Cybersecurity 101 for Academics


First, I recommend these two resources, and will forego explaining good social media security since they do a good job.

COACH — Crash Override’s Automated Cybersecurity Helper

Center for Solutions to Online Violence

I’ve gone through the COACH process and it took a couple hours all told.  In my case there was one time-consuming glitch but it mostly involved sitting on hold with a call centre and I was able to do other things.  Note that these have an American bias but are still useful because the internet is dominated by American corporations, at least for now.

Password security: the current prevailing wisdom is that longer is better, and a password manager like 1Password or Lastpass is a good idea.  You don’t have to use random passwords. A nonsense sentence with some capitals and lowercase and numbers is all you need.

Better security: two-factor authentication takes advantage of the fact that so many internet users are also constantly around their mobile phones.  The most common way this works is you enter your password and then the site texts a 1-time code to your phone. This means someone would need your password and access to your phone to get into your account.  HIGHLY recommended.  It is amazing to me that universities lecture their populations on cybersecurity and don’t have this feature, which is better than the hardest to crack password in the world.

If you have a professional website that you maintain make sure it has good security as well: two factor authentication, and if you’re using WordPress or some other CMS, read up on security plugins and use them.

If you have a land line (quaint, I know), consider paying for it and your address to be unlisted.

Pseudonymity is also a good idea.  I’ve seen people change names on Facebook profiles, use aliases on discussion boards, etc.  This just makes it harder for someone to find stuff about you in a google search.

If you are subject to hate speech on a platform, turn off your instant notifications, and if need be, have a friend monitor for you (you can make a pact with someone).

Also, remember, you don’t have to be on Twitter or any other particular service (even if you study Twitter, it doesn’t mean you have to be on Twitter under your own name), and you don’t have to read what people say about you online.  I know this is a bullshit answer but until Twitter, Amazon, et al get serious about dealing with online violence, it’s the answer I have to give.

This page will grow as I come across more useful suggestions.