A cybersecurity expert from the University of Arizona says that most thieves are all about low-hanging fruit.
Three bicycles are left overnight at a bike rack, two locked with steel u-locks and one with a cable chain. With two minutes and a pair of $15 bolt cutters, a thief plucks the cable chained bike from the rack and disappears into the night, only to sell the stolen bike the next day.
The bicycle thief and the thieves who steal assets online have at least one thing in common: They go for the low-hanging fruit. When it comes to theft online, “You’re only protected by other, easier victims,” says Hsinchun Chen, professor of management information systems at the University of Arizona.
Chen is leading a $5.4 million National Science Foundation project called “Hacker Web” to explore international hacker communities, including those in Russia, China, and the United States. He also teaches courses in the cybersecurity graduate program, part of the UA’s Department of Management Information Systems, which U.S. News & World Report ranked third in the nation among graduate information systems programs.
And after 27 years of research in cybersecurity, Chen knows, “You are only as strong as your weakest link.” We asked him for some simple ways to make ourselves less vulnerable online, and here’s what he told us.
1. Use multi-factor authentication.
What is multi-factor authentication? Good question. Multi-factor authentication essentially makes it tougher for hackers to gain access to personal information and assets online by requiring users to supply two or more pieces of evidence that they’re the owner of an account. ATMs have been doing this for years in that withdrawing money requires both a physical card and a PIN, but MFA has become a widely offered security option.
Apple and Twitter offer two-step authentication so you can protect the bank account information you provided to the Kimoji app (We get it. Kylie iPhone case flash sale!) and make sure that your Twitter remains only an account of your best Sunday brunches—not DMs from bot imposters.
2. Use fingerprints instead of passwords.
You’ve probably seen this as an option before, whether it be on your iPhone or with your Wells Fargo mobile banking account. If you can use a fingerprint instead of a password, do it, says Chen: “Faking a fingerprint using other devices is possible, but takes more effort than [stealing] a password. A fingerprint’s more trouble, and there’s so many other, lower hanging fruits.”
3. Have multiple passwords, and change them often.
If you’re still using “password” to log into your computer, you may be beyond help. While most of us already know that we should mix capitals and lower cases, special characters, and numbers in our passwords, we don’t change these passwords often enough. Change your passwords every few months, and use different passwords for different accounts.
4. Update antivirus protection software frequently.
Simple as that.
5. Use just one trusted computer for banking and shopping.
“With convenience, there’s a price to pay,” says Chen. “Don’t just log on willy-nilly.” Specifically, Chen suggests that using just one secure computer for online banking and shopping is the way to go. If you can avoid doing these things on your smartphone, you should, he adds, because they’re even more vulnerable to hacking.
6. Disguise your identity online.
“Increasingly, you have to think about disguising your identity on the internet,” says Chen. “Use multiple email addresses because then you cloud the entire space for your protection.” How so? It’s much easier to mine for gold if chunks of it are readily available in a single location than if it’s spread across hundreds of miles in trace amounts. The same goes for data mining. “If you have several email addresses and your identity is all mixed up, [hackers] can’t do data mining of you as easily. When there’s more noise in the data, the mining is harder.”