Seven months of working (virtually) with cybersecurity professionals has made me realise just how unaware many students are when it comes to their online security.
Even before the COVID-19 pandemic drove a switch to online learning, most university students needed to use a computer every day.
Whether for communicating with classmates, taking notes in lectures or doing research for assignments, technology is seriously important for any student.
I asked 15 students who were not studying computing or cybersecurity about their online security behaviours and even though this was just an informal study, the results surprised me.
Given that technology is such a huge part of student life, it is alarming how many students are oblivious to or unconcerned about cybersecurity threats.
So, here are some simple cybersecurity tips that all students (and non-students) should know to protect themselves – do your homework!
1. Stick to HTTPS websites
Doing research for assignments requires students to hop between many websites every day – but how often do you actually check the search bar?
Make sure you check that each website you visit uses HTTPS (secure HTTP, where there’s a padlock in the address bar) rather than plain old HTTP.
13 of the 15 students asked did not know the difference between HTTPS and HTTP.
Fortunately, if an insecure web page asks for passwords or other personal information, most browsers will warn you not to enter it, because data in insecure web traffic can easily be snooped on as it travels across the internet.
However, it’s important that you know the difference between HTTPS and HTTP for yourself, to ensure that all communication is encrypted against eavesdropping as it travels between your browser and the sites you visit.
The web content you look at, and even the order in which you visit a series of web pages – especially if those pages are on sites you wouldn’t normally visit, but that you need to check out for research purposes – tell a story about you that is none of anyone else’s business.
2. Be cautious about scams
University students typically receive many emails a day regarding lectures, seminars, newsletters, student union activities and other university-related information.
Despite the flood of emails, you need to stay alert, and read emails cautiously – especially if they ask you to take some sort of action on your computer such as clicking a link, downloading a file, installing a new app or changing a system setting.
To prevent being scammed or phished (that’s where you get tricked into giving confidential information to the wrong person, e.g. via a phoney website), it is important that you ensure that the sender really is who they say they are.
If you’re not careful, you could end up disclosing information and details that should be kept private, including credit card numbers, details from ID documents such as your driving licence or passport, or your home address.
When it comes to personal data, use the mantra, “If in doubt, don’t give it out.”
3. Log out or lock your computer when you’re not using it
Many students use the library to study – but there are many distractions, even in a library.
Walking away from your laptop for just two minutes for a trip to the vending machine could be potentially dangerous if you “can’t be bothered” to log out or lock your computer before you leave it unattended.
Although it’s unlikely that there is going to be somebody lurking and waiting for you to leave your account open and free for them to use for a moment, it is better to be safe than sorry.
Better to spend a few seconds unlocking your screen or logging back in than to give someone a chance to mess with your settings, peek at your files or install some sort of malicious app to snoop on you.
Even if all that happens is that one of your “friends” posts a silly Facebook message behind your back, it’s still something you wouldn’t have said yourself that ends up online under your name.
Alarmingly, only 3 of the 15 students asked said they log out of their account or lock their system when they leave their laptop unattended in the library.
We recommend that you use a hotkey to lock the computer manually. Don’t rely on “autolock”, because that usually takes at least two minutes to kick in after you leave your laptop alone. Use Windows+L on Windows or Control+Command+Q on a Mac.
4. Get yourself a good password manager
Surprisingly, 13 of the 15 students said that they do not use a password manager.
Students are probably already drowning in passwords with all their social media accounts, and when university starts, the number of passwords inevitably increases.
When you have lots of passwords to remember, it’s easy to get into the habit of using the same (or at least very similar) passwords for every account.
In other words, if one of your accounts gets hacked, the person who hacked it immediately knows how to get into all your other accounts as well.
A password manager automatically chooses and remembers a strong and different password for each account.
It also helps to stop you from accidentally putting passwords into imposter sites (that’s what we described as “phishing” above), because the password manager keeps a record of the correct web page to use for each account.
Just remember to pick a really good password for the password manager itself!
For tips on picking proper passwords, including the password for your password manager, watch our How to Pick a Proper Password video:
(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)
Reduce your cyberstress
Starting university can be incredibly nerve-racking, even without the new cybersecurity threats you face when you set out on your own into a world where you’re expected to spend hours online every day just to do the research you need to complete your course.
Trying these simple cybersecurity tips will help reduce your cyberstress – and will help you to keep your personal accounts and your private data to yourself!
Mahhn
Hello Harriet intern of Sophos, and Welcome, from the readers.
Martin Bailey
Good quick reminder list. Would also add anti-virus software & using a VPN.
May want to add separate paragraph on stressing protection of personal identifiable information.
Thank you for your time.
Paul Ducklin
We agree about anti-virus software (and go for one with a built-in web filter so it not only keeps the bad stuff out but also keeps the good stuff in, e.g. try home.sophos.com [free for up to 3 computers; modestly priced with some additional features for up to 10]).
But it might have looked a bit crass to make that one of our high-level, general tips :-)
VPNs are fine for work but for a student they aren’t much use unless the university or college has a VPN for students to connect into. Just “getting a VPN subscription because it obvioiusly makes you more secure” is a bit of a myth. You *really* have to trust the VPN provider you are using because they are effectively your new ISP, and if they are based in another country, you may have very little recourse if something goes wrong.
Here’s a video from the first UK coronavirus lockdown (when VPNs became all the cybersecurity rage) that you might find useful: