October is Cybersecurity Awareness Month, so this week we sat down with senior Justin Hudis ’23 in the Advanced Cybersecurity Experience for Students (ACES) program to learn how we can protect ourselves from online threats and protect our data.
One of the first things to come to mind when thinking about online security is passwords. It’s so overwhelming to create and remember new passwords all the time! What’s your advice?
You should use a different password for every account because if a hacker gets one, they gain access to everything. But it’s really hard to remember so many passwords. I recommend using a password manager so you only have to remember one master password. My favorite is Bitwarden, which is free and open source and syncs across all your devices. In terms of creating a strong password, the main thing to keep in mind is that the longer the password is, the more secure it is. You can still make it memorable—a string of four random but common words like “correcthorsebatterystaple” is easy for us to remember, but hard for computers to guess.
We hear about the dangers of phishing, but what is this exactly?
Phishing is any attempt by a malicious party to derive sensitive information from you by masquerading as a legitimate source, typically by means of email. For example, you may get an email that looks like it is coming from PayPal, but it is actually fraudulent. You may be asked to click a link that goes to an insecure site and asks you for confidential information or that could install malware on your computer. Always go around whatever system they want you to use and contact the company directly.
Some telltale signs of phishing emails include typos, weird characters (like PayPa1 instead of PayPal) or asking for information that feels wrong. A company like PayPal or your bank will never send you an email with typos in it.
What about phishing scams where a hacker pretends to be someone they’re not?
This happens a lot—you may get an email that looks like your boss or professor asking you to contact them immediately. Our own campus has had an issue with phishing emails going out under the guise of department chairs and deans. Check the tone of the email and always stay on alert for things that seem suspicious or out of character.
Phishing can also happen by phone, like if someone calls to tell you that your financial information has been compromised. Usually, they try to play into your emotions by saying that a friend or family member is at risk, your information has been deleted, or you did something wrong and you need to pay to get it fixed. If you find yourself on such a call, never let someone walk you through something on your computer and take control of your screen. And never send anyone money in gift cards.
We share so much of ourselves online through social media. What should we be wary of on sites like Facebook, Instagram and TikTok?
Always ask yourself, “How private do I want my life to be?” Do you want people to be able to search your name and see your face, get your email address or find out where you live? If you are worried about privacy, it would be best not to use these services. But if you do, keep in mind that anything you share can be shared publicly and it could be there forever. Even when you think you’ve deleted something, it could be saved in a database somewhere. Also, any photo you post on the Internet may have additional data stored in it, like when and where it was taken.
What about anti-virus software? Do we really need it?
Definitely! You should always have something on your computer that will warn you about potential threats and keep you from going to dangerous websites. Often your computer will come with basic anti-virus software, but consider getting another service to bolster your security even more. UMD offers FireEye malware protection to faculty and staff, but options are more limited for students.
Justin Hudis is a senior computer science and mathematics major and ACES and RAS minor. He completed his ACES Honors citation in 2021. He has interned for the past three years as a defense contractor in software engineering.
ACES students have the opportunity to explore the world of cybersecurity and its real-world applications all within a close-knit community. Students gain practical experience through close partnerships with leaders in the field and experiential learning. Learn more about the ACES program at aces.umd.edu.
By Kate Spanos ’16 Ph.D. theatre, dance, and performance studies