Stop Recycling Passwords
It’s surprising how many people still haven’t given their passwords a bit of well-deserved cybersecurity attention. Many people I talk to often find it difficult to remember them and are drawn to the ease of using the same password and login credentials for all their online activity. But once a hacker discovers their password, they have made it easy to access all of your accounts.
Some people also believe that they don’t do much online and that a hacker and spoofer isn’t going to be interested in their data. That is simply not true. Hackers don’t discriminate.
With password apps, you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access your app and all of your passwords. The app works hard for you. It reminds you if you need to save or update a password and it offers you the chance to use that password to log into a website. Login credentials even sync from one device to the next, so if you sign up for a new site on your mobile phone, it will sync to your desktop and tablet as well.
Finding your long-lost passwords is easy. If you store passwords on a spreadsheet, most password managers let you upload them. They also allow you to import passwords saved to all the popular browsers, like Google.
What’s the Factor?
Two-factor authentication (2FA) was the initial answer to cybersecurity attacks that ravaged many large early in the last decade. Just like it sounds, 2FA requires a second identification method for you to log in to your account. Your first experience with 2FA was probably in its rudimentary stages. It started simply by requiring you to offer your mother’s maiden name or a security code. Soon the list of security questions grew to three or more. You may have even noticed your bank card or credit card provider requiring you to select an image key to use along with your login credentials. It certainly didn’t take long before social media users willingly named their ancestors, favorite color, first dog’s name, and the first car in the name of being “social”.
Companies then started demanding longer, more intricate passwords with upper- and lower-case letters, numbers, and characters. This has evolved into what is known as multi-factor authentication (MFA) which adds even more complex factors such as login codes, tokens, and even fingerprints.
These identification methods add another layer of security to your password and ID login credentials. It means that when you log into an account, you must provide extra information, or “factors”, that show you indeed own the account.
There are several options that companies may use to further establish your identity beyond your ID and password. They can be set up through:
- Something you know – like a pin or security questions
- Something you have – like your mobile phone that receives a one-time passcode, smart chip, or hard token
- Something you are – using biometrics like a fingerprint, retina scanner, voice recognition, or behavior analysis
Probably one of the best-known apps is Google Authenticator. With this app, the first time you use it on a device, you can “remember” that device, so you don’t have to authenticate your computer, tablet, or mobile device every time you wish to log on.
Google Authenticator also allows you to use the app to access passcodes for other participating websites as well. It keeps the codes in one place and even works when offline. Depending upon the other programs you wish to use with it, you may need to download a barcode scanner. Also note that if you buy a new device, you will have to set it up again and “remember” the new device.
Setting up security systems can be confusing for seniors to use, especially if they are not tech-savvy. You can work with a tech-savvy family member or a local computer maintenance consultant to help you get started.
Change Your Mindset When it Comes to Cybersecurity
These authentication factors are supposed to establish that you know additional details about your account that nobody else should know. Unfortunately, many seniors are not taking advantage of the extra layer of security MFA offers because they are intimidated by the technology, or find it too confusing.
To compound the cybersecurity problem, retirees who don’t spend a great deal of time online often bypass setting up MFA if the option to skip it is offered. Users should be aware that this activity is counterintuitive to safekeeping their personal information.
Even if you do use MFA security codes, the process of sending these codes by text or email can open you up to hacking if you don’t routinely update your computer’s software. When you go to an outside source for a code, you can open yourself up for hackers to take advantage of certain vulnerabilities if any backdoors are left open. Therefore, you must keep your computer software updated and maintain current antivirus and antimalware programs.
When coupled with safe online behaviors, these measures add an extra layer of security, beyond login credentials and security questions, which can be guessed at by high-speed password crackers.
The Cybersecurity Future is Here
Biometrics are already here. iPhone and Samsung brought fingerprint technology to the forefront, and it has even been integrated into a variety of apps.
There is also work being done with artificial intelligence (AI) and behavioral biometrics. These systems can measure the rate at which you input data using your keyboard, eye-hand coordination, and even the pressure with which you type or tap.
It’s hard to imagine only a short decade ago, human resource departments were demanding social media login credentials for prospective employees, so they could view their online activity and make sure they were a “good fit” for the company.
To get a job, unwitting applicants handed over passwords that they were using and reusing for most of their online activity. Besides breaking the privacy and security rules associated with those social media accounts, sharing login credentials is a very bad idea.
Types of Cybersecurity Threats
Phishing for your data
Phishing is a means for hackers to trick you into sharing your private information through an email plea or webpage offer. It can occur in the form of legitimate-looking emails and web pages. The successful “hook” uses a bit of social engineering in the form of content designed to lure you into taking some sort of action. Cybercriminals often send emails with heartfelt requests, exciting clickbait notices, shocking headlines, or legitimate-looking offers. If you click, you may be sent to web pages that install malicious software on your computer. To spot emails, look at the “from” address and be wary of urgent requests for money and bank transfers.
