By: Emiel Haeghebaert, Reporter
Photo Credit: Getty Images
On October 6, 2018, Georgetown University’s Security Studies Program (SSP) hosted a brand new workshop for its students, entitled “Digital Security 101” and led by Meredith Burkart, an SSP adjunct and a cyber program manager at the FBI. The purpose of the workshop was to provide students with a toolkit to assist them in adopting a rigorous digital security regimen. Throughout the session, students were taught how to develop a personal digital threat map, understand the risks and vulnerabilities associated with using electronic communications, and apply basic tools and practices to maximize the security of their online activity.
The first part of the workshop focused on common concepts and vulnerabilities in digital security. What does it mean to connect to a public Wi-Fi network at your local Saxby’s? To what extent is your internet traffic secure if you are anonymizing traffic? What information does your online behavior and browsing pattern reveal to an enterprising hacker, overly curious government agency, or Internet Service Provider? These are just some of the questions raised that highlighted the importance of getting in control of your personal digital security. Even when proactive about digital security, the nature of the tools and hardware we use is such that we can never be entirely free of risks and vulnerabilities. Equipment origins is one of the fundamental issues here, according to professor Burkart. Supply chain threats to hardware are increasingly more common as a supply gap leaves room for new businesses and nation states, each with their own set of interests, to fill the void. Similarly, when trying to anonymize your internet traffic by using a Virtual Private Network (VPN), the privacy legislation and government policies in the host country of the service surely should factor into your security considerations.
Beyond the physical realm, the workshop tackled several challenges stemming directly from the behavior of the primary user. Firstly, professor Burkart urged the students to use a password manager, noting the tension between the security and complexity of passwords. Using a password manager may increase the complexity of your credentials, yet it raises security questions similar to those described above. Is the password manager storing your information online? Is the service vulnerable to attack? While many users continue to simply memorize their credentials, the use of a secure and trusted password manager may summarily augment your digital security if employed correctly. Secondly, students received an eye-opening insight into the nature of the data-gathering industry, with online services such as Facebook, Amazon, and Google using cookies to track your digital behavior patterns. By collecting information on your online activity, these private firms have the ability to advertise goods and services tailored to your perceived interests. They may also sell this data to the highest bidder – or it may be compromised in a data breach. Minimizing your exposure to such tracking methods may greatly improve your privacy online. Thirdly, purchasing your own router will increase the security options available to you when compared to the default infrastructure shipped by your provider. Professor Burkart further noted the necessity of protecting your Wi-Fi networks by taking basic security steps, such as ensuring your wireless network supports and uses, at minimum, the WPA security protocol. Using online resources to educate yourself on the different wireless security protocols available can go a long way in learning to effectively protect your traffic. NetSpot provides a software app with a thorough guide to precisely this end. Finally, routinely updating your operating system and applications, while simple, is integral to mitigating your exposure to potential exploitation by malicious actors. In sum, students were urged to proactively “know who you are, what you want to do, and then RTFM [Read the F****** Manual] to learn how to do it.”
The second part of the workshop expanded on this notion of “taking control and reducing risk” by having students map out their personal threat maps. This entailed identifying students’ personal motivations – what do I possess or have access to that is of value to me? Students were then asked to determine their technical vulnerability and to describe a worst case scenario. This fed into the students’ cost-versus-risk analysis where they were asked to classify which kinds of intrusions, attacks, and losses they are not willing to tolerate, and ultimately to select the tools required to mitigate that risk.
In the third and final part of the workshop, professor Burkart demonstrated several of the most common applications to further one’s digital security. Students learned how to use easily installable browser add-ons such as PrivacyBadger and HTTPS Everywhere to block the majority of trackers from gathering their information and to force their browsers to connect exclusively to websites with approved security certifications. Additionally, they learned how to rid their systems of malicious software running in the background through the stand-alone applications MalwareBytes and VirusTotal. The workshop continued with advice on the right approach to selecting a VPN provider, ways to properly erase your personal data from a hard disk (such as magnet wiping and physical destruction), and methods to lock and encrypt volumes of data on your system. To conclude, students were presented an extensive list of additional digital security resources to explore.
Overall, the Digital Security 101 workshop led by professor Meredith Burkart offered SSP students a broad overview of the most common risks and vulnerabilities stemming from the use of digital communication services, and demonstrated a wide range of readily available tools designed to maximize a user’s privacy, mitigate security risks, and internalize sound security practices. The information provided in this session is essential for students to think critically about their digital privacy and vulnerability to cyber intrusions and attacks, and enables them to develop a personal electronic communications security practice that adequately protects their personal information and online presence.
Here are a few easy steps to improve your digital security today:
- Use Firefox as your primary browser – it supports many necessary security-oriented add-ons;
- Install your preferred VPN on your machine to anonymize your traffic;
- Utilize a Password Manager to improve the security of your credentials;
- Enable the PrivacyBadger add-on for Firefox to make it more difficult for websites to track your online behavior;
- Enable the HTTPS Everywhere add-on for Firefox to ensure the websites you visit are secure;
- Read Netspotapp.com’s guide on Wireless Security Protocols and learn to encrypt your router connection at home;
- Internalize: “Know who you are, what you want to do, and then RTFM to learn how to do it. Take control and reduce risk!”