
Stay Secure Out There
I recently graduated with my Master of Science in Cybersecurity. It was a two-year program that I completed in one year. I learned so much in give-or-take 365 days, that I couldn’t help but share my part in how to stay secure online.
So here we go.
My top five tips to stay secure in our cyber world.
- Be Aware.
In the age of social media, it is no shock that people are willing to share very personal details of their lives. I often see friends posting on Instagram about a new house purchase - tagging photos with a location in front of a white picket fence that includes their street number. Often, it has taken me no more than 10 minutes to find their exact house on Zillow.
TIP: I love the ability to stay up-to-date with friends and family who live near and far, but there are ways to be aware about the kind of posts being shared with all your cyber friends. One trick is to download an app (such as Meta Remove) that can remove the EXIF metadata. EXIF metadata can include traits such as GPS coordinates, date, time, camera settings, etc.
OVERALL: Be aware that anything posted or shared online is available for more eyes than you would assume. My tip is to only share information that you wouldn’t mind seeing on the national news.
2. Delete does not mean delete.
Deleting data is not as simple as you may think. Let’s look at files on our computer. When you create a file and hit save, the computer has a certain process for saving that file. This process is determined by it’s Operating System (OS). A Window’s OS, for example, does two things when saving a file.
First, it allocates disk space for the file in what is known as clusters. Clusters can hold a certain amount of data. For simplicity’s sake, let’s say that your file takes up one cluster (For the curious: the OS allocates about 32,000 bytes for a file on a 1.6 GB disk).
Second, the location of the file is stored in a specific file table. This is similar to the index of a book that tells you where to find a particular word or topic.
Ok, so what does this all have to do with delete? When we delete the file we are working on, we see the file go to the trash or recycle bin and disappear from our site. Behind the scenes, the OS is actually putting a special marker on the file that says ‘you can now override this document because it is not needed.’ Until that file gets overwritten with a new file, it actually still remains on the disk.
Similarly, companies have their own ways of ‘deleting’ data in their databases depending on their systems and set-up. At times, this data can still be retrievable after it is deleted.
TIP: My mom told me that she had an online account that had her credit card information saved for an easy check-out. She wanted to delete the account, so it no longer had her information. My advice to her was: before deleting the account, use a fake credit card number or an old gift card and save that as your credit card information - then delete the account. In doing this, it is actually overwriting the data that is stored versus ‘deleting’ it.
3. Assume everything technically done is at risk.
We have already learned to ‘Be Aware’ of what we do online, but to add to this topic: assume that searches, posts, chats, messages, etc. are all at risk. This day and age, you never know when the next company could get hacked — it happens extremely often.
Those who know me will laugh or roll their eyes when I explain my distrust in social payment platforms. Mixing my bank account information with the social intentions of paying friends for lunch and allowing that exchange to be public makes me cringe. My bank account information is in the fewest places as absolutely possible because I assume, at any point, it can be at risk.
4. Question companies.
I always find it funny when I am creating a new account, and a company has a maximum size on the password. I use a password generator and typically go with combinations over 40 characters; however, I too-often get stopped with alerts that my password is too long. ‘Passwords must be 12–20 characters long.’ Each time this happens, I question if creating the mentioned account is worth it.
The argument against this is that hopefully these companies are watching their input streams to prevent SQL injection attacks or the like. This happens when black-hat hackers (the bad guys) attempt to hack into a database using SQL queries in the input streams on a website’s form or the like. If a company does not have the proper security measures in place, these attacks can wreak havoc.
Similarly, always research what a company intends to do with your data. Assume they are using or selling your data for profit and ‘Be Aware’ of what data you are letting them utilize.
5. Be Smart.
To conclude, be smart about what you do online. It is nearly impossible to live a life offline, and frankly, it is extremely inconvenient. One of my professors in grad school said that this degree can create two types of people:
- the extremely paranoid
- those who choose to ‘live with it’
As long as you are conscious about what you choose to put online and you are smart about what data you choose to share, you are already a step above most.
