UWM cybersecurity expert shows ways to keep yourself safe online

A man works on a laptop computer.

Cyber criminals are stalking you in ways that you may not even be aware of.

On his personal laptop, Khaled Sabha demonstrates how easy it is for a hacker to get into a laptop that isn’t their own – without knowing the password. That’s the main problem with internet security, said Sabha, a senior lecturer in UWM’s School of Information Studies. Hackers know a lot more about technology than the average user.

“I don’t want to scare people, but you need to learn the things you can do that will make you more secure online, said Sabha. “It’s more urgent today than it was even five years ago.”

Sabha, who earned his bachelor’s in electrical engineering and master’s in computer engineering at UWM, specializes in IT security, networking and programming. Before transitioning to education, he was a software engineer for QuadTech Inc.

While you can’t protect yourself 100%, he said, if you know how hacking works, then you can find ways to counter it. He breaks it down for us here.

What are some common ways people compromise their data security online?

You wouldn’t leave your front door open all night when you could lock it, right? But that’s what you’re doing if you don’t pay attention to basic internet security. So, I’ll mention the top three risks internet users take when interacting online.

Hackers try to convince online users to give them access to their accounts by sending emails that appear to come from a legitimate institution like their bank or employer. With one simple click, users divulge sensitive data like passwords, usernames and credit card numbers.

Viruses and malware are other common kinds of attacks. It’s very appealing for people to download apps and content from the internet and sometimes, that’s the point of entry for viruses and malware that can expose your computer.

Internet users also are taking a risk by surfing on unsecure websites and networks – like websites with a domain beginning with “http:” rather than “https:”, or the public Wi-Fi at a coffeehouse. Even if you obtain a password for a network in a public place, that network is still public because hackers can get the password too.

Through a “man-in-the-middle” attack, hackers can intercept and read transmitted data that you’re sending by pretending to be the victim’s desired receiver. They can even capture log-ins and passwords without you knowing that you’ve been breached.

What are some protection strategies for users?

First, you need to be suspicious of the word “free” before downloading a file to your system.

Then, arm yourself by learning the clues of fake emails and URL addresses. A fake or suspicious email will have misspellings. As a simple example, instead of using uwm.edu, scammers may use uwn.edu. Another sign to watch for is when scammers add an extra character like an underscore to the URL. For example, instead of facebook.com, scammers may use facebook_.com.

When you need to do work on your laptop in a public place, like an airport or coffeehouse, do not transmit sensitive data. You should also avoid money transactions on a laptop or other wireless device too. Use a wired desktop instead.

How has social media increased the security risks?

Did you know that Facebook can take your public information available elsewhere on the web and apply it to your account? Suddenly, you’re not just a generic user – your data is linked to your identity.

Facebook’s “single sign on” service makes logging in and creating accounts for apps, games and services easy. But when you use Facebook to log in, Facebook collects all the information you have given to those apps. And it gives those apps access to your data on Facebook. Worse, Facebook can give those apps access to the data of your friends – even if those friends haven’t downloaded the app or consented in any way.

What can you do about those platforms?

There are a number of ways to reduce the amount of data you share with Facebook — including providing fake information in your profile, changing profile settings so that certain information displays only to you, and blocking apps from collecting your data entirely.

But you should also go online and delete information on third-party platforms where you “sign in” with your Facebook credentials. Better yet, don’t sign in to other apps using your Facebook account, even though it’s convenient.

Why is the job market so large for those with cybersecurity and privacy skills?

As intelligent systems proliferate, more and more security threats will appear. More companies will need to invest in skilled workers – and in professions that previously haven’t needed to.

Top Stories