Tech Talk on Cybersecurity
It’s hard to imagine there was a time when human resource departments were demanding the social media login credentials for prospective employees to view their activity and make sure they were a “good fit” for the company. To get a job, unwitting people handed over passwords that they were using and reusing for most of their online activity. Besides breaking the privacy and security rules associated with those social media accounts, sharing login credentials is a bad idea.
A good financial advisor will recognize that clients may not understand the significance to their own financial well-being because the terminology seems too technical. As technology quickly changes, they may also find the steps to keeping their information locked tight too difficult to follow and they may also lack a data breach game plan. This is where our jobs as not only advisors and behavior modifiers comes into play, but also as educators.
What’s the password?
It’s surprising how many people still haven’t given their passwords a bit of well-deserved cybersecurity attention. Many people I talk to often find it difficult to remember them and are drawn to the ease of using the same password and login credentials for all their online activity. But once a hacker discovers their password, they have made it easy to access all of your accounts.
Some people also believe that they don’t do much online and a hacker and spoofer isn’t going to be interested in their data. That is simply not true. Hackers don’t discriminate.
With password apps, you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access your app and all of your passwords.
The app works for you. It reminds you if you need to save or update a password and it offers you the chance to use that password to log into a website. Login credentials even sync from one device to the next, so if you sign up for a new site on your mobile phone, it will sync to your desktop and tablet as well.
Finding your long-lost passwords is easy. If you store passwords on a spreadsheet, most password managers let you upload them. They also allow you to import passwords saved to all the popular browsers, like Google.
Phishing for your data
Phishing is a means for hackers to trick you into sharing your private information through an email plea or webpage offer. It can occur in the form of legitimate-looking emails and webpages. The successful “hook” uses a bit of social engineering in the form of content designed to lure you into taking some sort of action. Cybercriminals often send emails with heartfelt requests, exciting click-bait notices, shocking headlines or legitimate-looking offers. If you click, you may be sent to webpages that install malicious software on your computer. To spot emails, look at the “from” address and be wary of urgent requests for money and bank transfers.
Spear phishing can look like it came directly from someone you know or even a respected company who asks for confidential information or sends you to malicious sites. Because spear phishing is so cleverly customized, traditional anti-virus protection does not help thwart these types of attacks. Email security programs help ward off attacks, but education and awareness are the best line of defense for cybersecurity.
To protect yourself from phishing and spear phishing:
- Question the legitimacy of every email to help you avoid unwittingly giving up private information. For instance, emails that look like they come from your bank or credit card company that ask for personal information or send you to sites requesting personal information, can be verified by calling the number on your statement or on the back of your bank card.
- If you receive an urgent email from a friend or co-worker that asks for money or a bank transfer, or an email that seems out of place, call them to verify if they sent it.
- For charitable donations, you can make those directly on the company’s website, instead of through an email request.
Pharming not farming
This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, social security numbers and account numbers. This can occur when you inadvertently click a link which installs a virus on your computer that changes addresses of sites you wish to visit.
To protect yourself from pharming:
- Install anti-virus and anti-malware software and keep it updated.
- Use smart computer practices such as not clicking on websites or emails that looks suspicious.
- Watch for addresses in the address bar that don’t look right.
- Be wary of sites that ask for personal information that normally don’t.
- Get in the practice of looking for a lock on the address bar that indicates the website has special security encryption before you share information on the page
- Click on the security lock in the address bar to make sure the website has an up-to-date, trusted certificate.
Spam a lot
Reducing the amount of spam that you receive will help you sort through emails faster. To help keep you from creating more spam, never respond to it. Replying to messages and asking to be removed shows spammers your email is active. Also, think twice before unsubscribing. If the email is from someone you do not know, or a company you have not done business with, responding to the email or clicking the unsubscribe button lets spammers know the email address is active and will likely result in you receiving more spam.
Ever get a strange email from a friend suggesting you take a look at a link or picture that is completely out of character? This is the result of a botnet. Botnets are large, zombie networks hackers create by linking together thousands or even millions of affected computers to stage a spam attack or Distributed Denial of Service (DDoS) attack. A DDoS is simply a fancy way of saying that spammers overload a website with requests to the point that it malfunctions.
To protect yourself from pharming and spam:
- Keep your anti-virus and anti-malware software up to date and do not click on anything that seems suspect.
- Keep your computer and browser updated. These updates offer the latest cybersecurity updates and fix flaws in previous versions.
- Have at least two email accounts for private and personal email use. Use one for personal emails only, and one for public use like signing up for new accounts, mail lists and public forums.
Ransomware is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails that are “booby trapped” with attachments they open, or they click malicious links while browsing. The three types of ransomware are scareware, screen locks and encrypting ransomware.
Scareware- usually takes the form of pop-ups that claim your computer is infected and you must purchase their software to remove it. Your files are usually safe, but if you back out or pay you’ll continue to get the annoying pop-ups.
Lock-screen ransomware- will lock you out of your computer, often with an official looking seal that says illegal activity has been detected and you must pay a fine.
Encrypted ransomware- means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. Still, there is no guarantee the files will be returned to you if you decide to pay.
To protect yourself from ransomware:
- Keep your computer system, software and browsers updated. The WannaCry attack in 2017 was successful because it exploited many users who did not apply the Microsoft updates to their computer.
- Never pay a ransom to get your data back. You may be able to use other alternatives to get some of it, but you may never get it all.
- Routinely create secure backups to external drives that remain unplugged when not in use, so they do not become infected. You can also backup to cloud storage that includes highly-encrypted, multi-factor authentication.
- Use multi-factor authentication whenever possible, including any cloud storage
People often feel that if large, seemingly locked-down companies can fail at keeping hackers away from personal information and login credentials, what hope could they possibly have at thwarting a cybersecurity attack?
The key to keeping yourself safe online is by using two- or multi-factor authentication, routinely maintaining your computer, programs and browsers with the latest updates and setting a regular backup schedule just in case. With awareness and vigilance, it is possible to help keep yourself safe online.
Kris Maksimovich is a financial advisor located at Global Wealth Advisors 18170 Dallas Parkway, Suite 103, Dallas, TX 75287. He offers securities and advisory services as an Investment Adviser Representative of Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. He can be reached at (972) 931-3818 or at email@example.com.Back To Blog