By Bill Pfohl
Encryption—Must We Use It?
If someone gets into your computer, you can prevent him from accessing or using your files by using encryption. Encryption has been used by governments and military to protect their data since the 1950s. Encryption comes in various strengths. The current gold standard is 256–bit encryption. 128–bit is very good, while 64–bit is fairly easy to break.
Many of you are familiar with some form of encryption. When you use the Internet for purchases, you use a “secure” and encrypted site (https://) that indicates that this transaction is secure from access by others. There may be a lock symbol at the bottom or top of the browser, which also indicates a secure transaction. On websites, SSL/TSL security layers also protect you and your data, as only you and the merchant can view the data.
If you are sharing confidential information with students’ identifying information, it needs to be encrypted. Be cautious because the more people who have your encryption “key,” the less secure your data is. It is like sharing your password for your Facebook account! Using different passwords for different file/folder data accounts is suggested.
Where do you start? First, Microsoft has file encryption built into its Microsoft Office products. If you have Office 2003 or higher, you can encrypt each file. In Office 2007, go to the Windows icon in the upper left corner and click on it, then go to Prepare. You have two choices to increase file security. You can add a Digital Signature, which will ensure that the document is yours and yours alone. Another option is to Encrypt Document. This is a password protection process for your encrypted file. Do not forget your password! This file, if attached to an e–mail or placed on a network, will have further encryption protection. You can encrypt your e–mails as well with Microsoft Outlook 2007 (see the Help menu.) Or visit http://ask-leo.com/how_do_i_send_encrypted_email.html for more general information. It is more complicated to set up encryption of other e–mails. Thunderbird and Firefox both have options to set up encrypted e–mails. I could not find any encryption options for Gmail or AOL e–mail. Gmail requires the use of a Firefox browser. The Google Chrome browser does not allow encryption at this time.
What you cannot do with Microsoft Office is to protect entire folders; you will need additional software to do this. Windows 7 Ultimate has “BitLocker” built in to lock your entire hard drive from access. It is really very easy to turn on but, again, if you forget the password, your hard drive will be forever blocked! This is the reason many people do not use these safeguards. But to practice ethically and possibly legally, I suggest you strongly consider these strategies. Protecting your computer’s hard drives and USB drives all have the same approach. For your USB drive, you can download software to encrypt files or the entire drive from the SanDisk Cruzer web site. Other manufacturers also have their specific software for encryption of USB drives. Some come already installed on the drive. Freeware or Shareware options are available on www.download.com.
If you do not have these software packages, what can you do? Go to www.download.com and look up encryption software. PGP (Pretty Good Privacy) is $149. The highly regarded Kruptos Professional 3.0 (with a free 30–day trial) is $12.95 to buy. CE–Secure Vault Edition Pro ($39.95 – download) is well reviewed. You can encrypt various parts of your hard drive with a variety of passwords. It can also lock all your files when you log off your computer. It can also encrypt DVD and CD disks and it has 256–bit security. Again, forget the password and your data is lost. I see these features as valuable to word processing files, scoring software files, etc. Free software typically has too many annoying ads.
Personal Internet Safety
Phishing, malware, cyberattacks, and spam have increased. Why? Because some individuals respond to it. Someone in Nigeria wants to give me money, I won the Irish Lottery, and a lady from the Netherlands says I won the German lottery. My favorites are the ones with “true” bank logos telling me to sign in to resolve a security problem and asking for my personal data. One very legitimate looking e–mail asked me to make a 1–888 phone call (and directed the call offshore to create an exorbitant phone bill). It was “from my credit union.” Usually an 888 number is a safe toll–free number, but not this time. So the first step is to protect yourself. Many people in this case called the credit union directly and were told it was a phishing scam.
- Do not download unsolicited e–mail attachments, particularly from an anonymous person.
- Sometimes donations are solicited, typically with an embedded link to click. Don’t do this. You may be downloading malware that can read your every keystroke and steal your personal information. Always retype a URL address that is hot linked into the e–mail if you want to check it out.
- Sharing your passwords with friends or colleagues is one way to breech your security.
- Do not respond to any e–mail that has bad grammar, misspellings, or other obvious errors. This is a warning. Just delete, even if your e–mail service automatically opens it.
- Set your e–mail filters—Thunderbird e–mail software is easy to set (www.mozilla.com).
- Report all spam to your district or university IT departments, or set up an e–mail filter to get rid of it.
- If banking or buying online, check to see if the website starts with https://, not just http://. Right now this is a reasonable indication that you are on a secure site.
- Do not send personal identifying information in e–mails.
- Chat rooms and social networks (e.g., MySpace, Facebook, and BeBo) are full of people who wish to steal your identity.
- Clear your History cache from your Web browser after each use to keep others from finding out your information and search history.
- Be very careful if you forward e–mail because your e–mail address is all that is needed to search for your personal information. You also give away all the other e–mail addresses. These can be sold on the Internet and more spam comes! If you want to forward a specific part of an e–mail, cut and paste it into a new e–mail with one addressee.
- Set your e–mail to be virus–checked for incoming and outgoing mail.
- Do not click on any hyperlink within the e–mail, retype it yourself, unless you know the sender and she actually sent the e–mail to you. If you were not expecting it, it may be bogus.
Security Suite Add–Ons
Safe surfing of Internet sites can be tricky and dangerous. There are several recent add–ons to many of the antivirus suites that can be useful in helping identify bad or dangerous links before you open them. AVG, a popular and free product, offers LinkScanner as an add–on to their Personal 2011 Suite—also updated. McAfee has SiteAdvisor as an add–on to their security suite. WebRep is available from Avast software, another free security suite.
Bill Pfohl, NCSP, is a professor of psychology at Western Kentucky University in Bowling Green, KY. He is president of the International School Psychology Association and a former president of NASP. He can be reached at firstname.lastname@example.org.