Carnegie Mellon University

stock photo of cell phone

July 01, 2022

Protect Your Security and Privacy

By Daniel Tkacik

As many of us leave for summer vacation, protect your security and privacy with these tips from CyLab faculty. 

“Think twice!”
Hanan Hibshi, Assistant Teaching Professor, Information Networking Institute

“Think twice before you post something online, as it will stay there forever,” says CyLab’s Hanan Hibshi, an assistant teaching professor in the Information Networking Institute. “Think twice before storing a file in the cloud or exchange that in an email. If there is sensitive/confidential information in that file, then you would have to think more than twice! Establish limits for your own privacy of what you are comfortable sharing vs. what you are not comfortable sharing.”

“Educate yourself about tactics that scammers use, be wary of things that sound too good to be true, and talk with other people before making big decisions.”
Jason Hong, Professor, Human-Computer Interaction Institute

“A friend of mine recently fell for a scam, which offered huge monetary gains from trading options,” says CyLab’s Jason Hong, a professor in the Human-Computer Interaction Institute. “He met the scammers on a message board about personal finance. They directed him to a web site that looked legitimate. He first put in a little money and got a big gain. He then put in a lot more money, and then never heard back from them.

“Some lessons? First, educate yourself about tactics that scammers use. They often try to lure victims in by appealing to human vulnerabilities, such as greed, loneliness, or desperation. The small gain my friend got in the beginning is also something you also see in Three Card Monte, to try to trick people into believing that their scam works. Second, be wary of things that sound too good to be true. If someone really had a deal that good, they wouldn’t be sharing it with others. Lastly, talk with other people before making big decisions, especially with money. I’m certain a lot of my friend’s acquaintances and friends would have warned him that this sounds like a scam.”

“Pay attention to where emails are from.”
Limin Jia, Associate Research Professor, Electrical and Computer Engineering

“Pay attention to where emails are from,” says CyLab’s Limin Jia, an associate research professor in Electrical and Computer Engineering (ECE) and INI. “When you get emails like, ‘Are you available now,’ that appear to be from your boss, or, ‘Change your account password,’ that appear to be from IT support, your reaction might be to respond to the email or click on the link in the email right away, because it sounds so important. However, these may be phishing emails, sent from scammers who intend to extract money from victims. Your immediate reaction to such emails should be to be suspicious and check the sender’s email address to find out where the email is really sent from.”

“Be sure to keep your operating system, software, and phone apps all up-to-date.”
 Aleecia McDonald, Assistant Professor of the Practice, INI

“Be sure to keep your operating system, software, and phone apps all up-to-date,” says CyLab’s Aleecia McDonald, assistant professor of the practice in the INI. “Otherwise, you will have software with known problems—known to attackers! Without installing updates and fixes promptly, you are an all-too-easy target.”

“Exercise extreme caution when opening email attachments.”
Norman Sadeh, Professor, Institute for Software Research

“Many people heard of recent ransomware attacks, which have significantly increased over the past few years,” says CyLab’s Norman Sadeh, a professor in the Institute for Software Research. “Yet many people still do not know how to protect themselves from these attacks. Many people do not realize that these attacks often start in the form of a phishing email. People should exercise extreme caution when opening attachments, verify that they recognize the senders of emails with attachments and ask themselves whether receiving such an attachment makes sense. In addition, people should update their anti-malware software, run regular scans, and above all, they should make sure to regularly back up their devices.”

“I started using a password manager, and my life is so much better!”
Justine Sherry, Assistant Professor, Computer Science Department

 “I used to have trouble keeping all of my passwords and logins straight, so I started re-using passwords or writing them down on sticky notes, both of which we know are dangerous to do,” says CyLab’s Justine Sherry, an assistant professor in the Computer Science Department. “Then I started using a password manager, and my life is so much better! A password manager is a program that saves your passwords for you, securely, so you don’t have to remember them all. I also like that my password manager, 1password, allows me to share passwords with my spouse for things like our joint bank account. Other great password managers include LastPass and Google Password Manager.”

“Avoid clicking on clickbait that others share on social media.”
Vyas Sekar, Professor, Electrical and Computer Engineering

“I would generally avoid clicking on clickbait things that others share on social media. Who knows what these things install and/or track!” says CyLab’s Vyas Sekar, a professor in ECE. “But sometimes the clickbait temptation is too hard to resist. If I really feel the urge to follow the link, I usually copy the link—right-click usually gives this option—and open it in a new private/incognito browser instance so it does not—hopefully!—have access to my other browsing patterns/stored information. If I feel even more worried, I would only consider looking at the link in a guest-mode account on my laptop rather than an account with admin privileges so it will not install stuff accidentally. While this is not foolproof—attacks are getting really smart—this makes it harder for the simpler attacks to work!”


Story originally published here.