October is National Cybersecurity Awareness Month, and it began with a sobering reminder of what’s stake—another big breach affecting our personal data.
This time it was Facebook, which this fall disclosed that an attack on its system affected 30 million users. Detailed information—what they searched, where they were—was stolen from the Facebook profiles of about 14 million of those users, The New York Times reported.
A breach at that scale is beyond our control as individual internet users. But there’s a lot we can do to protect ourselves. Two experts from Illinois State University’s information security office stopped by GLT’s Sound Ideas to share 5 things you can do right now.
1. Never re-use your user ID and passwords across multiple applications.
Kevin Crouse, ISU’s director of information security and data protection officer, says you should mix it up. If you don’t, a hack of one service may expose you across multiple services.
Password management tools like LastPass are one way to keep track of all those different usernames and passwords.
“Generally speaking, (that's) a whole lot safer than writing them down on a Post-It note under your keyboard or a piece of paper in your wallet,” Crouse said. “If you’re trying to protect your entire self, having multiple passwords for every application—it’s hard for most people to remember one or two passwords, let alone 30 or 40.”
2. Never give out your user ID or password over email or the phone.
This one is easy: No matter how legit they sound, if someone from your “IT department” calls or emails asking for your user ID or password, it’s bogus. Crouse says ISU’s Administrative Technologies crew never does that, and the same is true for IT support units at other big local employers.
3. Use long and complex passwords.
Crouse said pass phrases are the way to go. How long? More than 20 characters. And sprinkle in some numbers, special characters, and spaces to really mix it up.
An example: thedogJumpedOverthem88n$
“Password strength is all about a term called entropy, or the degree of randomness,” said Seth Pheasant, lead information security analyst at ISU. “Just having a long password is really the most security-enhancing thing you can do. Because by adding each character, you’re actually exponentially increasing the security of it. If you were to just capitalize a letter, that’s only one switch in entropy. Whereas if you add in a whole other letter, you’re completely changing the calculation of how many possible passwords you’d have to try to guess that.”
4. Know what you’re giving up.
Crouse and Pheasant both encourage you to spend some time looking at what data tech giants like Facebook and Google are collecting about your online behavior. You may be OK with what they’re collecting, or you may not be. The only way to know is to check.
Pheasant recently deleted his Facebook account, but only after downloading his full set of personal Facebook data to see what was in there.
“I was pretty shocked to see the various data points,” he said. “They had entire call records. Who I called, at what time, for how long, the phone number, the contact name. This is all used to build a profile around you. To protect yourself online is to be conscious about what you’re sharing and knowing how companies are going to be using this data to build profiles around you and eventually sell that to other companies.”
5. Devices are not immune.
Don’t get lulled into a false sense of cybersecurity just because you spend most of your time on your iPhone. There’s no such thing as a 100 percent secure device, Crouse said.
Pheasant recommends encrypting any mobile device that you use—phones, laptops, whatever. For most phones, that’s as easy as using the device’s passcode feature. You can also Google your specific phone model to learn how to manually adjust encryption settings.
“Having your data encrypted gives you that extra peace of mind that if someone does end up with your phone, they won’t be able to take all your personal information off that device,” Pheasant said.
People like you value experienced, knowledgeable and award-winning journalism that covers meaningful stories in Bloomington-Normal. To support more stories and interviews like this one, please consider making a contribution.