A Seeple's Guide to Digital Hygiene

By: Virpratap Vikram Singh

Most people probably can’t even remember when they learnt to heed ‘stranger danger’, and yet many of us would open an unknown email that promised us some proverbial candy. We are increasingly starting to realize that in our world of ever-increasing interconnectivity, our data and overall cybersecurity are at risk of being compromised. Through this guide, the Digital and Cyber Group (DCG) will provide you with some of the basics on how to reduce your margin of cyber risk and put you on the path to staying safe online.

#1 Patch It!

Tech companies are constantly discovering (and paying for) bugs in their codes, and patching them accordingly. This means every time you get a request to update your system, hitting ‘no’ or ‘later’ means that potentially critical flaws are left on your system, leaving you vulnerable to hacking, ransomware (like WannaCry), and even remote hijacking.

Solution: Set your computer to auto-update and always hit ‘Yes’, even if it means a 30 min update cycle. You can always set up a window in which updates can be completed so your work schedule isn’t affected. Don’t have a verified or authentic version of Windows? Download it from Columbia University

#2 An Anti-Virus A Day

Flu Season is yearlong in cyberspace, regardless of whether you have a Mac or a Windows. Having an anti-virus gives you a firewall which will increase the changes that you don’t get affected by bugs that float around through dodgy links, buggy USB sticks, and more.

Solution: Get an anti-virus! Some of the major ones include: McAfee, Norton and Bitdefender. CUIT offers Symantec Anti-Virus for free. Columbia University provides a hefty discount for TrustPort Total Protection for PC and MacKeeper for Mac. We recommend avoiding Kaspersky Labs as they’ve got a bit of a bad reputation for allowing backdoor access.

#3 Use the Cloud

We all make mistakes. Whether it be a phishing scam or a ransomware attack, you could suddenly find yourself prevented from accessing your data. Making backups in the Cloud ensures you can bounce back quicker, and with fewer hiccups. Companies that provide these have tremendous amounts of resilience to prevent any data loss or service disruption.

Solution: Learn to trust the Cloud; Google gives 15GB of storage with every account, while LionMail utilizes Columbia Servers to give you unlimited storage as a student. Other (possibly paid) alternative services include Google Drive, OneDrive, iCloud, and Amazon Drive.

#4 One Password to Manage Them All

Password Managers operate like a keychain for all your passwords. Instead of carrying around a dozen passwords like loose change, you only have to remember one – making it harder for you to get completely compromised in a data breach. These softwares can also auto-generate complex 12-15 character passwords that utilize both letters, numbers and symbols to ensure that your password is the strongest it’s ever been – on both your desktop and mobile.

Solution: Check out LastPass, 1Password, DashLane, iCloud Keychain and Google Passwords. Some Anti-Virus' offer a password manager/generator as part of their product as well.

#5 It Takes Two

Think of two-factor authentication as the PIN for your bank card – you already have the card, the PIN just ensures it really is you – meaning a compromised account has an additional layer of protection. Most sites recommend setting this up with your phone or email. Should you prefer something a little stronger, look into software and hardware solutions.

Solution: Look into apps like Google Authenticator (iOS/Android) or hardware like Titan Key or YubiKey.

#6 Know Your Phishes

While spearphishing is a targeted effort to compromise data, phishing is far more widespread as a digital con jobs that only needs you to slip up once. Now that you know the terms, let’s practice avoiding them. What doesn’t sound right about these messages?

  • Is the person contacting you through a new channel? (Email when they generally Message, Instagram when they generally use Whatsapp)

  • If you know them, are they using unusual language?

  • Are they requesting you to click on a link or download an attachment?

Solution: Trust your gut and yourself. Whether it’s a Linkedin request, or a ‘reset your password’ email – check the domain name. Phishers try to make things seem as authentic as possible, so try and contact the presumed sender through alternate means!

