Cybersecurity Awareness for College Students: 7 Things to Do Now

Today’s hyperconnected world demands internet access almost all the time. This also demands internet safety and cybersecurity awareness training. In fact, the number of hacks and internet breaches isn’t going down, especially in the area of education.

In its 2019 year-end report, the Internet Theft Resource Center said:

• The number of breaches in 2019 rose 17% from 2018.
• More than 2.2 million sensitive records were exposed in the field of education in 2019.
• One of the biggest unsecured data breaches overall happened at the University of Washington Medical Center, where 973,000 records were exposed.
• Education media company Pearson was breached, exposing 13,000 school and university accounts.
• A majority of data breaches in the education industry (60%) happened through unauthorized access, which mostly means stolen sign-ins and passwords as opposed to outside hacks.

Rhonda Chicone, PhD, faculty member in the cybersecurity program at Purdue Global, says that internet dangers for college students are widespread, and that cybersecurity and internet safety must be emphasized.

“Virtually everyone is using the internet one way or another,” Chicone says. “Our society hasn't been educated enough on the potential harm if devices are not secured correctly.

“These days, we want things to be easy, and we want things fast. We don't think about the data we provide to the technology we use and how the technology is going to use our data. Many people don't care—but they should.”

Students need cybersecurity awareness training to learn how to:

• Secure their devices
• Use communal workstations safely
• Select secure passwords
• Be sure sites are safe
• Prevent phishing and other scams

Chicone offers some information for building a successful career in cybersecurity. She also has several pieces of advice to help students and non-students protect their connections, their data, and their devices.

1. Secure Your Devices

One way to keep people from getting into your accounts, phone, and laptop is to have strong lockdown methods.

Select Strong Passwords

It’s easy to pick a simple password, which is a good reason not to. Most people use simple passwords, and reuse them for multiple accounts, which is a bad idea. According to Turkish researcher Ata Hakcil, these are the top 5 overused, “bad” passwords:

1. 123456
2. 123456789
3. password
4. qwerty
5. 12345678

Pick stronger passwords, using upper and lower cases, numbers, and special characters like “?” and “~” to make them more difficult to guess. If you’re worried about remembering passwords, consider a password manager like LastPass or Dashlane, which will store all passwords and auto-generate complicated, random ones. You only need to remember one password to unlock them all.

Lock Screens and Biometrics

Enable lock screens that need a password, gesture, or biometrics like facial recognition or fingerprints to unlock. It may seem like an inconvenience, but remember it’s even more inconvenient for a thief.

“Lock screens keep people out of your devices,” Chicone says. “It is hard to train the everyday user to employ this protection. Remember, you’re accessing a bank account, buying from Amazon, accessing health records. Your device is small and can be left in the Uber, on the plane, or at your local restaurant.”

Protect Against Viruses and Scams

Viruses and scams pose a major threat to your safety and data security. Clever thieves know how to get your sensitive information, either by deception or threats. Take steps to protect yourself and know what to look out for.

Malware and Ransomware

Malware and ransomware can be sent by email and instant messages, embedded on websites with Trojan horses, or downloaded in virus-infected files from peer-to-peer connections or torrent sites. Malware can even be deposited on a computer via “drive-by downloads,” which start without authorization when you visit an infected site.

Malware stays on your device and attempts to find sensitive information quietly in the background. Ransomware takes it a step further by threatening to encrypt computer files, making them inaccessible, until a ransom is paid. The FBI recommends never paying in ransomware cases, since that can make you vulnerable to more threats and breaches.

The best way to prevent these attacks is to be careful where you go online and what you click, either in a website or an email. Also, back up your computer on the cloud or external hard drive. That way, if you get malware or ransomware, you can wipe your computer and restore documents and settings using backups.

Phishing and Email Scams

Phishers and scammers use emails to snag victims because they are easy to send to many people at once. Just one person needs to click to make this worthwhile to cybercriminals. Because people are naturally curious, they can be manipulated to click on emails or attachments without giving any thought to the safety of their computer or phone.

The U.S. Cybersecurity & Infrastructure Security Agency recommends these steps to stay protected:

• Be careful of unsolicited attachments. Hackers and scammers can pretend to be people you know, so be wary with everybody.
• Create user accounts with fewer privileges. Most operating systems let you have multiple accounts. If accidentally downloaded on an account without “administrator” privileges, viruses can’t automatically install themselves.
• Block automatic downloads of email attachments. Make sure the automatic download option is turned off in settings.
• Go with your gut. If an email or attachment feels wrong, stay away. Delete it from your inbox, and then from the trash.
• Keep software up to date. Install patches so that attackers can't take advantage of security holes. Read more about this below.
• Save and scan any attachments before opening them. Scans done by virus protection software will detect malware or other problems embedded in the attachment.
• Use additional security practices. Your email provider may have spam filters and your computer should have a firewall. Be sure to use them.

Virus Protection Software

Virus protection software can provide strong security for your computer. This software scans your computer on a set schedule, and can watch for threats while you’re on the internet, reading email, or anything else.

If a website or file seems suspicious, your software can warn you in advance, and if something dangerous is downloaded, it will attempt to quarantine and eliminate the threat.

Some software charges for its use (and may have student discounts), while other software is available in free versions, with paid upgrades if you need them.

According to U.S. News & World Report, these are the best antivirus software choices for 2020:

• Bitdefender
• Kaspersky
• Webroot
• Trend Micro
• Norton
• ESET
• AVG Technologies
• F-Secure
• Sophos
• McAfee

2. Don't Give Out Personal Info

Personal information can be used a number of ways by hackers and scammers. Direct information like Social Security numbers or account numbers can be sold or used to access money or loans. Even sharing small bits of information can come back to hurt you.

