Quinn’s Do’s & Don’ts
Executive Director of BU’s Information Security Quinn Shamblin offers some simple steps to keep you cyber safe
- Have different passwords for different kinds of sites. You should have one password for your bank that you don’t use anywhere else. A different password for your email account, again that you don’t use anywhere else. A different one for other sites that have credit card information saved and another for sites that require passwords but don’t have any financial or other sensitive information in them. The reason for this is that if your password for one kind of site (say, your email) is compromised, the bad guys or girls don’t have access to every other account you own.
- Make sure your computer and the software on your computer gets updates automatically. Yeah, it’s a little annoying, but almost all those updates are to fix security problems that someone found.
- Get anti-malware software. Even if you have a Mac, GET ANTI-MALWARE, every year for the past 5 years, Macs are the very first computer to get hacked into at the Defcon pwn-to-own contest.
- Put a password/PIN/pattern on your mobile phone. If someone finds your phone and there is no password on it, they get instant access to your email and can really mess with you if they want. See http://www.youtube.com/watch?v=spaQGWasqHY for a laugh
- Never give your password to anyone. Not a friend, not a teammate, nor your boss, not a person claiming to be from helpdesk, not to a person at the other end of an email saying that your mailbox is full or that system maintenance is about to be done that need your password to verify that your account tis still active. No one. No one should have your password but you.
- Don’t follow links in emails unless you were actively expecting that email. Links can be set to look like they are going one place, but actually be going another. So the email could look like it is from amazon, but the link really takes you to a malicious website that looks just like amazon, but is controlled by the bad guys. When you “log in” you have given the bad guys your password. And if you use that same password other places, you may have compromised a lot of your accounts.
- Don’t opt for the paperless version of your bank and credit card statements. There are kinds of malware out there that can intercept communication with your bank and steal money from you yet display on the screen exactly what you expect to see! Utilities, etc. are fine to go paperless, but for financial accounts, if you don’t have some form of statement other than your computer, you won’t know your account is being emptied until your checks or payments start bouncing.