October is National Cyber Security Awareness Month, so we would like to take this annual opportunity to share some best practices, discuss the use of public WiFi, and shed some light on some increasingly growing threats.
Best Practices for You, Your Business & Your Family
- WiFi – If not needed, turn it off, and mind what networks you connect to
- Bluetooth – If not being used, turn it off
- Make sure home computers are patched and kept up to date
- Ensure that home PC’s are protected against malware and viruses with real AV protection
- Use phrases instead of words for passwords - do not use “remember my credentials or password”
- Change your passwords every three months
- Do not use the same password for multiple websites and log-ins.
- Change default passwords to routers, printers, TV’s, anything that connects to internet
- Don’t click ad links – go directly to websites
- Do not email statements or documents with personally identifiable information (i.e. social security numbers or account numbers)
- Be vigilant about emails received, does it sound like the sender?
- Change your security questions. For example, consider selecting security questions where the answers cannot be googled or found on social media
- Add a second type of authentication on your accounts, many institutions are offering this… just ask
- Scan your outgoing email folder for suspicious activity.
In May of 2016, a newspaper columnist reported he became a member of the mile-high hacked club while using American Airlines' Gogo inflight internet service. USA Today’s Steven Petrow said a fellow passenger dropped a bombshell bit of information on him after the flight.
“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.”
Many of us enjoy taking our laptop or mobile device down to our local coffee shop, grabbing a cup of our favorite brewed beverage and sitting down to surf the web. Free WiFi is a luxury we’ve come to expect at these establishments, airports, on commuter vehicles or in our favorite stores.
But are you aware of how vulnerable you are when you’re using your favorite WiFi hotspot?
Most WiFi networks that are created for home and business uses are password-protected and encrypted. However, most public WiFi hotspots are set up strictly for convenience – not security.
When you’re using an unprotected public hotspot, whatever you do online while connected to the internet is wide open for viewing by hackers and other various perpetrators. That means your messages, emails, banking and shopping information, and every login under the sun is an open book to anyone who knows how to intercept your wireless connection.
In addition to electronically eavesdropping on you, hackers can also set up a network honeypot to entice you to connect to it, thinking you’re connecting to the usual free wireless hotspot. Hackers will give this access point an inviting label so users will feel comfortable accessing it. Such an access point might be named “Starbucks Free Wi-Fi” or “Target Guest WiFi.”
If you see an access point with a name such as these while you’re blowing the foam off of your cappuccino or trying on that new blouse, you’re liable to connect without a second thought.
The easiest way to ensure you don’t fall victim to connecting to a fake hotspot is to ask an employee what the name of the hotspot is, and think twice about connecting if it isn’t password protected.
Basic Security Terminology
There are many terms we hear used when discussing the topic of Cyber Security. The following is an abbreviated glossary to help you make sense of “what exactly are they talking about?”
- Phishing – Is disguising as a trustworthy entity in an electronic communication with the intent to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons.
- Spoofing – Is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
- Virus – A type of malicious software program that, when executed, replicated by reproducing itself or infecting other computer programs by modifying them.
- Malware – Any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
- Trackers – Practice of tracking web and mobile app users on the Internet. Including browsing history, email interactions, and website visit behavior.
- Scripts – Malicious code or web script designed to create system vulnerabilities leading to backdoors, security breaches, as well as information and data theft.
- Cookies & Super Cookies – A cookie is a message given to a browser by a web server in a text file message. A super cookie is designed to permanently store on a user’s computer. Generally more difficult to detect and remove.
- Ransomware – Extremely volatile malicious software designed to block access to a computer system until a sum of money is paid.
This chart highlights the most common forms of malware.
As always, please feel welcome to contact Sandy Cove Advisors if you have any questions or would like to further discuss any of these cyber security measures.