Cybersecurity for everyone

Posted: January 31, 2019


Increasingly, our critical information is pouring into technology. Phones and tablets. Banks and Amazon. Cars and drones.

Do you know who has your Social Security number, your bank account information, your passwords?

The guy next door? The Russians? The dark web?

If you don’t know, you might have something to worry about. Protecting your data takes education, awareness and understanding, said Bryan Choi, an assistant professor in the the Department of Computer Science and Engineering and the Moritz College of Law.

Choi explains why the effort is worth it.

Q: Why is cybersecurity so crucial?
A: Digital devices are embedded in our lives. It’s no longer just computers and laptops; these devices are coming into our homes, our cars and other private spaces. You can’t live without computer technology touching your life, and yet most of these devices are being released without enough attention to software safety or security. The stakes are going up and we don’t have any enforceable minimum standards.

Q: What are some online safety basics people should know?
A: The first step is data minimization. When someone asks you to share extra data such as a Social Security number, a picture or an email address — ask yourself, why does it need to be on the internet? Why do you need a smart device listening to your conversations at home? Is that something you are comfortable with? Find out how your data can spread and what the risks are. 

Of course, none of us can live a life of data abstinence. So the second step is to develop good data habits.

Q: What are some ways people can protect themselves?
A: Practice good computer hygiene — update software, pay attention to security alerts, stay aware of issues that could happen. Don’t click on spam, and don’t click on suspicious links. If an email has a bunch of typos, or seems like it is out of character with the type of communication you normally see from a person, don’t do anything it asks and forward it to an IT specialist. Pay attention to clues that something is amiss.

The Electronic Frontier Foundation maintains excellent resources on tips and tools to use for self-defense:

Get a password manager app or have an equivalent system that generates strong passwords across all the websites you use.
Install browser extensions that protect against malware.
Learn what incognito mode does and does not do.
Avoid installing apps from untrusted sources; be aware that many software publishers are willing to cheat and deceive you to access precious data on your phones and computers, even after you uninstall their apps.
Maintain regular backups of your important files in case of a ransomware attack.

If you have the opportunity, take a basic programming class so you get a grasp of how software works, why engineers make certain design decisions and how code can go wrong.

Q: What exactly are hackers after?
A: It depends on your definition of hacker.

We tend to think of hackers as anonymous strangers. It’s true there are plenty of those. The most sophisticated attacks are carried out by, or on behalf of, U.S. or foreign governments who want intel they can use for tactical advantages. Other motivations can include financial profit, vigilantism or vandalism. These broad-scale attacks, which include data breaches, are very common, but their effect on individuals is difficult to assess. The chance of being singled out from a pool of millions is relatively small, but the cost of being targeted can be dreadful. A good source to read up on cyberattacks is Brian Krebs on Security.

The most common cyber threats will likely come from the people closest to us. When an ex-partner, family member or friend is angry and wants revenge, they can use your devices and your intimate information to hit you where it hurts most.

Q: So should we panic when we hear about security breaches with companies that have our information?
A: It’s absolutely concerning. But it’s such a big problem, and the internet is too useful to give up, that panic is probably not the right reaction. Instead, we should be looking for solutions that push the industry as a whole to improve its data security practices.

Those efforts can be made at either the state, national or international level. We will need many more people who can bridge computer engineering and law and policy to coordinate this campaign.

from University Marketing's Ohio State Insights