Students lack Internet safety knowledge
August 31, 2010
Think twice before putting personal information on the Internet.
Matthew Sullivan, of the Information Assurance Student Group, demonstrated to students Tuesday exactly how easy it was to access data like bank account information and passwords.
IASG, one of the largest student-led security groups in the Midwest, provided a lecture on social engineering, the ability to get personal information such bank account and passwords from strangers.
Blending the lines between technology and psychology, Sullivan examined how easy it was to gain information from random people if trust is established.
“To think you know better is actually false,” Sullivan said, “You are always less smart than you think you are.”
Sullivan opened the presentation with a video study he had done, in which he stood outside the Park’s Library stating he was from the College of Engineering conducting a fake survey on passwords. His goal was to try to get passwords from random students on campus to legally show how easy it was to acquire them.
Sullivan was able to gain personal information, including passwords, by asking individuals for their full names and other factors they consider when creating passwords.
Despite the fact each person told Sullivan he or she would never give out a password to a random stranger, more than 50 percent of the individuals surveyed wrote their password directly or provided enough information to obtain access to university e-mail or Facebook.
Sullivan was able to get this information by providing a premise to gain their trust. Students should be wary of unknown people asking for information.
Sullivan blamed the problem on lack of Internet security training for students.
He said the best way to protect oneself from phishing and other forms of hacking is to not give password information to any party — not even the university.
It is also important to remember to change a password frequently — at least once a month — and to not have the same password for everything, Sullivan said. When accessing a log-in page, check the URL to make sure it is not a phishing site.
“You don’t need to think about it every day, but keep it in the back of your mind,” Sullivan said.
How to stay safe on the internet:
- Remember no one should ask for your password
- Check log in URLs to make sure you are at the right site
- Change passwords frequently
- Do not use the same password for everything
- Always log out when you are done using a computer
- Always shred personal information
- Make sure with password hints that the answer can not be found on your personal site, such as Facebook