Virginia Tech cybersecurity expert Eric Jardine suggests that we develop digital habits that protect our devices and our information, in the same way that our commitment to handwashing helps prevent the flu.
Jardine, an assistant professor in the Department of Political Science, said that proper “digital hygiene” consists of simple habits that can be incorporated into a regular routine to secure computers, smartphones, and other devices that may be susceptible to hacking, malware, and ransomware.
While ransomware attacks and other forms of malicious activity can take over a device and scream at a user, most actual intrusions rely on subtlety, going unnoticed the hacker uses the lapse between breach and discovery to collect beneficial information.
Unfortunately, engineering a system that is simultaneously 100 percent safe and still usable is just a fantasy.
“A healthy person isn’t someone who never gets sick; it’s someone who can get sick and bounce back, to recover,” said Jardine, who is also a fellow at the Centre for International Governance Innovation, an independent, nonpartisan think tank based in Waterloo, Ontario.
“That’s the way you want to be thinking about security. It’s not, does the system ever get compromised? It’s, when it does get compromised, is it catastrophic and you die? Or is it that you’re ill, but recover to full health? That’s not often the way we think about digital security.”
Jardine’s research focuses on various aspects of our new digital life, including the uses and abuses of the Dark Web, trends in cybercrime, how people’s use of email and other digital technologies affects cybersecurity, and the inherent politics of the public policy dilemmas surrounding both anonymity-granting technologies and encryption.
Below find some tips from Jardine to improve your digital hygiene and reduce your susceptibility to cyberthreats:
1) Calibrate the level of security you need.
“How much security they want versus usability is different among different people,” Jardine said. “There’s no concrete answer. Even with a single user, what you use for banking will be different from submitting an academic article to an online journal. The potential exposure, potential problems, are different. Within that there’s a floor, with a bunch of steps to take. How rigorous you make them is up to you.”
2) Update software frequently.
Updates often contain security patches for newly discovered vulnerabilities. Whether it’s the operating system, driver, browser, or applications, run updates as soon as they become available, Jardine said.
3) If you’re not using a program or app, don’t leave it just sitting there.
“A lot of people install a whole host of programs they use just once,” Jardine said. “It’s useful for a specific purpose, then just sits on their system.” Those unused programs are a source of potential attacks; deleting them lowers the chances of vulnerability.
4) Be smart about antivirus software.
Jardine said that a study of six major antivirus vendors showed that their products blocked about 60 percent of malware at best. Antivirus software still is quite useful and effective, but make sure that the product lines up with your hardware, operating system, and browser, since incompatibilities can create holes. Also, Jardine said, don’t assume that because you have antivirus protection that you can be flippant in your behavior as a user.
5) Take care with passwords.
Cybersecurity experts spend a lot of time talking about passwords. Most password advice is the sort of common sense that people have heard many times before, yet users continue bad practices.
Don’t use the same password across multiple accounts. Instead, use multiple passwords. A password manager can help, or even a system of handwritten notes spread across multiple post-its. Just don’t stash them all in one place, either online or physically.
6) Don’t click on emailed links or attachments from unknown sources, or even from known sources if something feels off.
A 2014 study by IBM of nearly 1,000 companies found that human error was a primary cause of more than 90 percent of security incidents—everything from misconfiguring routers to clicking malicious emails. If you’re unsure about an email, err on the side of caution. If the email purports to be from a bank or other website where you have an account, sign in through your browser, not through any link provided in the email.
7) Don’t open random USB keys.
This seems like a no-brainer, but in an experiment involving dropping stray USB keys around a university parking lot, a vast majority were picked up. Some finders plugged the keys into computers and began viewing files within six minutes. Plugging an unknown USB key into one’s computer is as dangerous as clicking links in an unknown email.
8) Back up your data frequently.
One of the reason the Wannacry ransomware attack was so devastating was because so few of the systems it targeted had been backed up, Jardine said. If you’re doing regular back-ups, ransomware is more of an inconvenience than a disaster.
“You may lose a couple of days of work, but you won’t have lost everything,” Jardine said. “You can wipe the system and reinstall applications and files. How often you back everything up, and whether you use a cloud service or hard drive, is one of those choices that people make based how much security, how much usability they want.”
This article originally appeared in the Fall 2017 issue of Virginia Tech magazine.