Cybersecurity Awareness Month Q&A

BY GINA MANTICA

Many people enter private information, like addresses and passwords, online regularly. But not many people know how to keep that sensitive information safe. Cybersecurity Awareness Month was created to ensure that people in the United States have the resources they need to be safer online.

We asked one of our cybersecurity experts about information security and steps that people can take to protect their personal information online. Mayank Varia, Co-Director of the Hariri Institute’s Center for Reliable Information Systems & Cyber Security and Associate Professor in the Faculty of Computing and Data Sciences, researches theoretical and applied cryptography using computational tools.

Should people worry about information security?

Information security is important because the actions that we take in the digital world have substantial impacts on people’s lives. For example, the pages we visit and transactions we make on e-commerce sites will influence future advertisements shown as we browse the web, and the way that we obtain information can influence future algorithmic choices of what news items to show you and collectively can impact democratic elections.

That said, in a perfect world, you should not have to worry about information security at all, because we would have designed systems that minimize the information collected about you in the first place and that ensure that information is only used in a specific contexts that are in your best interests. Unfortunately, both the state of information technology and our current laws and policies governing cyberspace are not there yet.

What are the biggest cybersecurity threats right now?

One big threat right now is phishing, in which a scammer (very convincingly!) tricks you into providing your account credentials into an imposter website that looks like a real login page but is actually run by the scammer. Another big threat is ransomware: once an attacker gains control of your computer, they hold your files hostage in the hopes that you will pay a lot of money to get them back.

What is one step someone could take today to protect themselves online?

Perhaps the best step you can take to protect yourself is to set up and use a password manager, in order to create passwords for each website that are so complex that even you cannot (and need not) remember them. There are several reputable companies that provide password managers, and they tend to offer most basic features for free.

Another important step is to set your computer’s operating system and web browsers to automatically install updates in the background (which most programs will do automatically nowadays) to lower the chance that an attacker can get ransomware on your computer.

How can someone know if their data has been compromised?

Unfortunately, it’s very difficult to know whether your computer has been compromised. Backing up your data regularly is a good way to ensure that you have long-term access to your files, even if someone happens to compromise your computer. Boston University IS&T offers several backup services.

What is “encryption”, and can it protect personal information?

Encryption is a way to garble a file so that only someone holding the corresponding key can unlock its contents. It’s one of the most effective tools we have to protect digital information. All major laptop and smartphone manufacturers will encrypt data on your device to safeguard the data even if a thief steals your device itself. Additionally, more than 90% of websites use encryption to protect data in transit between your computer and the website itself.

How does your research inform cybersecurity?

Research conducted within BU’s Center for Reliable Information Systems & Cyber Security (RISCS) goes beyond time-tested techniques like encryption to investigate more cutting-edge ways to protect, or expose weaknesses in, cybersecurity mechanisms. With faculty that span the College of Arts & Sciences, Faculty of Computing and Data Sciences, College of Engineering, Metropolitan College, and Questrom School of Business, our center develops and evaluates new technologies for cloud security, cryptography, data privacy, and the impact of algorithmic decision-making processes on society.

Interested in learning more about the research happening at the Hariri Institute? Sign up for our newsletter here.