Before the term “cybersecurity” hit the mainstream, Tony Wilson was fending off cyber attacks for Target. He was part of the team that handled what was the biggest data breach to date when Target was hacked in 2013. He now leverages the experience he gained there to work as a cybersecurity consultant.
“That event had a big impact on the cybersecurity industry,” says Wilson, who also instructs the University’s Cybersecurity Boot Camp. “After it happened, companies gained a stronger appreciation for what protections and staff need to be in place to react to and minimize breaches going forward.”
To help us all be more secure online, Wilson listed four mistakes that many of us make, along with tips to remedy them.
Mistake #1: Using the same password across multiple accounts.
“Think of your password as a key,” says Wilson. “If you use the same password on, say, Amazon and LinkedIn and a hacker gets their hands on it through a breach at LinkedIn, they will try the password on Amazon and a bunch of other sites to check whether that password will give them access to those accounts.”
Remedy: Use a password manager that stores more complex, unique passwords so you only need to remember a single password—the one that accesses your password manager. A password manager such as LastPass is more secure than the Post-it Notes on your desk yet offers the same simplicity and can synch with all your devices.
Mistake #2: Using public Wi-Fi. “Don’t use Wi-Fi that doesn’t require a password to log on,” says Wilson. “Anyone with rudimentary software they can freely download can eavesdrop on your online conversations and potentially steal confidential information, if they are so inclined.”
Remedy: Only use password-protected Wi-Fi—which doesn’t include the Wi-Fi that anyone can get the password for, such as at the airport or your local coffee shop. If you do need to use public Wi-Fi, you can look into VPN services that can encrypt all your traffic.
Mistake #3: Not properly securing personal devices. “You’re leaving yourself open to personal and professional compromise in the event of loss or theft if you don’t require passwords on your computers, phones and tablets,” says Wilson.
Remedy: Lock your devices and use two-factor authentication such one-time passcodes or biometrics (e.g. facial recognition, fingerprints).
Mistake #4: Opening links or attachments in email from unknown sources, which can unleash malware on your computer and leave you vulnerable to theft of personal data.
Remedy: “Verify that the email is coming from a reputable source. Even if it’s someone you know, be on the lookout for anything suspicious. And delete emails from sources you don’t recognize,” says Wilson.
Interested in a career in cybersecurity? For an inside look at the U’s Cybersecurity Certificate, read “Cybersecurity Boot Camp Launches at the U of M” and hear more from Tony Wilson and two students currently enrolled in the program.