Cyber Security: Annual Update of Best Practices
With the number of cyber threats growing at an alarming rate, we want to take this opportunity to share some best practices, discuss the use of public WiFi, and shed some light on some increasingly growing threats.
Best Practices for You, Your Business & Your Family
- WiFi – If not needed, turn it off, and mind what networks you connect to
- Bluetooth – If not being used, turn it off
- Make sure home computers are patched and kept up to date
- Ensure that home PC’s are protected against malware and viruses with real AV protection
- Use phrases instead of words for passwords - do not use “remember my credentials or password”
- Change your passwords every three months
- Do not use the same password for multiple websites and log-ins.
- Change default passwords to routers, printers, TV’s, anything that connects to internet
- Don’t click ad links – go directly to websites
- Do not email statements or documents with personally identifiable information (i.e. social security numbers or account numbers)
- Be vigilant about emails received, does it sound like the sender?
- Change your security questions. For example, consider selecting security questions where the answers cannot be googled or found on social media
- Add a second type of authentication on your accounts, many institutions are offering this… just ask
- Scan your outgoing email folder for suspicious activity.
In May of 2016, a newspaper columnist reported he became a member of the mile-high hacked club while using American Airlines' Gogo inflight internet service. USA Today’s Steven Petrow said a fellow passenger dropped a bombshell bit of information on him after the flight.
“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.”
Many of us enjoy taking our laptop or mobile device down to our local coffee shop, grabbing a cup of our favorite brewed beverage and sitting down to surf the web. Free WiFi is a luxury we’ve come to expect at these establishments, airports, on commuter vehicles or in our favorite stores.
But are you aware of how vulnerable you are when you’re using your favorite WiFi hotspot?
Most WiFi networks that are created for home and business uses are password-protected and encrypted. However, most public WiFi hotspots are set up strictly for convenience – not security.
When you’re using an unprotected public hotspot, whatever you do online while connected to the internet is wide open for viewing by hackers and other various perpetrators. That means your messages, emails, banking and shopping information, and every login under the sun is an open book to anyone who knows how to intercept your wireless connection.
In addition to electronically eavesdropping on you, hackers can also set up a network honeypot to entice you to connect to it, thinking you’re connecting to the usual free wireless hotspot. Hackers will give this access point an inviting label so users will feel comfortable accessing it. Such an access point might be named “Starbucks Free Wi-Fi” or “Target Guest WiFi.”
If you see an access point with a name such as these while you’re blowing the foam off of your cappuccino or trying on that new blouse, you’re liable to connect without a second thought.
The easiest way to ensure you don’t fall victim to connecting to a fake hotspot is to ask an employee what the name of the hotspot is, and think twice about connecting if it isn’t password protected.
Basic Security Terminology
There are many terms we hear used when discussing the topic of Cyber Security. The following is an abbreviated glossary to help you make sense of “what exactly are they talking about?”
- Phishing – Is disguising as a trustworthy entity in an electronic communication with the intent to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons.
- Spoofing – Is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.
- Virus – A type of malicious software program that, when executed, replicated by reproducing itself or infecting other computer programs by modifying them.
- Malware – Any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
- Trackers – Practice of tracking web and mobile app users on the Internet. Including browsing history, email interactions, and website visit behavior.
- Scripts – Malicious code or web script designed to create system vulnerabilities leading to backdoors, security breaches, as well as information and data theft.
- Cookies & Super Cookies – A cookie is a message given to a browser by a web server in a text file message. A super cookie is designed to permanently store on a user’s computer. Generally more difficult to detect and remove.
- Ransomware – Extremely volatile malicious software designed to block access to a computer system until a sum of money is paid.
This chart highlights the most common forms of malware.
Common Scams to Be Aware of During the COVID-19 Pandemic
Scam #1: Emails Offering Information About COVID-19
At any time, an email asking you to share or verify personal or financial information should be regarded with extreme caution. In today’s climate, keep your eye out for emails that claim to have information about the coronavirus pandemic - especially if they’re offering this information in exchange for personal information.
Scam #2: Suspicious Links
If a friend or business sends you an email with a link or attachment that is unexpected or out of the norm, consider contacting the sender before opening the link to make sure they weren’t hacked, or a scammer isn’t posing as them.
Key signs of a suspicious email may include:
- Poor grammar and misspellings
- Lack of specific information (your name, account info, etc.)
- The messaging has a sense of urgency
- Sender’s address is different than usual
Scam #3: Phone Calls & Texts
Be cautious of incoming texts and calls that you’re responding to. Do not respond to those from unknown numbers or those coming from suspicious country or area codes. If you do answer the phone and it’s a robocall, do not press any numbers or say anything into the receiver.
According to the Federal Trade Commission (FTC), scammers are offering the following items over the phone:
- Medicine to cure coronavirus
- Work-from-home opportunities
- At-home test kits
Scam #4: Stimulus Checks
With the recent passing of legislation in multiple countries, some citizens have become eligible to receive financial assistance in the form of checks or rebates. This means that many people are eager for their money, and they may be less likely to question potential texts, emails or phone calls about government assistance. If you receive any type of communications regarding government money that’s coming your way, use the same caution you would regarding any other email, phone call or text.
During a time of heightened fear and anxiety, it’s important to remain wary of potential scams. Your personal and financial information are always at risk of getting into the wrong hands, but times like these can make us all more vulnerable than usual. If you educate and inform yourself of what to be aware of, you can help protect yourself and your loved ones from falling victim to something dangerous.
As always, please feel welcome to contact Sandy Cove Advisors if you have any questions or would like to further discuss any of these cyber security measures.
Source: Twenty over Ten