“There’s not a ‘one and done’ solution for cybersecurity, no silver bullet as we like to call it. With cyber, there needs to be continuous care and feeding of the program. It’s a program that requires ongoing improvement.” -Zaki Abbas
Throughout the state of California, students, parents, teachers, schools, and businesses have become increasingly dependent on the internet to learn, to connect with each other, to shop, and to be entertained. This interconnectedness has opened vistas of possibility for collaboration and for new ways of distributing and consuming information and culture. A home with an internet connection can become a theater, library, meeting place, and shopping mall. While the internet and its related technologies are an amazing advancement, they come with some hazards as well, such as viruses, identity theft, and ransomware. We must balance our consumption of, and participation with, online content against a healthy dose of cybersecurity.
Cybersecurity is not just a concern of multinational corporations. Nor is it only achievable with an astronomical IT budget and a gang of highly skilled experts working 24/7. It is, however, an ongoing, continuous process that must be actively engaged in by all users in a given network. Cybersecurity must exist in layers; it is a posture, not a destination.
Cyber Hygiene Basics
Cyber hygiene is the solid foundation for a healthy cybersecurity posture. It is a collective of practices and principles that, regardless of network or device, help to keep you secure online. Here are some practical tips to keep you safe online:
- Use strong passwords. Password strength refers to the effectiveness of a given password against guessing or ‘brute-force’ attacks in which a computer program attempts to authenticate using a dictionary of common passwords or phrases. These guesses can happen as fast as thousands of times per second. As computers become more efficient and powerful, so too do brute-force attacks. This means that passwords that were once considered strong are not so any longer. When creating your password, first learn what the requirements are for the service or site (how many characters minimum, any requirements for capitals, numerals, or other special characters, etc.). You can use this information and a password generator to create strong passwords. Or you can develop the habit of creating password phrases that are easier to commit to human memory but harder for computers to guess. A humorous illustration of this technique can be found in this XKCD comic.
A good password should be a mix of letters, numbers, and symbols. Avoid using easily guessable information like your name or birthdate. Consider using a password manager to keep track of all your passwords securely.
- Don’t recycle passwords. Recycling passwords is the practice of using the same password for multiple contexts or using a base password with only minor variations. It is understandable why people would adopt this strategy. According to a survey conducted by NordPass, in the three years leading up to 2024, the number of passwords that people use on average has increased 70%. The average number of passwords that a single user has to keep track of is now 168, and 87 of those are business-related accounts.
With that much information to keep track of, password recycling seems like an efficient strategy. In fact, Google polling has shown that 52% of users re-use the same password for different accounts. Unfortunately, any gains in efficiency are offset by the dangers of credential stuffing, or attacks where large collections of stolen passwords are used to try to gain access to a system.
Imagine if you used the same login and password combination for Facebook and your online bank. If Facebook is compromised, the hackers who are responsible not only have your Facebook login but your bank login as well. If you use the same login and password for all your accounts, you can imagine how damaging a single compromise of any of those services could be to you and to your organization.
- Use 2 factor authentication (2FA) whenever possible. Two factor authentication (2FA) is a technique which augments passwords with a second authentication mechanism that is randomly generated and delivered at the time of authentication. Whether it is a passcode sent via email or text message, or information provided by an authenticator application or device, 2FA helps minimize the possible disruption caused by an unauthorized user getting access to your passwords.
- Keep antivirus software updated and active. Antivirus software is like a shield that protects your computer from malware and viruses. It scans your files, blocks harmful downloads, and alerts you to potential threats. Make sure you have reliable antivirus software installed, and keep it updated.
- Make sure that your devices’ operating systems and applications are updated. Software updates aren’t just about getting new features—they also fix security flaws that hackers can exploit. Make sure your operating systems, antivirus software, and apps are always up to date. Turn on automatic updates so you don’t have to worry about missing any important patches.
- Periodically review installed applications. On both computers and mobile devices, such as tablets and smartphones, it is good practice to regularly review installed applications. Verify that you only have applications that you intended to install. Remove any applications that you have stopped using or were only trying out. Fewer applications means fewer potential vectors for attack, fewer updates, and fewer third parties that may have some of your personal data.
- Backup your data. Even with the best precautions, there’s always a chance something could go wrong. Regularly backing up your files ensures that even if your computer gets infected, you won’t lose your important data. Use cloud storage or an external hard drive to keep your backups safe.
- Cultivate healthy skepticism. The anonymity of the internet and its transcendence of geographical location creates a potential for misinformation and misrepresentation. Many cyber threats are more psychological tricks than technological compromises. As Artificial Intelligence (AI) has become more prevalent, it has become harder to tell the difference between the real and the artificial. Bring a healthy skepticism with you when you venture into cyberspace.
