Simple Steps to Keep Your Online Data Safe
Remote work opens up security vulnerabilities that require attention
Earlier this year, Lisa McLamb and her family got first-hand experience about data security vulnerabilities.
Due to a non-Duke related breach involving a bank, her husband’s social security number and other personal information were compromised, setting off a prolonged process of sorting out what exactly happened and ensuring protection from any resulting damage.
While the situation was not the result of any activity by her family, McLamb, an administrative assistant in Duke’s Office of Audit Risk and Compliance, took the incident as a wake-up call to re-examine her data security. And with much of her work and life unfolding online, she made cybersecurity a priority.
“All of this made me very curious about security,” McLamb said. “This can happen to anyone. You don’t know where some threat will come from or when it will happen. It could be anything, any link you click.”
McLamb took part in the webinar entitled “Security 2021: Protecting Yourself and Your Data in a Post-Pandemic World” organized by Duke’s IT Security Office in April. The webinar, a recording of which can be viewed online, outlined some threats and prevention tips that are helpful while working from home.
“Due to the pandemic, the workforce was forced to shift to remote work as much as possible,” said Niko Bailey, a vulnerability management analyst with Duke’s IT Security Office. “The shift was immediate and didn’t really give time for people to prepare for the disastrous effect it was going to have on our lives. New technologies were adopted quicker than most were prepared for, causing introductions to new threats and new obstacles to overcome.”
By allowing a malicious piece of software onto your computer, hackers can gain access to your microphones, cameras, files, text on your clipboard and even record your keystrokes. And with ransomware, they can encrypt all of the files on your device and demand payment to get them back.
And don’t think that your online exposure is too small for hackers to infiltrate. According to a 2020 report by Verizon, 58 percent of data breaches involve the theft of personal data, roughly double from 2019.
Here are a few of simple safety steps you can take right away to keep your Duke data and personal information safe.
Protect Your Network
If your home is also your office, odds are you’ve got a wireless router that connects the devices that make both your work and life possible. And it’s that router that can also allow hackers to intrude on your network and steal data.
To help keep your home network safe, there’s one simple step Duke’s the IT security team recommends taking now. Your router probably arrived with a default administrator password. Set by manufacturers, passwords can easily be found online by hackers, so change it to your own unique and strong password.
“Unfortunately, most people don’t change the default credentials for their router,” Bailey said.
Janil Miller, the librarian for marine sciences and coordinator of the Pearse Memorial Library at the Duke University Marine Lab, takes her personal IT security seriously, but even she said that, after watching the webinar, she was going to go back and double-check that she changed the password on her wireless router.
“I wasn’t quite sure about that, so that’s something I’m going to check,” Miller said.
Keep an Eye on Kids Online
By now, the lessons about not clicking on sketchy links or downloading software from sources you don’t trust should be second nature.
And it should also be instinctual for all Duke employees not to click on links or download anything in emails that look fishy. If you have a concern about an email, click the "Report Phish to Duke" button in the toolback in your Outlook email to let the Duke IT Security Office handle any potential threat.
But for children, many of which got their first heavy dose of online activity during the past year, these bedrock principles of web safety may not be as familiar.
And with the IT Security team pointing out that hackers often target players of popular online games such as Fortnite and Roblox with ads and search terms that can lead to malicious software, young users can make your network and devices vulnerable.
Among the recommendations from Duke’s IT Security team are talking with your children about the dangers of clicking on suspicious links and downloading software and making sure that children’s home web surfing happens in a central place, where parents can see what children are doing online.
McLamb said her 8-year old grandson often visits her home and plays online games. While she tries to keep watch on what he’s doing and has talked with him about not downloading anything, she still knows having young internet users in the household brings with it increased risk.
“It’s not as trusting a world as it used to be,” McLamb said. “You’ve got to be on your guard.”
Take Advantage of Duke Resources
The Office of Information Technology (OIT) provides several tools at no charge that you can use to protect yourself online.
Chief among them is LastPass, a password manager you can use on all of your devices that can create and store long, strong, secure passwords for all of the sites and functions you encounter online.
“A password manager allows us to, at the very least, keep us from using the same passwords so if one service is affected, it’s just one service, it’s not also your email and your banking account and your Facebook and other social media,” Bailey said.
While Duke-owned devices – including those used by remote workers – come equipped with IT security software, Duke is offering the CrowdStrike anti-virus software free for personal computers for a limited time and on a voluntary basis. This will allow faculty, staff and students to protect their home computers using the same technology currently in place for Duke-owned computers.
You can also stay up to date with the latest online safety news by visiting the IT Security Office website where you can find helpful stories offering online safety tips.
And Duke community members can always email security@duke.edu to ask about any safety concern, device or question they may have.
“I’m a bit of a geek on security,” Miller said. “I really am keen on following best practices as much as I can, though I was alarmed to see how easily people can get hacked. I think it’s easy for all of us to not keep that front of mind all the time since there’s so much on our plate already.”
Send story ideas, shout-outs and photographs through our story idea form or write working@duke.edu.