Q&A: Keeping Your Computer and Personal Information Safe

Before Americans fire up their devices for Cyber Monday, they may want to heed the message of International Computer Security Day, observed on Saturday, Nov. 30. This unofficial holiday encourages people to secure their computers and personal information.

 As long as — and even before — the internet has existed, efforts to hack networks and steal personal information have confounded and challenged security experts.

As a graduate student at the University of Denver, Nate Evans (MS ’10) immersed himself in issues of computer networking and cybersecurity. After working at Symantec, the company that created Norton antivirus software, Evans returned to DU, this time as a member of the faculty, teaching and researching cybersecurity. In a Q&A with the DU Newsroom, he shared his advice for keeping personal information personal.

Let’s start broadly. What’s one easy thing people can do to keep their personal information safe?

There are a number of relatively simple best practices that people can use to help keep themselves safe online and on their computers in general.

• Use a password manager. One of the big risks for most people is password re-use across multiple sites. Things like using the same password for work and home email accounts or simply using insecure passwords for throwaway accounts. Remembering many different passwords and coming up with unique and secure passwords is something humans just aren’t good at. A password manager helps make sure your passwords are strong and also helps you keep track of different passwords for the various sites and accounts we all have.
  
  Editor’s note: The University of Denver recently began offering its employees free access to LastPass password manager. Click to learn more.
   
• Keep your systems up-to-date. An unpatched Windows machine is to an online attacker like an open front door is to a burglar. Most systems will attempt to get you to opt in to automatic updates, and this is the easiest way to make sure your system isn’t at risk to known attacks.
• Pay attention to URLs. When shopping, or really doing anything online, look at your browser bar. Check to see if the address starts with https:// (or there’s a little lock icon to the left of the URL), the URL matches the site you think you’re at (e.g., www6.amzn.net vs. amazon.com). When in doubt, you can view the security info for the site (click the lock or icon to the left of the address bar) and make sure the information matches the site you are at.

What unique security risks are associated with online shopping?

Online shopping is generally as safe a way to shop as using your credit or debit card anywhere. However, there are some unique risks, usually from fake sites or fraudulent “deals” that don’t exist. The best way to protect yourself is to only shop from trusted companies and sites. It’s easy to set up a completely fake website that purports to sell products at a discounted price, but these will usually be companies that you have never heard of. Shop well-known companies (Target, Walmart, Amazon, Best Buy, etc.) and make sure the sites are legitimate before making purchases and you should be safe!

More and more web traffic is coming from mobile devices. Is mobile security any different than desktop or laptop security?

Certainly mobile security is different than “normal” computer security. Mobile ecosystems are much more locked-down than desktop/laptop operating systems, which is often actually better for security, because installing apps on mobile devices is restricted to vetted app stores, where the providers try to prevent fraudulent apps or malware from being installed.

On the flip side, privacy is often reduced on mobile devices, where applications may require access to your mobile device data, contacts, location and more in order for you to use them. Companies like Facebook and Google (and many others) are able to harvest this data to target ads and monetize your activities much more easily than on a typical computer. Just be aware of the fact that almost anything you do on a mobile device is probably being monitored in one or more ways.

How can consumers stay on top of the latest threats in a rapidly changing tech landscape?

It’s really hard (almost impossible) for anyone to be aware of what threats are out there. We usually don’t find out about attacks until they have already occurred or are well under way, unfortunately. The nature of software includes flaws, and there is a constant cat and mouse game between attackers and security personnel. The best recommendation is to keep your system software up to date, pay attention to your accounts and charges, make sure you have security software installed, and try to be vigilant in recognizing suspicious messages or activity.

Any other “musts” for people to keep their personal information safe?

Use multifactor authentication wherever possible. This is common for many sites and accounts already, where you get a text message or use a security app to generate a one-time code required before logging in. This is a simple way to prevent attackers who may get or guess a password from being able to access your online accounts.

Ignore unsolicited requests for information. We’ve probably all seen pop-ups from sketchy websites or on our computers alerting us to security issues like “your computer is infected” or “click here to scan now.” These are the obvious ones, but attackers are trying to get you to initiate contact with them, so they can then socially engineer you into divulging information or paying for an unneeded service. Generally, unless you initiated the contact, you should never click, call or otherwise engage with these requests. If in doubt, look up the contact information for the purported company or service. Often a Google or Reddit search will turn up people who have had similar experiences (and were usually scammed).