Although it hasn’t “officially” started, I know every department is now in full summer mode and you would probably prefer to be wherever the picture above was taken rather than reading a monthly security awareness newsletter, but you clicked on the link!
The monthly “News from Information Security” articles usually follow the EDUCAUSE annual security awareness topics found here on the EDUCAUSE site. This practice attempts to provide a relevant and varied experience for readers. This month I decided to divert from the proposed EDUCAUSE topic of cryptocurrency to write about common sense ways to protect yourself.
First, let’s define “common sense” so we are all on the same page.
Dictionary.com definition – sound practical judgment that is independent of specialized knowledge, training, or the like; normal native intelligence.
Merriam-Webster definition – sound and prudent judgment based on a simple perception of the situation or facts
Cambridge English Dictionary definition – the ability to use good judgment in making decisions and to live in a reasonable and safe way
Personally, I like the Cambridge English Dictionary definition. “The ability to use good judgment in making decisions and to live in a reasonable and safe way.” Every definition cited above mentions “good”, “sound”, or “prudent” judgment. Let’s ask some ridiculous questions about using good judgment.
- Would you go on vacation for a week and put up a sign in your front yard revealing that no one is home, nor will be home for several days? Of course not. Yet, this is exactly what happens when you post vacation pictures to social media while still on vacation. If your social media privacy settings are not properly configured, you are posting a giant billboard over your empty and vulnerable house. Wait until you get home to post those awesome vacation images unless you have someone house-sitting for you.
- Would you put on your résumé that you drank while underage or used illegal drugs? Not to to interview for most companies. However, this is exactly what you are doing when you post potentially incriminating pictures to social media. Employers now routinely check the social media accounts of prospective employees. Be careful of the images you post – they could come back to haunt you.
- Would you tell someone your bank card PIN in casual conversation? I would hope not, but you would be surprised at the number of people who will blurt out their email or computer password to someone, especially someone willing to help them with a computer issue. Don’t tell anyone your password to any of your accounts!
- Would you walk around an unfamiliar town or city shouting where you live and that you don’t lock the doors to your house or apartment? I would think not. Let’s label the Internet as the “unfamiliar town or city”. Many people use their email address as their username (and granted, some sites require this) and use very simple passwords for their accounts. If your password is “password”, it might as well not be password-protected. Choose good, strong passwords and use a password manager to help you create unique passwords for all your accounts. If available, turn on multi-factor or two-factor authentication so if someone does get your password, they still can’t get into your account. Also, if the website allows it, don’t use your email address as your username.
- Would you spray paint talk trash about your employer, coworkers, friends, or enemies in public places? Mirroring the issue with question #2, people post derogatory comments about employers, coworkers, friends, and enemies on social media sites, not thinking about the fact that once that comment is “out there” on the Internet, it never goes away. It is easy to be harsh and cruel while sitting behind a keyboard or messaging on a portable device like a smartphone or tablet. The physical separation from the object of your anger will embolden you. Be careful what you post!
- Would you lay down your purse or wallet in a public place and leave it to run an errand? I would hope not. There are no locks on purses or wallets. Once someone has possession of it, everything in it, from your money to your credit cards and ID cards, are gone. I realize that most people’s smartphones are almost permanently attached to them, but in the event your phone does get left alone somewhere, be sure that you have enabled the locking and security features on the phone. Think about it – much like your wallet or purse, your phone grants access to so much of your information and so many of your resources, you really must be sure it is locked when you are not using it.
Were these questions ridiculous? Yes, but shifting the focus or topic just slightly highlights bad practices many of us are guilty of. Use common sense with technology, just as you would with any of the other items mentioned. You will avoid everything from minor inconvenience to financial and/or reputational ruin.
I will soon finalize the topics for my planned short summer workshops. These will be hour long sessions covering one topic each, all conveniently scheduled during a lunch hour. More details coming soon! If you have any topics you would like covered, please let me know by emailing them to me at firstname.lastname@example.org.
Thanks for reading and I hope your summer is going well!