We’re living more of our lives online than ever. Due in large part to the pandemic, e-commerce was up 32.4 percent in 2020 over the previous year (United States Department of Commerce). And we’re using telehealth services at a rate that’s 38 times higher than before the pandemic (McKinsey & Company).
But with the convenience of online banking, Amazon, Etsy and eBay, healthcare portals, and 24/7 connectivity come increased risks of a cyberattacker stealing your identity or hijacking your computer.
Kees Leune, PhD, is an assistant professor of mathematics and computer science who also serves as Adelphi’s information security officer. In the latter role, he leads a team of IT professionals tasked with keeping Adelphi’s computers and servers secure.
Dr. Leune explained that while data breaches at large corporations or government entities make headlines, attacks on individuals aren’t as nearly well publicized. He explained that an attacker can break into your computer and “steal your usernames and passwords or other personal information and sell that for a profit, or unleash crypto-mining software so your computer is creating Bitcoin for someone else, and all you get is the electric bill. This happens quite regularly.”
And when it does, anything on your hard drive—tax returns, personal photos, the novel you’re writing—can be “encrypted and lost, and there’s no getting it back,” he said.
Since October is National Cybersecurity Awareness Month, it’s a good time to take action to protect your identity and information. Dr. Leune offered the following tips we should all follow to keep our data safe online.
- Strong passwords are good; multifactor authentication is better. We’ve been advised in the past—and even required—to make our passwords longer and more complex, with upper- and lowercase letters, numbers and special characters. And now we’re supposed to take the extra step of answering security questions or typing in our cellphone numbers so we can retrieve and enter a code? Do it, said Dr. Leune. “The use of strong passwords, and the longer the better, is taking a backseat at this point. The predominant guidance now is to turn on multifactor authentication wherever you can. It’s an extra layer of security.”
- Get updated. Software makers are constantly looking for security holes and bugs and releasing updates containing patches and fixes. Many programs and operating systems for computers and phones will even let you know when an update is ready for you. Download them.
- Use antivirus software. Most antivirus manufacturers give away a free version. Dr. Leune said Adelphi’s 3,200 computers run Sophos antivirus software. The company offers a free version you can use at home, he said, though he adds that Sophos isn’t the only vendor, and “they’re all good.” Mac users: This advice goes for you too. “Mac users are targeted just as [often] as Windows users,” he said. “Using a Mac doesn’t make you secure.”
- Make backups. “Once ransomware gets onto your computer, it is nearly impossible to get it off again, other than wiping the full contents of your device,” said Dr. Leune. He recommends uploading important files to a cloud service provider that will have a team of professionals protecting the servers on which your data resides. Downloading files onto a USB drive or external hard drive not connected to your computer works too. Better yet, do both. “If there’s an issue with the cloud service provider, you can go to your own copy; if there is a problem with your copy, you can go to the cloud.”
- Don’t take the (phish) bait. Have you ever received an email or text, or seen a social media post, that seemed out of character? This could be an instance of phishing—when an intruder essentially dangles bait for you to click on that leads to a malware-infected link. “Phishing is a major issue; this is why we still send all employees phishing messages once a month,” Dr. Leune said. Adelphi also rolled out a phish alert button on Gmail for users to click to make it even easier to report incidents of phishing to Adelphi’s Office of Information Technology.
- Use common sense. Getting hacked is more often due to human error than a problem with the technology. Gaining access to a password or a social security number can be as easy as asking for it. Cyberattackers will use what’s called social engineering—posing, via phone, email or in person as a network administrator or other trusted figure and persuading people to part with their passwords. So be careful.
Dr. Leune pointed out a recent initiative created to advance our understanding of the relationship of cybersecurity and psychology: Adelphi’s Anita D’Amico Endowment Fund. Anita D’Amico, PhD ’84, now vice president of products at Synopsys Inc., is an experimental psychologist who has studied how human behavior affects cybersecurity and software security. Donations to the fund will support research by faculty and graduate and undergraduate students in areas related to cybersecurity, psychology or the intersection of the two domains.