“The ubiquity of connection drives a ubiquity of application—or perhaps it’s the reverse,” says Hawley, USU’s chief information officer who teaches IT strategy in the Jon M. Huntsman School of Business. “In the mid-‘90s when we still had dial-up, you couldn’t stay online forever because we still had to make phone calls! People just weren’t online 24/7. But as wireless and technology changed, placing it in everyone’s hands, the cheapness and ubiquity of always being on an internet connection is what has really changed culture and society.”
Since the days of keeping track of cell-phone minutes and text messages, much of our lives are now lived online, which has created huge changes in privacy and security. And that’s something that concerns Hawley professionally, and also privately as the father of five children.
“There was a time when we didn’t worry about security too much online,” Hawley says. “Yes, we had accounts.
Yes, we had passwords. But by and large, people weren’t hacked; people weren’t taken advantage of. But there’s been a big shift. These days, it’s pretty simple and pretty easy to be taken advantage of.”
Hawley’s advice to keep yourself more secure online:
1. Be an Internet Skeptic.
“If it’s too good to be true, it probably is. And you have to protect yourself. Is that really your bank? Is that really Utah State University? Is that really your friend?”
2. Beware of social engineering.
Social engineering elevates an emotion or takes advantage of one to prompt a person to react without due diligence, Hawley explains. “It’s people manipulating people. They’re actually going after the huma
n weaknesses more than the technological weaknesses.” So, beware of communications that push your emotional buttons, and be particularly skeptical when presented with a “free” opportunity. For instance, avoid the urge to take surveys or play free games that may show up on your Facebook page. They often require the user to give access to their social media profile, leading to a trove of information that could be used to for harmless marketing or something more sinister.
3. Never click on aN EMAIL link.
One of the most simple and successful methods of social engineering comes via the ease of a link embedded in an email. But chances are, that email is not from your bank or the IRS, and you may well be clicking on a link attached to web address that ends with .ru—Russia. Thieves are getting better at creating fake emails, so visit your bank’s website to find a genuine phone number to call or log into your account to confirm whether or not there’s an issue. “Most banks have learned not to ask you to click on something in an email,” Hawley says. “So, never click on a link in an email! Don’t do it!”
4. Passwords are dead.
Passwords are becoming easily hackable, Hawley declares. “And most passwords are hacked through social engineering, getting you to give them up in that phishing email.” So remember these four tips from Hawley:
A. Don’t ever re-use passwords.
That is a dangerous practice. If you’ve used that password on multiple sites and just one of those gets hacked, your password is now known and all of those sites could be compromised.
B. Use a password manager.
There are some very good, very secure password managers that will make your life easier and more secure so you don’t have to remember individual passwords for every site you visit.
C. Password length is more important than password complexity.
Rather than creating a password with special characters and capital letters, Hawley says longer passwords are more difficult to crack. At least 12 characters is good; 20 is better. Pick four words—they can all be lowercase—making it harder to crack and easier to remember.
D. Multi-factor authentication a good thing.
It can take a little more time for users, but adding another level of security to the simple username-password combination appears to be the future. About two years ago, USU implemented the use of an authentication system called Duo, which requires an additional factor—usually a cell phone—for an employee to log in. Since that time, Hawley says, the com-promise rate since has been zero.
5. Keep software up to date.
It can be a pain when Windows wants to update while you’re in the middle of trying to finish a task, but keeping your computer and phone and web browser as fresh as possible is critical. Besides, social engineering hackers take advantage of software vulnerabilities.
6. Back up your data.
Beyond the potential for a hard drive crash, through the use of so-called ransomware, hackers can gain access to photos and files on your computer, which they threaten to encrypt and render them unusable unless you pay a fee. Having items backed up on an online cloud service, means you can restore them without paying a ransom.
USU alumni currently have free access to a Google Drive account via their Aggiemail.usu.edu email (call the USU IT Service Desk at 435-797-HELP for more information.)