Securing the Virtual Me

Our online activities create virtual representations of ourselves: 

  • Student
  • Employee,
  • Individual, and/or
  • Professional.

Just as our real world activities involve risk, so do our online activities. We need to manage these risks like we do with risks in the real world. When thinking about Securing the Virtual Me, you will want to consider: Risk and Privacy, Passwords, Accessing the Internet and Storage.

Risk and Privacy

Understand your own risk tolerance--for both today and tomorrow.

  • The Internet Never Forgets. Our online activities today may affect our real life in the future (6 months, 2 years, 3 years, or 20 years). Check out the Way Back Machine:

Sensitivity to Risk

  • Risk:
    • is the possibility of loss or other adverse or unwelcome circumstance
    • it is formally defined as Risk = Likelihood x Impact
  • Five areas:
    • Loss of Confidentiality
    • Loss of Integrity
    • Loss of Availability
    • Loss of Privacy
  • Assessing sensitivity to risk should consider the following:
    • Would you care if your friends, family or employer read about this on the front page of the newspaper?
    • How would the loss of the information hurt you?
    • Could this hurt you in the future?
    • What information are you sharing that is likley to be data mined by the "free" service for targeted advertising or other uses?


Consider the value proposition in “free” online services

  • Not confidentiality – But control of your personally-identifiable information
  • Controlling what information gets collected, processed, and shared about you

Password Considerations

Passwords: use them only once, think about their complexity, and think about how often to change them.

Managing Passwords

Number of Passwords is Increasing

  • Consider software such as Password Safe or Last Pass to store and manage your passwords across computers and platforms.
  • Some support multiple platforms:  PC, Mac, iPhone, iPad, and Android

Consider 2-factor Authentication

  • Uses a password and a second authenticator
    • can be a code generated by a mobile phone
    • or sent to the mobile phone by SMS
    • or a voice call
  • Supported by:
    • Google
    • Microsoft
    • Facebook
    • Twitter (in planning)

Other Password Considerations

  • Check to make sure that forms on which you enter passwords are protected with SSL. The URL should begin with https://
  • Log off from your computer if you are going to be away from the keyboard – even for a short period of time

Accessing the Internet

Personal Mobile Devices – BYOD

  • Usually called BYOD or Bring Your Own Device
  • Users connecting to the corporate network with their personal device to:
    • Access personal, corporate, and third party data, content, and services.
  • Representative of a disruptive technological evolution
  • Mobile, Always On, Real-Time Computing 
  • Cloud Computing and other ‘services’ are other examples of disruptive technology eradicating the organizational boundary.

Wireless Hot Spot Security

  • “Free” wireless hot spots are everywhere. Almost every coffee shop, fast food restaurant, airport, train, and intercity bus is offering one.
  • Besides honest users and hosts, they attract malicious users as well.
  • Better ones implement good access point security: WPA2 or WPA.
  • Understand the risks of using WEP or no security-enabled access points. Consider a secure SSL proxy such as Hide My Tracks:

Home Access Point Security

  • Home Access Points/Routers are usually not secure.
  • Be careful of the default security settings
  • Some ISPs do a very good job of securing their access points/routers: WPA/WPA2; long-random, shared keys.
  • Do not broadcast your SSID.
  • Use WPA2/WPA.
  • Select a maximum length (63 characters for  WPA) random key, e.g. j70Al8{#hzeNY.ll$ps2<xrRpeAU\@Y^F9/tYA43=k'oqG9u?G0.+hD2?%QCZRH
  • Some good WPA key generators are on the web.

Anti-Malware/Desktop Firewalls

Anti-malware/anti-spyware software can detect and remove things that anti-virus software may not.

  • Critical software components - Ensure your anti-virus & anti-malware application is installed and checking for updates.
  • Good options on the market

Web Cam Security

  • Do you have a web cam in your laptop/tablet/phone?
  • Have you considered the “risks” if it was turned on without your consent?
  • Some cameras have a shutter. A small piece of vinyl tape works well, too.


Test Your System Restoration

  • Do you have a plan to restore your computer?
  • Have your ever tried to restore your computer from the backup? Backup and the test the restoration of your laptop, tablet, and smart phone.
  • What would be the consequences for you if your computer crashed, had a data loss, or was stolen?
    • Students, staff, facility, and researchers have lost critical papers, theses, and dissertations.
    • Reconstructing their work represented a critical impact.
  • Options include USB drives and Cloud-Based Storage
  • Remember to test it!
  • Remember to ask “Where is my data?”

Cloud-Based Storage

The university will be soon providing secure cloud-based storage that is hosted at the university (available summer 2014). Cloud-based storage solutions are available:

  • Cloud-based storage drives include:
    • Microsoft OneDrive
    • Google Drive
    • Amazon Cloud Drive
  • Understand the data agreement with these storage options
  • Know where your data is!
  • Know what your risk tolerance is!


Last modified on