Bill Mahoney, Ph.D., a professor of computer science at UNO in the School of Interdisciplinary Informatics, is an expert in Critical Infrastructure Security.
Matthew Hale, Ph.D., an associate professor of cybersecurity at UNO in the School of Interdisciplinary Informatics, is an expert in online privacy and security.
Robin Gandhi, Ph.D., director of the UNO School of Interdisciplinary Informatics, is an expert in information assurance and risk assessment.
As the world moves forward to expand the capabilities of what you can do in the digital world, here is some advice and tips from our faculty:
What risks do people face when sharing sensitive information online?
Mahoney: First, people tend to not think and just “fire away” when posting personal information. In particular, if the site where you post the information is publicly accessible (wide open Facebook page, for example) posting may be one of your biggest risks online.
Most people know not to do obvious things such as passwords and such, but they don’t think about posting photos of their new car, news about the kid’s elementary school, and so on. These clues make password guessing easier for those that want to take over your identity.
Photos are a particular risk because many smartphones will add GPS coordinates to the metadata in the image.
Can you share a bit about Geolocation?
Gandhi & Hale: GPS-enabled smartphones allow photos, videos, messages, and social media posts to be Geotagged. Location information is embedded in the metadata for media alongside file name, date, camera information, etc.
When geotagged media is shared publicly, location information is often inadvertently shared along with it. Such information aggregated over time starts to reveal private information such as: work and home locations, daily routines, frequented places, vacation destinations, shopping places, and much more.
What steps can people take to protect information that other people do not need to see when online?
Mahoney: An obvious first step is to restrict (severely) the list of outsiders with access to the social media you post. Sites that start off “wide open” are the worst offenders, but many of these sites make it difficult to locate the controls needed to disable the external access.
Next, the best menu item on a web browser is the one used to clear browsing history, saved cookies, and content. Use it often, or enable the “private browsing mode” that some web clients use. A more extreme method is to use a browser such as the “Tor Browser Bundle” that completely masks your identity from the sites you visit.
Extra Tip: I am particularly interested in how people don’t seem to care about location services. This is something on your phone that should be OFF, period, or set to “Use when App is running” at least.
Gandhi & Hale: Protecting privacy requires Data Hiding. Deleting or hiding metadata prevents sensitive patterns from being learned over time.
To conceal browsing patterns over the Internet, Virtual Private Networks (VPN) are very effective. VPNs work by forming a tunnel between your current connection and a known network. Once a tunnel is formed, all requests you make appear as if they originate from within the known network, since they emanate from the location you have tunneled to.
How do you know if your identity has been stolen?
Mahoney: People need to do a few simple things, such as frequently monitoring their credit card and online banking statements.
Some banks have systems to send you a text if you withdraw money at an ATM, so if these features are available turn them on. Also, if the banks have any kind of two-factor authentication make sure it’s on.
What do you do if your identity was stolen?
First, if you think your identity has been stolen notify companies that you do business with. You should also go to each website where you purchase goods and change the password and delete the credit card information.
Contact each credit card issuer and let them know so that they can disable the previous account number and issue you new cards. Contact each of the three big credit reporting companies and inform them or place a fraud alert on your reports. Next, it’s good to file a report with the Federal Trade Commission.