Security Princess and OURSA

This semester, I am enrolled in "Sensitive Information in a Connected World," a class related to the intersection of security and technology. Course discussions led me to wonder: what do I need to do to ensure that I am using the internet in a safe and secure way? I turned to one of the ultimate authorities when it comes to cybersecurity: Security Princess and Browser Boss, Parisa Tabriz.

Tabriz is a white hat hacker for Google Chrome, meaning that she detects vulnerabilities in the Chrome browser so that they can be resolved internally, instead of being exploited by black hat hackers. Not only has she been featured by ELLE, Wired, and Forbes, but she has also helped organize OURSA, a security conference featuring a diverse group of participants, to be held April 17th in San Francisco. Although tickets are already sold-out, you can still donate to "be there in spirit." Proceeds after costs will go to charities that support diversity in tech. To learn more, visit https://www.oursa.org/.

When it comes to security, there is much to learn, but focusing on two areas in particular--phishing and passwords--can dramatically improve your technological know-how in a short span of time.

Phishing

Some studies have suggested that the average human attention span is about eight seconds. It should come as no surprise, then, that people want to quickly handle emails when they come in, especially because of the gamification of reaching Inbox Zero, the point at which one's email inbox is completely, or almost, empty. Most of the time, this is fine, especially because Gmail’s Smart Reply can allow you to send off a “Sounds great” message when your manager confirms a meeting time.

On the occasion, however, when an email has a link, your inclination towards maximum productivity and progress can work against you. Suppose the link appears to be from a known entity, directing you to a website with which you are familiar. It is in your best interest to think before clicking. Were you expecting a link from the individual? If you copy and paste the link text, as opposed to clicking on the link in the body of the email, is the URL what you would expect it to be? If you can’t answer yes to these questions, it is likely a bad idea to follow the link.

Passwords

Think of passwords as the digital version of keys that you use to access your home, dorm, or office: you use a different one for each location, you don’t give them out, and you change your locks if there is a break-in.

Using a different password for all of your accounts means that if there is a data breach on one site or service you use, the hacker gets one of your keys, not the entire keychain. Need to know whether you have to "change the locks"? You can use Have I Been Pwned (https://haveibeenpwned.com/) to check if you have been a victim of any recent data breaches.

Understanding phishing and passwords is only the tip of the iceberg, but it's a good start. In order to dive a little deeper, I asked the Security Princess herself a few questions. Here are her answers:

Q: You mentioned the risks of publicly-used computers in your Medium post. Do you use public WiFi networks, like Starbucks WiFi?

A: Yep!

Q: I don't really need to ask, but we should all be using Chrome and Google Drive for the best security, right?

A: Duh! Definitely recommend Chrome, but I'm obviously super biased. That said, there are a few very thorough research white papers that recommend Chrome (https://www.blog.google/topics/connected-workspaces/2-new-white-papers-examine-enterprise-web-browser-security/).

Q: It doesn't have to be security-related, but do you have a TV recommendation?

A: Silicon Valley and Black Mirror

Q: Book recommendation?

A: I recently finished and loved the fiction The Unbearable Lightness of Being. In terms of non-fiction, I regularly recommend Crucial Conversations.

For advice directly from Security Princess and Browser Boss Parisa Tabriz, check out her article on security tips at: https://medium.com/un-hackable/pwnd-fcfce7884be