by Kate Fries
“The human element: arrogance, ignorance, and inaction are your weakest points of entry” – John Sileo
I recently attended a workshop on Cyber Security presented by John Sileo of the Sileo Group (www.sileo.com) and learned a number of simple actions that we each can take today to protect ourselves from hackers and identity theft.
Keep your mobile devices with you
Phones, tablets, and laptops often get left lying around - at the office, in the gym, at the table at a conference, your locked hotel room that housekeeping will tidy up while you are at the pool. What I learned at the workshop is that someone can take your device while you are not looking, access the information that they want and PUT IT BACK without you ever knowing. Keeping your devices away from evil do-ers is your first line of defense. If you need to leave them in a hotel room, put them in the safe and consider leaving the " do not disturb" sign out.
Put a passcode on your phone (and tablets and laptops)
So called "smart phones", maybe should be called "pocket sized computer that you can also talk on", since that is what they truly are. And like a computer, they have large amounts of personal information and access to even more information via apps - anyone check their bank balances from their phone? Or maybe their Schwab account? I do.
If you happened to have left your phone lying around (which of course you wouldn't since you read action item #1) and the phone is locked with a passcode a thief is unlikely to take the time to try to figure it out and will move on to the next desk/locker/phone left on a table at a conference/hotel room.
I initially was very resistant to this as I wanted to make sure that if I were in an accident the police could access my emergency contacts. I then learned that you can add your emergency contacts, as well as medical information, to the "health" app on an iPhone that is accessible when your screen is locked. For Android phones depending on your phone you may be able to enter the information in settings or purchase an app. Here is an article with more information: http://www.pcmag.com/article2/
Check your Social Media Privacy Settings and Don't Share Too Much
Turns out that Social Media is the number one place hackers use to research their victims. Lots of pictures of your trip to Asia? Updates letting people know where you will be next? These are advertisements to hackers that can be used to set up scams asking for money to be wired to "you" while you are traveling and in need of help. Heard of those?
Check your privacy settings often and make sure you are not sharing to the general public and only to people that you know and trust. Also, be sure to log out of your social media account when you are not using it.
Implementing these 3 steps alone will go a long way to protecting yourself from identity theft and hackers. Getting started and taking action today is the most important thing. Go ahead and check where your phone is, add a passcode or update your emergency information. I’ll wait. Done with your phone? Excellent!! Now do a quick check on one social media’s privacy settings and log out of the rest. I’ll go do the same.
Ok, ready for more? Here we go!
Read Email Addresses from Right to Left
Most of us have received some form of a "phishing" email at this point, where an email is asking us to click on a link to some organization that looks familiar to us. These use to be easy to spot by their poor grammar and formatting, however, those days are gone and the scams have gotten more and more sophisticated. One way to help spot these phishing scams is to read the email address and any links they want you to go to from right to left, versus the typical left to right. On the left they often have names that we recognize to lead us to believe it is a legitimate organization, however, the details on the right can give away that it is a scam. For instance "Schwab.us.net" is very different than "Schwab.com". When in doubt, open up a separate browser and access the website that you know directly and see if you indeed have an alert/notice/whatever action they were requesting
- "Free” Wifi = Free Information to Hackers
Any information you access via an unsecured free wifi system can be seen by others. This may be fine for checking the weather or reading the news, but it should not be used for accessing private information such as financial accounts, email, even social media.
A better option is to create your own "hot spot" using your phone via a process called "tethering". Be aware that while this option is more secure, you will be using your data on your wireless plan and could have overage charges it you go over your limits.
For iphones: http://www.howtogeek.com/213203/how-to-use-your-iphone%E2%80%99s-hotspot-or-a-usb-cable-for-tethering/
For Androids: http://www.howtogeek.com/170302/the-htg-guide-to-tethering-your-android-phone/
- Create strong passwords and use 2 Factor Authentication
We have all been told repeatedly to use strong passwords - at least 12 characters, with upper case and lower case letters, including both a number (but not ending in a number), and a special character. How does one do it? And after I have managed to create one, how do I remember it?!? I have been using LastPass (www.lastpasss.com) for the last few years to both create and store challenging passwords. Two other companies that were recommended at the workshop were DashLane (www.dashlane.com) and 1Password (www.1password.com). These programs both create hard to crack passwords and store them securely. The cost for these services are free to minimal. An added benefit to me, is that it also leaves all of my online information accessible in case of my incapacity or death.
What if someone hacks my password account, though? This is where 2 Factor Authentication comes in. Most websites with sensitive information including password vaults, financial institutions, and email have the option of requiring an authentication code that is available via an app on your mobile phone that you enter when you log into a website after entering your strong password. This way, if someone were in fact able to crack your password (Authentication Factor #1), they would also have to have your phone AND passcode for your phone (see action item #2) in order to enter the random code provided (Authentication Factor #2). Here is a 1 minute video that sums up the general premise well: https://www.youtube.com/watch?v=aREThSl1a4Y
For more information and ideas on how to protect yourself online, see John Sileo's (the presenter at the workshop I went to) blog: http://www.sileo.com/blog/