Raising Cybersecurity Awareness and Accessibility

Admit it, you’ve reused passwords.

Despite all the warnings about proper credential management, we’ve all repurposed passwords across multiple accounts.

Northwestern Engineering’s Sruti Bhagavatula, assistant professor of instruction in computer science, readily acknowledges the disconnect between people’s awareness of key cybersecurity prevention strategies and their lack of subsequent action. And while she recommends people keep strong and distinct passwords, her research findings indicate that some users still do not implement these best practices, even when their passwords were breached.

As an instructor, Bhagavatula aims to raise awareness of core security and privacy fundamentals that any technologist building or working with systems needs to know, including security by design, threat modeling, defensive application security, secure authentication, differential privacy and anonymization, and algorithmic fairness.

She launched the department’s first data privacy course – COMP_SCI 312, 412: Data Privacy – in winter 2022, her first quarter teaching at Northwestern. Since then, Bhagavatula has also introduced COMP_SCI 308: Foundations of Security and COMP_SCI 396/496: Security and Privacy Education.

Safe Security ‘Information Hub’

Building on their discussions of pedagogical approaches and security-first technology design, students in Bhagavatula’s winter 2023 Security and Privacy Education class developed a series of technical articles and advice documents, exploring subjects ranging from common internet scams to creating secure machine learning pipelines to safeguarding startup companies against external security threats.

Bhagavatula planned to showcase the students’ work and valuable insights via an online repository. When Bhagavatula was approached by the Safe Security student group founder and president Kris Yun to become the cybersecurity club’s faculty adviser, the two realized an opportunity to collaborate on the project.

Last spring, the Safe Security team launched the Information Hub.

Safe Security codirector of education Chloe Braswell, a third-year student in economics pursuing a minor in computer science through Northwestern’s Weinberg College of Arts and Sciences, led a team that edited the student-written articles to be jargon-free and more accessible for a broad audience.

“We want to help people implement security and privacy best practices in their daily lives or in their work — guidance that has historically been less available to certain demographic groups,” Bhagavatula said. “Additionally, technologists and engineers who build software often do not know about the fundamentals of security as it's often considered a separate field.”

“The articles are enriching even for security-conscious individuals, and almost anyone can learn something new about safe cyber habits by reading the articles,” said Bennett Lindberg, a third-year student in computer science at the McCormick School of Engineering and Safe Security’s director of technology.

Bennett, like most of us, has a personal connection with cyber schemes and internet fraud.

“Security is a pressing concern in our technology-filled lives,” said Bennett, who has served as a peer mentor for the Foundations of Security course. “As someone who’s family members — both young and old, tech-savvy and not — have been impacted by cybersecurity scams, I feel that it is important for technically-driven students to apply their strengths to security and to spread security awareness to our peers.”

Safe Security members aim to develop Information Hub articles on an ongoing basis and plan to cover topics including election security, cyber public health, and recent events in cybersecurity such as the massive July outage caused by the faulty CrowdStrike update.

Building community

Through Safe Security, Yun seeks to create a community of students interested in cybersecurity.

“I'm passionate about making computer science more accessible, which means connecting students, engineers, industry professionals, and users. Regardless of the discipline, I believe that we should prioritize creating positive impact products rooted in ethics, longevity, and humanity,” Yun said. “Folks often see cybersecurity as a nebulous field of hacking and identity fraud, but users can protect themselves online with actionable steps.”

Yun is pursuing a double major in computer science at Weinberg and social policy through Northwestern's School of Education and Social Policy. She is a peer mentor for the COMP_SCI 214: Data Structures and Algorithms course and an intern at security consultancy Shostack + Associates.

Safe Security hosts discussion meetings focused on ongoing cyber threats and organizes writing workshops for members to build skills and practice communicating this knowledge to non-technical audiences. Undergraduate and graduate students across the University are welcome to participate — subscribe to Safe Security’s mailing list to learn about upcoming events.

Cybersecurity tips

As Cybersecurity Awareness Month draws to a close, Bhagavatula shared five tips to incorporate preventative security and privacy in our daily lives:

1. Use a password manager (including the default browser tools) to generate and maintain strong and distinct passwords.
2. A legitimate financial institution will never send you an email or text with attachments or links asking for sensitive information like your password, account number, or Social Security number. Do not click links or open attachments from accounts claiming to represent a financial institution.
3. If a URL or email sender address looks odd or suspicious, do not click it.
4. Use multi-factor authentication to add a layer of protection to your accounts.
5. Do not ignore email breach notifications and change your password if your data is compromised.