Faithlina Abeshima ’16 on how to keep your personal information secure.
Faithlina Abeshima ’16 majored in music and psychology, but a work-study in technology set her on a different career path. Shortly after graduating, she was hired by the university as a technology support analyst; then, in 2019, she stepped into the role of information security administrator. We asked her for advice on steering clear of the hackers, scammers, and bots.
Faithlina Abeshima ’16 advises Loggers to set up multiple layers of security to protect their personal data online, switch from passwords to passphrases, and be on the lookout for phishing tactics hackers use to try to trick you into giving away sensitive information.
Rule No. 1: Every password needs to be different. Every single one. Abeshima explains that even the longest and strongest password is “automatically weakened” if it’s repeated among online accounts. “The most important thing is that the password is unique to whatever site you’re using it for,” she says. That way, if data is breached in a nonessential app (hello, TikTok), that same password won’t be compromised everywhere—including places that matter.
Passphrases, or a string of words, are stronger than short passwords. Why? Length trumps everything. “It would take an attacker a lot longer to guess a passphrase through computational algorithms,” says Abeshima. Passphrases might be easier to remember, too—just think of a famous quote or favorite lyrics to a song. In other words, says Abeshima: “You probably won’t have to write it on a sticky note that’s taped to your computer.”
Create separate email addresses for different parts of your life, says Abeshima—for instance, have a “throwaway” one that you use only for online shopping; all of those incoming marketing emails now have a designated home. Have email addresses that are specifically for work, personal correspondence, sensitive accounts (i.e., banking), and even social media. This doesn’t just keep the inbox tidy: By diversifying these accounts, you’re boosting privacy and security. Because if just one of those email accounts gets hacked—as opposed to all of them—it should be easier to isolate and resolve.
For an extra layer of security, says Abeshima, adjust preferences on an account to send alerts when there’s unfamiliar activity. Configure your notifications to tell you if someone logged into your account or a transaction was made.
Protecting your digital footprint may seem overwhelming at first. Start by securing what’s most valuable—for many, that means banking, credit card, retirement, or investment accounts. In addition to finances, your primary email account, which is often used to reset passwords or confirm your identity, should be a top priority. “If someone has access to that,” says Abeshima, “they have keys to the kingdom.”
Abeshima suggests heading to haveibeenpwned.com to see if any of your email addresses were exposed in a data breach. There’s even an opt-in feature to be notified when breaches happen.
It’s a good habit to regularly audit what apps and programs you’re actually using—and what can be trashed. Depending on whether apps have been vetted for safety, you might be unknowingly housing an app that’s harmful (carrying malware, for example) or intrusive (such as sharing your geolocation). A bonus to keeping things in check? It saves on storage. “You can take more pictures of your cat or dog,” jokes Abeshima.
Always run updates on devices to fix any security vulnerabilities that may have developed. This includes your operating system, software, and—perhaps most importantly, says Abeshima—browsers, which is where a lot of criminal activity takes place. (Tip: Turn on automatic updates so it’s done for you.)
When it comes to phishing threats, detection is your best defense—so know how to be suspicious. “When you don’t recognize the phishing, that’s when it’s really bad,” says Abeshima. Remember that phishing tactics and attackers become more sophisticated, whether through the type of technology—maybe calling with AI-generated voice clones instead of emailing—or how the ask is socially engineered to fool you. Additionally, Abeshima says to keep a contact list handy of the legitimate websites and phone numbers associated with your accounts. Then, if there’s an issue, you can feel confident in finding help.
Abeshima is seeing more online services—beyond banking and other financial sites—offer two-factor authentication to combat data breaches. If two-factor authentication is available, she says, you should take advantage of it. (Apple and Google are starting to require it.) “Even if someone has your password,” she says, “unless you provide that second step to confirm it’s you, another person wouldn’t be able to log in.”
