First Line of Defense

 First Line of Defense

Individuals are the key to limiting susceptibility of our nation’s computer systemsEric Spangler Cybersecurity expert Richard Harknett is the inaugural Fulbright professor in cyber studies at Oxford University in the United Kingdom in 2017 and the first scholar-in-residence at United States Cyber Command and the National Security Agency in 2016.

The cybersecurity of our nation is in our own individual hands. That’s the message that cybersecurity expert Richard Harknett, professor and head of the University of Cincinnati’s political science department, is preaching.

That’s because our computers live in an interconnected world on the internet, says the inaugural Fulbright professor in cyber studies at Oxford University in the United Kingdom in 2017 and the first scholar-in-residence at United States Cyber Command and the National Security Agency in 2016.

And because we live in an interconnected computer world that means that an individual’s computer vulnerability can be used and exploited by advanced attackers to threaten national security, says Harknett.

“We need an engaged cybersecurity citizenry in order to advance national cybersecurity,” he says. “I need to be contributing to cybersecurity not only to make myself secure but to make my neighbor secure, my state secure and my country secure.”

We have a civic duty to make sure that we engage in secure practices on our computers and cellphones, says Harknett. “There’s things that we can do on a daily basis to make sure that we’re less susceptible to unauthorized access to our digital platforms,” he says. “I stress the notion of less susceptible because there is no 100 percent perfect defense.”

So what steps can we, as individuals, take to make sure our nation’s computer systems are less susceptible to unauthorized access or attack? Harknett has six simple suggestions to help keep our nation’s computer system less susceptible to hackers.

Robust passwords

The first step that individuals can take to help secure computers is making sure to use more robust passwords. One of the simplest ways of compromising people’s computers and accounts is through very weak passwords, he says.

“I can run, as an attacker, automated systems that just basically run through the dictionary and very simple combinations fairly rapidly,” Harknett says. Despite the warnings against using simple passwords there are still people who use passwords like 123456 or personal identifiers like their name, address or birthdate, he says.

Harknett recommends using a sentence or phrase that relates to an account as a password. Use the first letter of every word in that sentence or phrase and convert any letter possible into a number—such as 4 instead of the word “four” or 2 instead of the word “to,” he says.

It’s also important to not use the same password for all accounts, Harknett says. It’s best to prioritize which accounts get the most sophisticated passwords, such as bank accounts. These “crown jewel” accounts should have passwords that are beyond eight characters, have special characters, capital letters and lowercase letters, he says. Make sure to write down those passwords and keep them in a secure place, Harknett says.

Check the link

The next step individuals can take to help secure their computer accounts is by checking any links, hotlinks in emails, links off webpages or logos in an advertisement or email to make sure it looks legitimate. Cybercriminals have become more sophisticated and can create emails that appear as though they are being sent by a legitimate company—a tactic known as phishing.

But before clicking on a link Harknett says to put the cursor on top of the link to see the URL, also known as the website address. If the URL ends in a foreign country identifier, like .ru, that tells the person receiving the email that the link is attached to a server in Russia.

“Those types of things can cue me to say hey maybe I don’t click on that link,” says Harknett. “You just have to do an extra step or two to try to make sure that you’re not clicking on links that you shouldn’t be.”

Install virus protection

The third step people can take to help secure their computers is installing an antivirus system on computers and cellphones. “Mobile [phone] malware is skyrocketing because that’s where we are,” says Harknett. “These are mobile computing devices. Most people’s digital behavior is moving off the laptop or the desktop and onto the mobile platform so that’s where malware is going.”

The other problem with mobile phones is that the print on emails and websites tends to be smaller and tighter making it harder to read, he says. In addition, people also tend to be in a rush when they’re using their phones, which means they may be quicker to click on a link, says Harknett.

Because our mobile phones are usually linked to computers a hacker can access a computer once a mobile phone is compromised, he says.

Update software

Because our mobile phones are usually linked to computers it’s important to update any software on phones and computers on a regular basis, Harknett says. That means computer users should have an automatic update function enabled on their operating systems on computers and mobile phones, he says.

Another important step to take is to update any apps that have been installed, says Harknett. That’s because if an app winds up having a security flaw and an update is not installed for that app it becomes a hacker’s pathway into a computing device, he says.

Get rid of apps

Another simple security step is to remove any apps that are never or rarely used. That’s because those apps are sitting on a computer or mobile phone and aren’t being updated. “And those become vulnerabilities in your system,” says Harknett.

Another issue related to apps is the permissions that the user has granted the developer of the app. “It may be a really cool app but you have to decide do you trust that app maker to give them access to all your contact list?” Harknett says. That’s why an app may be free because the developer of the app is turning around and selling the contact information, he says.

Nothing is free

The last step Harknett recommends is that everyone understands that in the digital world nothing is free. “We’re just paying with a different kind of currency,” he says.

That digital currency is the use of personal data, says Harknett. “You’re not paying to use Google as a search engine. But Google is making lots and lots of money. It’s the downstream use of your personal data.”

Companies and app developers are making life easier and more convenient, such as providing grocery coupons online, but at a price. “You’re paying for that service by giving them access to what you do,” he says.