anyone posting things that may not be legitimate, remove them. I have found folks on my feed who have gotten into serious criminal trouble. In real life, if someone you knew robbed a bank, would you invite them over for dinner?
One word we haven’t heard yet is “backup.”
MacDonald: Everyone should have redundancy or backup. Back up your systems routinely, and make sure your backup is secure. Whether you have a Mac or Windows, you can buy an external hard drive for your computer, or use a cloud-based backup solution. Be disciplined: Set reminders for yourself to plug in your external drive and do a backup, or automate your cloud backup.
Could that help if you get hit by ransomware like WannaCry, which locks down your computer and encrypts your files unless you pay the ransom?
MacDonald: When you restore your backup, it’s like the ransomware never happened. Companies hit most severely by ransomware typically did not have a recent and/or adequate backup. Some of these companies would rather pay the ransom than lose that week of work. There are actually companies out there that help individuals and companies negotiate a lower ransom.
You’re not seriously suggesting that people pay ransom?
MacDonald: There’s no guarantee that you’ll get your files back, but keep in mind: These criminals are actually running a business and have a reputation to maintain, as strange as that sounds. If they didn’t give you back your files, the word would get out not to pay the ransom. That would hurt their business. They often demand payment in a cryptocurrency like bitcoin to make it much more difficult to trace.
Gilder: Then again, you don’t know for sure that they will let go of your computer. Also, they could give you back your files, but put a new virus on there and lock everything down a week later.
Cornell: A lot of ransomware happens because people didn’t install security patches, or kept using old operating systems that aren’t supported anymore. These are full of vulnerabilities that make you an easy, easy target.
Once again: Stay up to date on your security updates!
MacDonald: It is also important to note that, like viruses, a lot of ransomware attacks are self-inflicted. That is, users often download a suspicious application or e-mail with a malicious payload. This could be completely avoided with the necessary technical common sense and awareness.
Next time: Technologies, tools, and limits to sharing
Miss any of our previous installments? See Parts 1 through 5:
1: Our own behavior and how it puts us at risk
2: Protecting yourself without becoming a shut-in
3: Privacy? What privacy?
4: The antisocial side of media
5: Assume you’re not safe. Proceed from there