Read these tips from the Federal Trade Commission to protect your information.

Guard Information on Social Media

If you overshare, an identity thief can find the answers to “challenge” questions that may be used to access accounts, such as birthplace or favorite color. Even seemingly innocent social media “games” that ask you where you went to school or the place where you met your significant other can help thieves break into your accounts.

Keep Passwords Private

Having strong passwords isn’t enough. Don’t reuse them—have a different password for each account you have. Also, never share your password with anybody, for any reason. If you suspect a password has been compromised, change it immediately. It’s also a good practice to change passwords every few months.

Secure Your Social Security Number

Thieves with access to your Social Security number can do a lot of damage to bank accounts, credit reports, and more. If someone asks for your number, ask:

• Why will you need it?
• How will you use it?
• How will you protect it?
• What happens if I don’t share it?

Realize that employers and financial institutions need your SSN for tax and wage purposes. It also might be needed to check your credit to get approval for a loan, qualify for a new apartment, or sign up for utility service.

Other businesses, however, may not actually need it. The decision to share is yours. 

Watch Out for Impersonators

Give out personal information on the phone or through email only if you’ve initiated the contact or you know who you’re dealing with. If a company sends an email asking for personal information, avoid clicking on any links, even those asking if you want to unsubscribe from other emails.

Instead, using an internet search, find out the company’s phone number, talk to customer service, or send an email to the contact address there. Find out if they actually sent the request, then decide whether you want to share any information.

3. Be Safe When Using Communal Workstations

Communal workstations, such as those in a school library, are less secure, so avoid them. If you have to use a shared computer, use a few strategies to protect yourself.

• Check computer workstation policies. They will limit the websites you can visit, and what type of usage is considered appropriate.
• Avoid portable drives. These might not be allowed by workstation policies, because they can carry viruses and malware. A drive can also become infected by software on the computer that can automatically capture any personal information stored on it.
• Consider using your own hotspot. By avoiding free Wi-Fi, you’ll also avoid snoops on the network that can capture usernames and passwords.
• Beware of shoulder surfing. Passersby might try to watch out for usernames and passwords. Always keep an eye out for others nearby.
• Don’t save passwords. Those passwords can be retrieved by another user later to get into your accounts.
• Always log out before leaving a website. This is especially true for any social media accounts.
• Protect yourself from keyloggers. These programs can record keystrokes used on a computer. They’re easy to load onto public computers and checked later. Never use a credit card or online pay app, and never sign into a bank account, on a public computer.
• Clean out files. Learn how to delete temporary internet files, history, caches, cookies, and the recycling bin when you’re done. Also, clear out these files from the previous user before you start.

4. Check for the Extra ‘S’

HTTPS, which stands for Hypertext Transfer Protocol Secure, is used to help protect information over the internet via encryption, providing more security than the standard HTTP. Websites that begin with “https://” are generally used for internet purchases and other personal information and are considered safer. But HTTPS can have its own limitations.

“Making sure you see the 's' following HTTP is no longer good enough,” says Chicone. “For example, I can put up an ecommerce site that looks almost exactly the same as the real site, and it will still be accessible by HTTPS. This scam site will also take your money and send a receipt that looks like a real company.”

When in doubt, Chicone recommends double checking by calling the company with the website to verify domain names and security. “However, if you don't have to buy something online, don't do it,” she says.

5. Perform Updates

Download computer, device, app, or software updates as soon as they become available. They are meant to help you stay safe.

“Updates are there for a reason,” Chicone says. “Back up your system and then apply the update. The updates could contain many things like improved features, new features, security fixes, and/or bug fixes.”

Many software updates plug recently discovered security holes. They can be exploited by those trying to steal your information, so it’s vital to plug those holes as soon as possible.

To make the process easier:

• Enable automatic updates at a time that’s convenient (overnight, for example).
• Check for updates when you’re on a lunch break or before you go to bed at night.
• Update phone apps anytime they’re made available

Also, set security software to scan any new updates before they deploy. Fake updates are floating out there, so they need to be scanned, too.

6. Sell Devices Safely

When it’s time to move on from an old computer or phone, be sure to wipe personal information from it. By clearing out a computer, you prevent the next user from having free rein with your information.

First, transfer all the information you want to keep either onto a separate hard drive or upload it to the cloud. Later, download or reinstall the information onto a new device.

For a personal computer, use data wipe software that overwrites the entire hard drive. It will clear out anything on it, including the operating system.

For a mobile device, check the manufacturer’s website for instructions on deleting information permanently. Also remove the SIM card and delete any call and text logs, phone books, search history, and photos while you’re offline. Services like Google Photos and Google Drive will keep your files on the cloud.

7. Use Multifactor Authentication

Multifactor authentication, sometimes called two-factor authentication, gives an extra level of protection when you sign in to some websites or use some accounts. It simply double-checks that you’re the correct person by requiring a second set of sign-in credentials.

For example, if you sign in to an account, it could ask for a password, PIN or sign-in gesture, or biometrics like a thumbprint. The website could also send an email to an address you’ve previously supplied or a text to your phone number. These will have an authenticating code that will need to be entered to unlock your account.

This extra layer of security can keep people out of your accounts and reduce the likelihood that you’ll be a cybercrime victim.

Cybersecurity Awareness Is Worth the Effort

Keep your computer and mobile devices secure and protect your personal information. Doing so could save you until hours of hassle and frustration as you try to undo the damage caused by cybercriminals.

Purdue Global offers more than 175 online college degree and certificate programs. For more information, reach out today.