Skip to content
computer screen with digital images of padlocks locked and unlocked

Cybersecurity for College Students: Here’s What Matters

College students have a lot on their minds. Cybersecurity probably isn’t one of them.

“Safe surfing” generally gets lower priority than other things that might be on their minds, but a few simple steps taken in advance can significantly increase your security posture. Take a few minutes to make these changes and you’ve suddenly made yourself a much less attractive target to identity thieves, hackers, and other cyber threats.

Safe Surfing & Best Practices  

There are a few general practices that can make your web surfing a much safer experience. Here’s what you need to know:

  • Use HTTPS whenever possible. The ‘S’ stands for “Secure,” and ensures end-to-end encryption for the page you’re viewing or transaction you’re completing. You’ll see this indicated in several ways depending on your browser, but generally it will display as a little lock icon in your address bar. If you’re not using an HTTPS connection, anything sent on that connection can easily be seen by eavesdroppers. 
  • Be careful where you click. Most sites are safe. Many sites are not. If you’re surfing somewhere that is maybe a little questionable, be careful what you click on. This is how most viruses, trojans, hijackers, and other nefarious software is acquired. Be conscious of where you’re going, what you’re doing, and the clicks you’re making.
  • Keep things up to date. Updates fix bugs and holes, add new capabilities, and ensure that you’re not at risk for known vulnerabilities. This includes updating applications like Chrome, Firefox, or Safari, operating systems like Windows or OS X, and apps on your phone.


hand using tweezers to pick out the word PASSWORD written in red, from a field of 0s and 1s in white with a black background
Image via

Passwords are a necessary evil – we know that good ones are long and complex, but we know that we can’t remember all these random characters. We also know that we shouldn’t use the same password for every site. So what should we do? Here are two great options.

  • Use a Low/Medium/High method. Create three different passwords of low, medium, and high complexity and length. Use the Low password for your throwaway accounts. Use the Medium password for your social accounts like Facebook or Twitter. Use the High password for banking and other sensitive accounts.
  • Want to get fancy with your passwords? You can use tools like LastPass or 1Password to generate and store really long, complex passwords for every account. You simply have to remember one master password and these services will fill in the rest. The biggest upsides are long, complex passwords for every account, an easy mechanism for changing passwords, and one convenient, encrypted storage location.
  • Consider multi-factor authentication. Google, Facebook, and other service providers are rolling out “multi-factor” authentication. This combines something you know (like a password) and something you have (like a cell phone to receive a verification code), drastically increasing security for some of your most-used, most-valued accounts. If you’re worried about your accounts being reset or taken over, enable multi-factor authentication as soon as you can.

eCommerce and Banking

We all buy things online, and we use online banking services. In addition to using a long, complex password, how else can we make these things safer? 

    • Don’t use your debit card online. Debit cards are cash-equivalents linked to a checking account, meaning if they’re compromised, your cash is gone. Using a credit card allows you to dispute fraudulent charges, not lose actual cash if your account is compromised, and may even provide benefits like additional warranties or travel miles.
    • Use another browser for banking. If you usually surf around in Chrome, consider using Firefox or Safari for your banking transactions. By segregating activities, if your main browser is somehow compromised, your sensitive banking data won’t be at risk.
    • Don’t store credit card information on an eCommerce site. Apart from the major retailers who require a credit card on file such as Apple for their App Store and Amazon for their Kindle, don’t store your credit card on file at another site. The more places your information is available, the higher the likelihood of compromise. It doesn’t take that long to put your numbers in if you’re making a purchase – just think of it as the cost of safely doing business.
hand holding iPhone with iOS7 lockscreen visible
Photo via

Mobile Devices

Increasingly, we’re handling sensitive transactions on our iPhones and Android devices. Here are a few ways to stay safe when you’re on the go.

  • Use a lock screen. If you have a social networking app, a banking app, or a retail app on your phone, you should use a lock screen. This prevents people from quickly accessing your phone when you’re not looking, or can keep it safe if you misplace it. You should also consider using a separate code to unlock the phone and to authenticate to banking apps, that way if one is compromised, the other keeps you safe.
  • Think about what apps you use, data they collect, and services you’ve authorized them to interact with. These devices collect massive amounts of information about where you go, what you do, how you use your phone, and who you’re in touch with. Think twice about which apps you give access to location data, push notifications, or give access to push or pull information from services like Facebook, Twitter, or LinkedIn.

Of course, there are always threats and challenges with keeping our information safe online. There are no absolutes or guarantees in security, but these simple steps and small changes in your mindset as a user can make a huge impact on keeping your information, money, and private conversations safe.  And, in the words of iSchool professor Art Thomas, “Be careful out there!”

Shay Colson

A 2010 iSchool graduate, Shay Colson lives and works in Seattle, Washington. He uses technology to solve problems for government, organizations, and also real, actual people. You can find him on Twitter @shaycolson.

More Posts - Website - Twitter - LinkedIn