How To Practice Cyber Hygiene
Cybersecurity expert Vincent Nestler says updating passwords and security is like washing your hands
We all know to wash our hands to remove germs. Vincent Nestler says we should treat our technology the same way. No, not running it under the tap. Instead, consumers should practice cyber hygiene: create strong passwords, manage them and for goodness sake stop clicking on spam. Nestler, a professor and assistant director of the Cybersecurity Center at California State University, San Bernardino explains where to start.
GearBrain: Is cybersecurity something everyone should be aware and concerned about?
Vincent Nestler: Cybersecurity is like hygiene in the 18o0s. People couldn't see the germs so they didn't didn't think there was anything to worry about it. Some people aren't putting together, 'Oh my bank account was hacked,' and putting together information on how to steal my identity. Almost everyone who has had their identity stolen, didn't pay attention to some cyber hygiene. There are almost parallels to what happened in the 1800s to prevent disease that we're trying to do to protect hacking.
GearBrain: What's the hurdle to get people to change their ways?
VN: Not enough people are getting their identity stolen to think it happens. But so many people also think, 'No one is checking my email, or wants my stuff.' Or, 'People have my Social Security number, so what?' Or someone has my email address and mother's maiden name so what?' It doesn't take much to go along way with a little bit of information. And also hackers aggregate. If they get one piece of information there, and another piece from over there, that gets aggregated, cross referenced and added to over time.
GearBrain: Should consumer be concerned about their devices being hacked?
VN: Four years ago, I wanted to get grant money for drones to teach cybersecurity. The question was what do drones have to do with cybersecurity which was fascinating. I knew I was on the right track. Drones are not flying vehicles, they are computers with propellers. Anything I can do to a computer, I can do to a computer with propellers. And even do it better. I can do it on the fly. The higher end ones that are a couple of hundred bucks, they're generally going to have motherboard, with Linux, GPS (Global Positioning System) and a Wi-Fi connection. These are what hackers salivate over. We do a Girl Scouts camp, a week of cybersecurity where we do is teach them how to fly drones, and then how to hack them from sky from an iPad. They send a sequence that gets the drones to drop from midair, and then the students learn how to secure the drones with easy firewall techniques. Theoretically ifI can hack a drone properly, theoretically I can get it to send me the GPS location of where that drone is. Or send me the images on that drone when it gets online. If I hack it right I can get it to send me information.
GearBrain: Don't companies have a responsibility to protect consumers as well?
VN: Cybersecurity should not be an afterthought. The code has to be written securely to start with. There's an analogy about coders with architects and engineers. An architect says, 'How can I build building with spiral up to the top with little stars that shine through?' An engineer says, 'If the wind hits the building at this speed, at this angle, will the building topple over?' An architect is an optimist. An engineer is a pessimist. Coders just think, 'Can I get code to do this and get around an obstacle course?' The coders have to be security minded from the beginning. It's a pain. When creating, you don't want to keep stoping yourself and say, 'What about this?' That's why it's a difficult argument to make. The bottom line is security has to be front loaded especially when dealing with weapons. A car is a weapon. Even a drone.
GearBrain: So what can consumers do today to help protect their devices, or at least their personal information?
VN: At the least practice good cyber hygiene and use good passwords. At this day in age, if you don't have a password manager, I don't now how you can be online. The Gap doesn't want to give you an account without a user name and password. So what happens is 90 percent use this same password for everything. All I need to do is break into one site, and I access to all your sites. You have security and you have functionality. The more secure you are, the less functional you are. I can either lock all the doors and have a moat and a guard dog and protect my house but if forget my keys, I can't get in. Or I can leave everything open and come and go, but then people can steal my stuff. Finding right balance is the trick. And then make sure your antivirus software is up to date. And don't click on links in your emails.