As another school year commences, here are some rules to follow that can help students avoid any digital nightmares related to their laptops, tablets and cell phones:
Rule number 1 - Protect your personal and school accounts by using dual factor authentication. Using just a username and password to safeguard your account leaves you vulnerable if someone can guess or steal your password. And let's be honest with ourselves - Do you reuse any of your passwords on multiple websites? Do you read the news and hear about hackers gaining access to some of the largest companies around the world? Do you think your college IT staff has a better security capabilities than those companies?
Enabling dual factor authentication is something that can stop most attackers from compromising your account. So what is it? Typically you still use your username and password, but you need one more "thing" to access your account. That "thing" could be your phone that receives a message or code from an application/website. It could also be a security fob (like a thumb drive) that sits in the usb port to your computer. By using dual factor, an attacker will need all three devices to access your account. If you use a Google, Facebook and Twitter for example, there are easy to follow guides to enable this on your account. Your college email account might have the ability to do this (if you have Google Apps for Education at your school you do!) but you can still enable this on your personal accounts.
If you are a visual learner, below is a video that does an excellent job discussing dual factor authentication.
Rule number 2 - Encrypt your computer and phone - Have you ever lost your phone or computer? That moment of "omg my life is on that device" is not a fun situation to find yourself in when you're supposed to be focusing on your studies. Not to mention, now you need to worry about someone stealing your identity because you keep a lot of personal data on your device.
Wouldn't you want at least some piece of mind? Encrypt your device so if you misplace or if someone steals your device, it's effectively a paperweight. You can easily encrypt a modern Apple/Windows computers by following online tutorials. If you have a modern Iphone you have very little to worry about as long as you're using a good passphrase. Android devices can also be encrypted but be careful to ensure your phone is fast enough to deal with the encryption - for example, if you're phone is not a newer Android you may experience a slower phone.
On a related note - make sure you use a good password/passphrase/key on your device. If you use a digital device without at least the most basic levels of security on it you are making it easier for an attacker to steal your identity.
Rule number 3 - Try to use your personal device when you can. When you choose to use that ultra convenient kiosk near the cafeteria to check email, you're exposing yourself to a potentially compromised system. While I'm sure your college's information security team does an excellent job, attackers are very motivated and only need to get it right once. The information security team has an uphill battle and even the best teams have issues. Use your phone or tablet when you can and use a different password for your college accounts - this compartmentalizes your credentials which is a good security practice.
Rule number 4 - Never connect to open wifi connection. Would you tell your deepest and darkest secrets to a room full of strangers? STRANGER DANGER! Always use wifi that has a password attached to it. By doing so, you are using a minimum level of security or encryption. If you use an open wifi it makes it easier for an attacker to compromise your accounts.
Rule number 5 - Those anonymous apps on your phone are not so anonymous. Last fall, I remember a student telling me about this new application that college students were using to "anonymously" post about topics. Being a Professor of Digital Forensics, I was intrigued, and quickly thought to myself - challenge accepted. Later that week I found myself giving a live demonstration in my Mobile Device Forensics course. Within 10 minutes, I showed the students just how easy it was to find the GPS location of everyone in the room posting about our class. Of course all of the comments focused on how much fun the students were having but then it happened - at the same time, we all saw the same distinctive message flash across the screen. It didn't come from our classroom, rather a dormitory from a neighboring college. Someone using what was advertised as anonymous application solicited the area to engage in an adult interpersonal activity - while some may believe this is normal, my biggest fear with these applications is they create a false sense of security.
What if someone knew about the available location data and victimized that person that posted it?
As a general rule - if you're not paying for the product, you are the product, This means the application authors are somehow monetizing you as a user. Also, for the social aspect of these applications to work properly, there needs to be some type of connectivity to other users - which means there is a potential to reveal information about users.
Jonathan T. Rajewski is professor of computer forensics and Director of the Senator Patrick Leahy Center for Digital Investigation at Champlain College, Burlington, Vt. - www.champlain.edu