As Cybersecurity Awareness Month closes, we talked with members of the University of Iowa’s Information Security and Policy team to learn how they manage cybersecurity threats in their daily lives. Read on to discover how you can do what the pros do.
“Be intentional about what you share”
Senior IT security analyst Warren Staal came to information technology from the humanities. So, it’s not surprising that he’s especially attuned to the human element in cybersecurity—how we choose to use technology and why we sometimes let down our guard.
Question: If I came to you and said, “I want to do a better job of protecting myself online,” what’s the first thing you’d advise me to do?
Warren Staal: Be mindful of what you share. Don’t give away too much information on Facebook or other social platforms. Remember that any information you put out is basically accessible to anyone, including would-be attackers.
Q: We encounter a lot of innocuous looking quizzes online, especially on social media. Is that partly what you’re talking about?
WS: Yeah. Whenever a quiz or a survey asks you for any information, try to look at it from the perspective of the people or company behind the questions. In a lot of cases, they want to monetize whatever data you willingly provide. Think about where that data might be going and what it might be used for.
Q: The apps we use also can compromise our privacy, right?
WS: For sure. Be intentional about downloading and using apps. Understand that the apps on your devices talk to each other and share information. Any info they collect can help advertisers, for example, build your profile and target messages.
Q: Are there particular types of software you recommend for protecting privacy and security?
WS: The main thing I’d recommend is keeping your devices up to date. Run the most current versions of the operating systems and applications you use.
Layer your defenses. Antivirus software included with your computer or device can be one of your layers. So can your firewall settings—be sure they’re turned on. Third-party antivirus programs or VPNs (virtual private networks) can be additional layers, but it really depends on what you’re doing and your comfort level with the technology.
Q: What other defensive steps do you recommend?
WS: Backing up your data is essential for good cyber-hygiene. If you have a backup, reimaging or reformatting your device is trivial—you know where all your data is. If you don’t have a backup, it’s much more difficult to address security compromises.
Be mindful about cybersecurity whatever you’re doing. Stay current and informed about the technology you use. Know what apps you have installed and what they do. And again, think about the data you provide and how it may be used.
“Attacks happen to a lot of people—don’t be embarrassed”
IT security architect Nikki Cardenas discovered the cybersecurity field as an Iowa student. While her work focuses on enterprise-scale threats, it also informs her own practices and the guidance she shares with family and friends.
Question: What’s the number one thing I can do to better protect my personal info and data?
Nikki Cardenas: I think everyone should consider a password-management program. Having a password manager makes it easier to create different passwords for different services.
There are a lot of different products with great features. For my parents, I got a password manager with a family plan. That way, I can help them recover their passwords if they lose their master password or access their accounts in an emergency.
Q: When you create a password, do you come up with one on your own or let your password manager generate a secure option?
NC: I mostly use randomly generated passwords. But if I know I’m going to have to type a password a lot, I’ll create one that’s long and complex—at least 25 characters, if possible. I always go for the maximum permitted.
Q: What should we consider before downloading and installing new apps? How careful do we need to be?
NC: Be careful where you’re downloading from. For example, if you want to download the Chrome browser, download it directly from Google rather than some random website. We see free software downloads bundled with malware, so you really want to go to legitimate sources.
Q: Are some web browsers better than others when it comes to security?
NC: All the major browsers have good security features. More important is making sure you keep the browser you use up to date.
One general browser tip: I don’t recommend storing any of your passwords in your browser. If you get compromised, some malware will try pulling your cached passwords, your saved credit cards, or other data stored in your web browser.
Q: If I think my computer has been compromised by malware, what should I do?
NC: Don’t use that machine until you’ve had a security expert check or rebuild it. Meanwhile, change your passwords on another device, not the one you think may be compromised. Turn the compromised device off until a security expert can assess it.
You can get hit with malware and have no idea. These attacks happen to a lot of people—don’t be embarrassed. Just get help as soon as possible.
Q: What if I hear a site I use has experienced a data breach? What should I do then?
NC: There are different kinds of breaches. Some might leak personal info like your name, address, or even Social Security number. Others might leak your username and password. Regardless, I recommend changing your password and activating two-factor authentication if it’s available.
You also can reach out to the affected company to see if they’re offering credit score monitoring or a service like LifeLock in response to the breach. In some cases, you might want to proactively freeze your credit with Equifax, TransUnion, and Experian.
Q: What’s one cybersecurity myth or misconception you’d like to clear up?
NC: The idea that Apple devices don’t get malware. That’s false. There’s been a significant increase in malware for Macs and other devices over the past few years.
The National Cybersecurity Alliance offers more consumer-oriented tips for managing online security. If you believe a university-owned computer or device you use has been compromise—or if you have other work-related IT security concerns—contact your local IT support or the ITS Help Desk.