P.S.: Over the spring semester, DCG members encountered several phishing emails sent to Columbia list-serves, posing as Columbia organizations. If you encounter similar emails, ensure you report it to spam@columbia.edu

#7 Required Permissions

Let’s face it, just like Terms of Service, no one checks app permissions. But senseless app permissions give access to far more than an app may require to operate; from access to your microphone, contacts, and camera. Should a data breach occur, the more you’ve allowed access to, the greater the chance your data will be compromised.

Solution: Give permission selectively; both Android and iOS allow users to set app permissions selectively, so take a walk through your apps. And if you aren’t using an app, consider uninstalling it.

  • Android: go to Settings > Apps, Select the app and tap Permissions.

  • iOS: go to Settings > Privacy, permissions will be grouped by type.

 #8 VPN’s aren’t just for Pirates

We’ve all enjoyed the benefits of free public WiFi (I’m looking at you ColumbiaU WiFi), but public WiFi can leave you vulnerable to online monitoring or tracking. VPN’s allow you to access your own secured networks remotely (with some configuration), by-pass region blocks, and hide your browsing activity from Internet Service Providers (ISP’s are some of the largest collectors of your browsing data).

Solution: Look into services like NordVPN, TunnelBear, and CUIT's secure on-campus WiFi (you’ll need to install a few drivers) to increase privacy while browsing.

#9 Encryption as a Standard

It’s a widely accepted standard for your communications to be encrypted. However, there are layers to it. Apps like Messenger or WhatsApp do use a level of encryption; however, the Facebook-owned products don’t assure that nothing is being logged. Encrypting your texts, calls, and videos may be a notch above anything you’ve considered, but it’s an important step if you want to remain anonymous online.

Solution: Download Signal, or look into other encrypted messaging apps like Telegram.

#10 Know your vulnerabilities

Remember when you posted your ticket to your summer vacation? There’s a treasure trove of information that can be ripped from that single shot. In fact, determined bad actors or even a semi-decent stalker can easily dox you by piecing together information about you from what you post online: what your family looks like, where you hang out with your friends, where you’re traveling to.

Remember that just because you’re careful doesn’t mean someone else will be. Members of our SIPA community, as part of their internship acceptance, are often asked to send passport information and scans without any encryption. These too contain incredibly important information about you that can be used to compromise your identity and data.

Solution: Aside from swearing off the Internet entirely, there are steps you can take to increase your cyber security. Many have already been covered; strong passwords, two-factor authentication, etc. Beyond this, Google yourself and see what you can find.

Fun fact: if you’re a citizen of the EU, because of GDPR, you can demand that a site provide you with a copy of all data they have on you. You can even request them to delete it.

***

If you’ve read till here, you may have some questions, including “how much does this cost?” and “why should I spend money on this?” Think risk aversion – it all depends on the risk profile you wish to keep. Should a data breach occur, it could be far more expensive to fix it, than the cost it would have taken to keep your data safe. Just ask Baltimore. Which brings us to the former, how much does all this cost? Less than you’d expect. Many of these services have feature-limited free versions, and almost all of them will have massive discounts that run throughout the year. As of writing this article, this is a breakdown of costs.

Need

Solution

Cost per Year

Regular Patching

Auto-Update. Get Windows 10 from CUIT.

$0

Anti-Virus

Bitdefender Internet Security 2020 (1 Year, 3 Device) or Symantec

$0 - $44.99

Cloud Storage

Google Drive (1 Year, 100 GB) or LionMail (unlimited as a student)

$0 - $19.99

Password Manager

Google Passwords, iCloud Keychain or LastPass Premium (1 Year)

$0 - $36

Two-Factor Authentication

Google Authenticator or YubiKey 5 Series

$0 - $50 (single purchase)

VPN

NordVPN (1 Years, 6 Devices) or CUIT Secure WiFi

$0 - $36 (3-year commitment)

Encrypted Communications

Signal

$0

The final cost puts us in a range between $0 - $186 per year (excluding taxes), which could be well worth it, considering the amount of personal and sensitive data you’d be keeping safe both now, and in the future.

Special thanks to Professor Jason Healey for his resources on how to stay safe online.

If you’re interested in knowing more about Digital and Cyber news and events in SIPA and beyond, join DCG on CampusGroups!