Top 5 Cybersecurity Tips for iSchool Students
Published: October 28, 2024 by Gabe Farmer
Cybersecurity Awareness
October is known for spooky tales, but what could be scarier in today’s digital age than having your personal information stolen? October was declared Cybersecurity Awareness Month 20 years ago in 2004. In this digital age, we have so much of our personal information accessible online, but it is easy to feel a sense of anonymity on the internet. Maybe you have even thought, “I’m not anyone important, why would a hacker target me?” Dr. Crystal Fausett, iSchool Assistant Professor, says this can be a false sense of security.
“When people think about getting hacked, they think there’s going to be a big red screen on their computer, or there’s going to be skulls and crossbones[...], but most of the time when you’ve been hacked, you won’t even know. Meanwhile, bad actors will have information about you, whether it is a password you use across your different websites, your banking information ID, or valuable personal health information.”
Today, we will consult with Dr. Fausett and Dr. Frank Cervone, iSchool Lecturer and BSISDA Program Coordinator, to highlight five key tips for securing online information.
Tip 1: Use Strong, Unique Passwords and a Password Manager
Passwords are your first line of defense, and weak passwords are a hacker’s easiest target. We all know the frustration of the dreaded “it’s time to change your password” email, but using strong, unique passwords that you regularly change is one of the most important steps in protecting your online information.
The US Cybersecurity & Information Security Agency (CISA) recommends that all of your passwords follow these three guidelines:
Make them long.
CISA recommends passwords of at least 16 characters. Brute force hacking attempts can attempt to guess your password thousands of times a minute, but every additional character significantly reduces the odds of a successful attempt. “Longer is Stronger!”
Make them random.
While it can be tempting to use the name of your favorite pet, a significant other, or a nickname followed by your birthdate, those are the first options a sophisticated hacker will try. CISA recommends you use one of two options.
- Use a string of random mixed-case letters, numbers, and symbols such as 5SfK#1M5Qe80.
- Use a ‘passphrase’ of four to seven unrelated words. This could be something like ‘DogBalloonGravyPoliteDrive’.
Using these methods makes the odds of a hacker guessing or ‘brute forcing’ your password highly unlikely.
Make them unique.
Unfortunately, it isn’t good practice to create one fantastic password for all of your accounts. Using shared passwords across accounts opens you up to one small data leak, leaving you completely vulnerable.
Instead, consider using a different, unique password for each account. Because what’s worse than someone having access to your email account? Someone having access to your email account AND your bank account.
Password Management Tools
“Even having all of the knowledge in the world about what passwords should look like, we don’t always follow those rules,” says Dr. Fausett.
Passwords that follow the CISA guidelines are challenging to remember. Luckily, there are many options for trusted password managers available for use. Password managers are tools that store and encrypt all your passwords in one secure place.
LastPass is a password manager that ensures that each account or application password it manages is strong and unique and synced across all of your devices, so you don’t have to remember them. Best of all, SJSU has partnered with LastPass to offer its premium version to students at no cost! You can learn more about LastPass and sign up here.
“Getting that password manager, then actually taking the time to sit down and redo all of your bad passwords, I think that is the critical first step.” – Dr. Fausett
Tip 2: Enable Two-Factor Authentication (2FA)
You may have seen it referred to by many names, such as multifactor authentication (MFA), Two-Factor Authentication (2FA), 2-step verification or other terms. Regardless of the title, it all boils down to proving you are yourself through two different methods.
As iSchool students, we should all be familiar with 2FA as it is required for logging into Canvas through the Duo Mobile App. Beyond SJSU systems, many popular services like Gmail, banking apps and social media platforms now offer 2FA, making it a widely adopted security standard. A secure 2FA process should require at least two different authentication methods from the image above.
It’s easy to see why 2FA is such a powerful security tool. A hacker may gain access to your password, but if they don’t also have your cell phone or your thumb, they won’t be able to access your accounts.
Tip 3: Keep Software and Devices Updated
Believe it or not, software updates aren’t just there to provide you with the latest AI integration shoehorned into your grocery store app. Hackers frequently target known vulnerabilities in outdated software, which makes keeping your devices up-to-date one of the easiest ways to protect yourself. Software updates are regularly released to patch security weaknesses, but they can’t help if you don’t download them.
Next time you think about hitting that “Remind me later” button for the 12th time because you’re in the middle of writing a paper, follow up later to ensure that your update successfully installs. “There is a lack of clear communication with users about the risk of having that outdated software. Setting your updates to automatic is a great way to stay on top of things,” says Dr. Fausett. Software that is no longer supported or updated should be retired from use as soon as possible.
CISA mentions two caveats here to be careful with when updating your software. First, you should always attempt to download software updates over trusted networks such as at your home or work. If you must use an untrusted public network to download an update, you can use a Virtual Private Network (VPN) to increase your safety.
“Whenever you use wireless on an open public network, you should use a VPN. If you don’t have a VPN it is very easy to monitor the traffic between your device and the wireless access point. The next thing you know, they could empty out your bank account with something like a Zelle transfer.” – Dr. Cervone
The second caveat is to be careful where you download your updates. Software updates should never come through links that have been emailed to you. Always find the latest versions through your app store or trusted vendor websites.
Tip 4: Be Cautious with Email Links and Attachments
Phishing: Don’t take the bait! Who among us has not received the occasional obvious, poorly worded, and grammatically incorrect email phishing attempt begging us to click a link or download an attachment? Don’t let your guard down.
Some phishing attempts can be surprisingly sophisticated and look like they’re coming from a trusted source. They may even pose as colleagues or coworkers asking you to check something out for them.
Be cautious with any unsolicited emails, text messages, or even tweets containing links or attachments. When in doubt, it’s a good idea to contact the person through a different contact method to verify the legitimacy of their request.
Dr. Cervone says that if you happen to fall for a phishing attempt, you should immediately run your virus protection software. “The next thing, of course, would be to go and change your passwords. If you entered information about an account, immediately change that information. If, for example, it is a banking account, immediately contact the bank to let them know.”
Even the most secure people can be caught off guard by a good phishing attempt, which is why SJSU provides a detailed guide to spot them!
Tip 5: Reign in App Permissions
If you have an iPhone, you have probably seen the popup that says, “Allow ‘This App’ to track your activity across other companies’ apps and websites?” Hitting ‘Ask App Not to Track’ is a great first step, but there are other ways that applications can use, store, track and even sell your information.
“When you download an app it will ask ‘Can I have this permission, can I have that permission.’ I think this is a significant issue because once you give those permissions to the app, it will begin to collect information about you and all of your contacts,” says Dr. Cervone. “For example, turn off services in the apps on your phone that aren’t needed, such as unlimited access to your contacts. Most apps do not need this and only collect it to mine your data.”
On the iPhone, you can review what apps can access your information by going to Settings > Privacy & Security.
The same can be done on Android through Settings > Security & Privacy > Privacy > Permission manager.
Taking Charge of Your Cybersecurity
With these five easy-to-implement tips, you are already on your way to a more secure online presence. By investing some time into ensuring you’re following these guidelines, you can save yourself countless hours of headache from a potential security breach. Of course, there are so many more things you can learn about your cybersecurity. For more tips and resources, visit SJSU’s Center for Artificial Intelligence and Cybersecurity (CAIC).
Comments
Post new comment