This Month’s Predator is Devin T., a tech expert who’s played on both sides. His location? Anywhere (you never know…).
In seconds, $600 disappeared from the Starbucks customer’s bank account on Christmas Day, wiping out her checking account. Her only mistakes? She linked her Starbucks prepaid card and mobile app to her bank account – and had a password that hackers were able to crack. Easily.
Are You Protected?
Hackers are coming up with creative new ways to get into your pockets. Sometimes it’s through pre-paid cards, or frequent flyer and loyalty account reward points, any of which can translate into real dollar losses.
“Most people have no idea how much of a target they are,” Devin said. “Pre-paid cards on apps are a wonderful convenience. We can’t thank you enough. And when those cards link to your bank or PayPal account, it’s like hitting the jackpot. Another thing. People are so lazy with their passwords. They use really short, really obvious ones. And the same one for everything. Makes a hacker’s job easy.”
What About Social Media?
Sometimes it’s your very own social media accounts that open the door.
“Social media is a great way to gain access to someone’s accounts,” Devin said. “People let their guard down on social media. You’re among friends, right? But really, you should be even more careful in the virtual world. Your friend’s account can be hacked. Be wary of any odd messages or hyperlinks, and verify before you click. And don’t forget good hygiene. Connect with only known folks, even on LinkedIn. Who knows, you could be connecting with an agent of influence.”
So many opportunities, so many passwords, so little security. Instead of feeling overwhelmed, keep your data safe by taking these steps. Before you begin to worry about phishing, focus on Cybersecurity 101. Start with a strong password.
Cyber Security Safety in Action
Step No. 1 – Password Prophylactics
Remember the 1:1 Rule
Use a unique password for each social media site or website. This is not the time to “go green.” Recycling only pays off for the bad guys. Hackers love to steal social media passwords and try them on your banking and credit card sites. You might as well just hand them your charge card.
Go to Extremes!
No reason to leave the front door open and invite the bad guys to walk right in.
The first step is to create a strong password. If you add just one more digit to your password, the file size and time it takes to break it increases exponentially. The guidelines being updated by the United States National Institute for Standards and Technology (NIST) for password policies for the entire public sector of the U.S. government recommend a minimum of eight characters. Note, the minimum, not the maximum.
Use a variety of characters in your passwords, and implement different levels of passwords for your important information.
Obviously, you want to avoid using easily discoverable personal information such as your name, mother’s maiden name, birthday, driver’s license number, passport number or similar information. Avoid common phrases like “12345,” “password” or the name of your favorite sports team.
Consider a password manager…
Lots of programs are out there and some are even free. Yes, they can also be breached (if you’re careless), but having longer, stronger passwords is a good thing. And by using a password manager, you don’t have to remember your passwords.
But aren’t password managers expensive? Look at LastPass. The free version is great for one device. And for only $12 – per year! – you can use LastPass Premium on all your devices and synchronize your passwords to them all, so you’ll never have to wait to get home to check your bank balance, for instance.
…Or a password generator…
These services generate strong, unique passwords for each of your sites and store them in an encrypted digital database. The software automatically fills in your information and credentials when you login, defeating malware that tracks key strokes. Some will provide a portable version on a flash drive so you can plug and play. But… practice safe plugging. If you’re tempted to plug that flash drive into shared public computers like in a hotel business room, don’t do it.
Here too, LastPass has you covered.
…And security software.
The next step is to practice protection for your computer and your cell phone by using security software that offers anti-malware, anti-spam and a firewall. You have a ton of choices. Some offer free trials. And you’ll want to think about encrypting the data on your hard drive or SSD. Read reviews on credible websites like Tom’s Guide, then check what real users say on Amazon.
And you might not need to pay for an internet security suite. Both Comcast/XFINITY and AT&T Internet offer free versions of top internet security suites for their subscribers. Check this out and save a buck or two.
Step No. 2 – Backups
Basics like passwords and backups are fundamentals for a reason. Keep doing them! If your security software fails you, you’re still in control if you have an up-to-date complete backup of your computer. You can wipe the disk and start over with a good free or commercial backup software application.
Having this backup also helps to identify if data has been stolen. You can use an external hard drive, but remember to actually DO the backup. Consider setting a regular reminder on your phone.
Or you can opt for a cloud service. For true hardware backups, there are great cloud alternatives. But what if you only really care about your content files? Choose Dropbox, iCloud or iTunes (Apple), OneDrive (Microsoft), or Amazon’s Drive. Read about these services and more on PCMag.com.
You can also encrypt your hard drive, especially if you’re a laptop users.
Data encryption and password protection are good ideas prior to backup. It’s just one more line of defense in case your cloud provider is hacked or something happens to your external hard drive.
Step No. 3 – Trust, But Verify
For the accounts that offer them, take advantage of the two-factor authentication security feature. This feature is especially important for accounts that hold your financial information, like your bank or credit card accounts or Amazon.
Once this feature is turned on, personal devices can be identified as “known.” You’ll only have to go through the verification process once, unless you are on a device you haven’t used before or you’ve locked yourself out. The only challenges are if you are in an area that doesn’t have cell service, or you’ve lost your phone and are unable to receive the verification code.
Step. No. 4 – Safe Surfing
Avoid Public Wi-Fi
Or, investigate a Virtual Private Network (VPN), which allows an encrypted connection between your digital device and a secure server. A VPN service can be purchased for a monthly or annual fee. Some are free.
Either way, the goal is to allow you to browse and use the internet without the threat of hacking or eavesdropping.
Step No. 5 – Create a Security Bubble
Devin has a word of advice for those, who like him, want to make sure all communications are protected from prying eyes. Consider using chat apps like Signal and WhatsApp for end-to-end encryption for your communications. These services encrypt all your messages, phone calls, photos, and videos sent between you and other users of the apps. Your phone calls with your mistress are secure, just don’t talk too loud in the coffee shop where you can be overheard.
Stay safe – in the real and virtual world.
More to Follow!