With a web-connected supercomputer in every pocket and more and more of our lives lived online, the days of leaving computer stuff to computer experts are long gone. Every person needs to be aware of how to navigate life online — and most critically, how to protect sensitive information from those who would steal or exploit it.
That’s the idea behind Professor Bruce DeBruhl’s class Computer Security for Everybody, a new course he taught this summer for the second time at Cal Poly. Aimed specifically at non-computer science majors, the course provides a practical guide to help users keep personal information and devices safe from cybercriminals.
“Students from all over campus can actually see how this applies to them personally and in their majors,” says DeBruhl. “For example, for somebody who’s studying political science, what type of policies will impact future cybersecurity decisions? For somebody going into biology or medicine — how can you store a patient’s medical records to keep them safe from cybersecurity attacks?”
Students dive into many different aspects of digital security, including online identities, web privacy, passwords and security tools, and threat modeling — getting inside the heads of cybercriminals to identify and protect vulnerable points in security systems.
“I’ve definitely been more cautious since taking this class — when I’m browsing I always notice when a site isn’t as secure now,” says fourth-year business major Jenna Eisenmann, who took the class this summer. Armed with this new perspective, she says, she noticed that her work’s website has some vulnerabilities and was able to bring it up to her boss.
DeBruhl shared some of the tips he gives his students that can help you keep your digital information secure.
1. Keep your system up to date.
Software companies are always working to stay ahead of new forms of cyberattack, and new versions of your software will include the latest tools to counter those threats. Don’t wait to click that “update” button.
2. Use a password manager.
One of the classic security vulnerabilities is using the same password for all your different online accounts — one successful attack can give a hacker access to everything. Using a password manager like LastPass helps you store and use many different passwords, and even helps you come up with more secure password options.
3. Avoid using short, common dictionary words as passwords.
Password-cracking tools are often programmed to quickly try commonly used words. Add something unexpected that no one else would think of.
4. Use the lock screen on your phone and computer.
Your personal devices overflow with information that makes you vulnerable. Always lock your screen whenever it’s not in use to discourage snoopers.
5. Watch out for spam.
The FBI, the IRS and your company’s IT department are never going to send you a typo-ridden email asking for your passwords or prompting you to click unknown links. Be suspicious of any unexpected request for your private information.
6. Watch for the lock icon.
The address bar in your web browser will show a lock icon when you’re visiting a site that has been verified secure by a reputable third-party source. Avoid sites that aren’t secure, and never give sensitive information if you don’t see the lock.
7. Wherever possible, use two-factor authentication.
More and more web services now use a system that requires a second proof of identity besides a password — for example, receiving a code via text message when you login to your email. It’s just one more thing a potential cybercriminal would have to steal to get access to your accounts.