Spear phishing can look like it came directly from someone you know or even a respected company that asks for confidential information or sends you to malicious sites. Because spear phishing is so cleverly customized, traditional anti-virus protection does not help thwart these types of attacks. Email security programs help ward off attacks, but education and awareness are the best line of defense for cybersecurity.
To protect yourself from phishing and spear phishing:
- Question the legitimacy of every email to help you avoid unwittingly giving up private information. For instance, emails that look like they come from your bank or credit card company that ask for personal information or send you to sites requesting personal information can be verified by calling the number on your statement or the back of your bank card
- If you receive an urgent email from a friend or co-worker that asks for money or a bank transfer, or an email that seems out of place, call them to verify if they sent it
- For charitable donations, you can make those directly on the company’s website, instead of through an email request
Pharming not farming
This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, social security numbers, and account numbers. This can occur when you inadvertently click a link that installs a virus on your computer that changes the addresses of sites you wish to visit.
To protect yourself from pharming:
- Install anti-virus and anti-malware software and keep it updated
- Use smart computer practices such as not clicking on websites or emails that look suspicious
- Watch for addresses in the address bar that don’t look right
- Be wary of sites that ask for personal information that normally don’t
- Get in the practice of looking for a lock on the address bar that indicates the website has special security encryption before you share information on the page
- Click on the security lock in the address bar to make sure the website has an up-to-date, trusted certificate
Spam a lot
Reducing the amount of spam that you receive will help you sort through emails faster. To help keep you from creating more spam, never respond to it. Think twice before unsubscribing or replying to messages. Asking to be removed shows spammers your email is active and will likely result in you receiving more spam. If the email is from someone you do not know, or a company you have not done business with, clicking any links in the email might download a virus or code that opens a backdoor to your computer.
Ever get a strange email or private message from a friend suggesting you take a look at a link or picture that is completely out of character for them? This is the result of a botnet. Botnets are large, zombie networks hackers create by linking together thousands or even millions of affected computers to stage a spam attack or Distributed Denial of Service (DDoS) attack. A DDoS is simply a fancy way of saying that spammers overload a website with requests to the point that it malfunctions.
To protect yourself from pharming, spam, and botnets:
- Keep your anti-virus and anti-malware software up to date and do not click on anything that seems suspect
- Keep your computer and browser updated. These updates offer the latest cybersecurity updates and fix flaws in previous versions
- Have at least two email accounts for private and personal email use. Use one for personal emails only, and one for public use like signing up for new accounts, mail lists, and public forums
Ransomware is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails that are “booby-trapped” with attachments they open, or they click malicious links while browsing websites. The three types of ransomware are scareware, screen locks, and encrypting ransomware.
- Scareware– usually takes the form of pop-ups that claim your computer is infected and you must purchase their software to remove it. Your files are usually safe, but whether you back out of the screen or pay, you’ll likely continue getting annoying pop-ups.
- Lock-screen ransomware– will lock you out of your computer, often with an official-looking seal that says illegal activity has been detected and you must pay a fine.
- Encrypted ransomware– means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. There is no guarantee the files will be returned to you, even if you decide to pay.
To protect yourself from ransomware:
- Keep your computer system, software and browsers updated. The WannaCry attack in 2017 was successful because it exploited many users who did not apply the Microsoft updates to their computer
- Never pay a ransom to get your data back. With professional help, you may be able to use other alternatives to get some of it, but you may never get it all
- Routinely create secure backups to external drives that remain unplugged when not in use so they do not become infected. You can also backup to cloud storage that includes highly-encrypted, multi-factor authentication
- Use multi-factor authentication whenever possible, including any cloud storage you may use
People often feel that if large, seemingly locked-down companies can fail at keeping hackers away from personal information and login credentials, what hope could they possibly have at thwarting a cybersecurity attack? The key to keeping yourself safe online is to use two- or multi-factor authentication, routinely maintain your computer, programs, and browsers with the latest updates, and set a regular backup schedule just in case. With awareness and vigilance, it is possible to help keep yourself safe online.
The key to keeping yourself safe online is by using multi-factor authentication, routinely maintaining your computer, programs, and browsers with the latest updates, and setting a regular backup schedule just in case. With awareness and vigilance, it is possible to help keep yourself safe online.
We all know there is a lot of misinformation on the web. That’s why, as part of our GWA Gives© program, we are dedicated to helping others find sound advice. We believe in sharing free material so people have a trusted source to rely upon.
We are always happy to answer any questions you may have when it comes to preventing online threats. You can reach us at one of our convenient offices listed on the Contact Us page or by filling out the chat form below.