This article was originally posted at http://mse238blog.stanford.edu/ as an assignment for course MS&E 238 at Stanford University 2017.
Last Friday, Steve Harrod, Managing Director at General Catalyst, visited us in class and gave a talk on Cybersecurity. He brought up subjects such as the fact that the more connected our homes are, the easier it is for people to hack into our lives and how social media increases the risk of being hacked. Today, one in every three Americans get hacked each year and 18-24 year olds are the most likely to fall victims . So as tech savvy students, we can and should protect ourselves, which is why I’m going to share a couple of tips that might help.
To think about when sharing – offline.
Information on your physical devices such as your phone or computer is the easiest to access when the device is in the hands of a hacker. Because of this, it is important to keep your physical devices in safe storage when you don’t have them with you. If you live in a residence where people pass by, don’t let them lie out in the open when you’re not there.
It is also important that you keep your passwords to yourself. Even your best friend shouldn’t know them. Make sure to not write your passwords down anywhere, you can use a software such as 1Password or LastPass to help you keep track of your passwords instead. Another password tip is to make every password unique, and make them difficult to guess. This means no pet names, no birthdays and no 1234s. If you can use two-factor authentication, do that!
To think about when sharing – online.
We all know Snapchats disappear after 10 seconds, but a push of two buttons and someone has saved it forever, so make sure you only share content you’re comfortable with being in someone else’s hands. Because as the saying goes; Internet never forgets.
Social media is a common platform to share what we love, and it’s a great way to keep in touch with our friends. But as soon as information is public, anyone has access to it. More and more common are cyberattacks where someone pretends to be a person you should know because of common interests or because you attended the same school. As we share more information like this on Facebook, LinkedIn and Instagram, scammers can more easily manufacture identities that we could trust.
If you want to go even further, I would recommend to not use Facebook for signing up on new websites. The convenience of this option is great, but companies actually get much more information about you from Facebook than you would think (and might want). However, if convenience is important to you, you can click Edit in the Permission screen the next time you sign up with Facebook, and you’ll be able to see exactly what data is shared about you. Here you can also choose what information you don’t want shared with the company.
To think about when you get an email.
The odds are high that you’ve already received a phishing email, asking you to update your credit card information or your password, looking like it’s from a provider you’re using or someone who says they went to high school with you.
There are some things that you can keep an eye out for in these kind of emails. The obvious ones are of course when you don’t know the service or the person who’s sending the email – and that the email is flat out poorly designed or has misspellings. Other than that, look at the Sent from email address. If the email “pretends” to be from The Service, the from-address will end with something else than @theservice.com.
Another sign is that the introduction says “Dear The Service member” or “Hi The Service customer”. This is very generic and is used by scammers to trick you. Usually these services know your first name, however, and they would use that in the introduction.
The last trick to use is to hover any clickable image or text and check where it would take you. If it’s not to theservice.com/… then you should be not click it. Depending on your browser, you can check the hover link in the bottom left corner or by right clicking on the link.
To think about when you’re on a website.
There are a few other details that can be important to keep track of. And you don’t have to be technical to understand them. One of them is “the https”. If you find yourself on a website where you need to register any private information, such as banking or credit card, check that the domain starts with https, not only http, and that there is a little green lock on the left of your domain.
If a website doesn’t have this, it means that the information that gets sent between the website and the server, isn’t encrypted. And that’s bad. Because that means it’s much easier for a hacker to get ahold of the information you’re typing into a website.
Principal Offensive Security Consultant at Cybersecurity organization