Viruses and Malware
Malware and computer viruses are types of harmful software designed to damage or control your computer. They can steal your personal information, slow down your device, or even lock you out of your files. Hackers often use tricky methods to spread these threats, like fake websites, emails, or even social media links.
- Limit what you do on public Wi-Fi. Public Wi-Fi networks, like those in cafes, libraries, or schools, are super convenient, but they can also be risky. Hackers can easily intercept data on these networks, putting your personal information at risk. Here’s how to stay safe:
- Avoid Sensitive Transactions: Don’t access your bank account, make online purchases, or enter sensitive information while using public Wi-Fi. Save those tasks for when you’re on a secure, private network.
- Use a VPN: A Virtual Private Network (VPN) encrypts your internet connection, making it much harder for hackers to see what you’re doing. If you often use public Wi-Fi, consider using a VPN for extra security.
- Forget the Network: After using public Wi-Fi, make sure to disconnect and “forget” the network. This prevents your device from automatically reconnecting to it in the future, which could expose you to risks.
- Turn Off Sharing: When you’re on a public network, turn off any file sharing or printer sharing features. This minimizes the chances of someone accessing your device without your permission.
- Don’t click on links or download anything unexpected. Not everything online is as it seems. Hackers often disguise malware as something harmless, like a free game, a funny video, or an interesting article. Think twice before clicking on a link or downloading a file. If something seems too good to be true, it probably is. Stick to trusted websites and be cautious about opening email attachments or clicking on random pop-up ads.
- Unsolicited support should make you STOP. One of the most common online scams is the “Microsoft Support” scam. This scam usually begins with a pop-up message on your computer that looks official and claims that your device is infected with a virus. The message may urge you to call a phone number for “Microsoft Support” to fix the problem. In reality, this is a scam designed to trick you into giving away your personal information, paying for fake services, or allowing scammers to access your computer. If this happens to you, follow this general advice:
- Don’t Panic. Scammers rely on fear to trick you into making quick decisions. If you see a pop-up message claiming that your computer is infected, don’t panic. Take a deep breath and remember that legitimate companies like Microsoft will never ask you to call them through a pop-up message or ask for payment to fix a problem this way.
- Close the Pop-Up Safely. Never click on any buttons or links within a suspicious pop-up message. Instead, try to close the window using the “X” button in the corner or by pressing “Ctrl + Alt + Delete” to open the Task Manager and close the browser. If the pop-up won’t close, restart your computer.
- Do Not Call the Number. The pop-up may provide a phone number for “support.” Never call this number. Scammers on the other end of the line might ask you to install software that gives them control of your computer or ask for your credit card information. If you ever need technical support, contact the company directly through their official website or other support channels.
Phishing , Smishing, and Quishing
Phishing, smishing, and quishing are three common online scams designed to trick you into giving up personal information, and it’s important to know how to spot and avoid them.
Phishing is when scammers send fake emails pretending to be from trusted companies like banks or social media sites. These emails often look official and urgent, asking you to click on a link to “verify your account” or “reset your password.” But clicking on these links can lead to websites that steal your login details or install harmful software on your device.
Smishing is similar to phishing but happens through text messages (SMS). You might get a message that looks like it’s from your bank, a delivery service, or even a friend, asking you to click a link or call a number. Just like phishing, smishing is designed to trick you into giving away personal info or downloading malicious apps.
Quishing is a newer scam involving QR codes. You see QR codes everywhere these days—in restaurants, stores, and even on posters. Scammers create fake QR codes that, when scanned, lead to dangerous websites or download harmful files to your phone. Since scanning a QR code is quick and easy, it’s important to think twice before doing it.
How to Protect Yourself
- Be Skeptical. If something feels off or too good to be true, it probably is. Don’t trust messages or emails just because they look official.
- Check the Source. If you get an unexpected email, text, or QR code, don’t click on any links right away. Instead, go directly to the company’s official website or app to verify the information. If the message claims to be from someone you know or work with, verify the message with them through a separate communication channel. If you receive a suspicious email or text, contact the person separately by phone, text, or email.
- Don’t Share Personal Information. Never give out personal details, like passwords or credit card numbers, through links or over the phone unless you are 100% sure of the source.
- Look for Red Flags. Phishing, smishing, and quishing attempts often have spelling mistakes, strange sender addresses, or generic greetings like “Dear Customer.”
By staying alert and following the above tips, you can avoid falling for these scams and will therefore keep your personal information safe. Remember, it’s better to be cautious than to become a victim.