Are You Hack-Proof? Here’s How to Make Sure

If you see a story about a data breach or a security compromise on a device you use, consider that an action item for your day.

While the writing has been on the wall for a long time, last Friday it was in the news wires when a new strain of ransomware called WannaCrypt raged like an out-of-control wildfire across Europe and Asia, ultimately impacting computers in 150 countries.

For many affected by this hack, a few hundred dollars in ransom money is a pittance when compared to the cost of hiring someone to attempt the recovery of your files after they’ve been encrypted. These ransomware attacks would cease to be profitable were there easy workarounds. But at this time, it is highly likely that if you happen to get got by one of these attacks, you should assume your files could be gone for good.

That’s why it’s critical you learn how to protect yourself.

Cyber Hygiene

If you’re like most people, you spend about 40 minutes a day on personal hygiene. While that’s a considerable amount of time, you probably don’t consider it to be an issue. It is not the same thing when it comes to cybersecurity. Were it as simple as downloading and installing software updates, the time spent on cyber grooming would be minimal (though the patches do seem to come fast and furious these days).

The issue really is that cyber hygiene is something one should practice 24/7/365. Come to think of it, it requires about the same amount of commitment and mindfulness as it takes to make sure your hair is OK and there’s no spinach in your teeth.

Here are some things to consider including in your daily cybersecurity routine.

1. Install Updates

When you are trying to find something online or use an app, an update notice can be like a mosquito that’s overly interested in you, but the last thing you should ever do is swat that notice away. It is often the only thing standing between you and the bad guys out there who are looking for a way to exploit weaknesses in the security features of the devices you use on a daily basis.

2. Use Standard Encryption

Both Apple and PC now offer a way to protect the content stored on your hard drive, and it’s so easy there’s no reason not to use it. It’s called FileVault on Apple and BitLocker on PCs. It is easy to set up, and renders everything on your machine unreadable by a hacker who gains access to it.

3. Back Up Your Digital Life on an External Drive

For less than $60, you can purchase an external hard drive large enough to store an immense amount of data. That’s where you want to keep your most sensitive personal information. The reason is simple: It is air-gapped (not connected to the internet) most, if not all, of the time. There is no need to be online to backup your hard drive to an external drive. Extra points if you encrypt your data.

4. Use a Password Manager

If you’re not using long and strong passwords, or still using the same password across multiple platforms and websites, you need to read this. For those who get over that rather low bar, it’s time to improve your game. It used to be that people made cheat sheets with their passwords and stored them in their desks (bad) or on an encrypted thumb drive (way better). That’s no longer necessary. Password managers take away the risk associated with having your passwords written down where they can be found and used. You need only remember one. As far as services go, there are many, and all are better than older methods of managing passwords. Research them online and make sure to read their reviews.

5. Read the URL Address

There are more spoof sites out there than you may realize, and they are there to do harm, not good. Always look at the URL to be sure you are on the site you intended to visit and not a clone — the clone will often have a very similar address, so look closely. For an additional layer of security, you might want to consider downloading HTTPS Everywhere, a plug-in that works on Chrome and Firefox and enables HTTPS encryption automatically on sites that support it.

6. Think Before You Click

The number one way people get got is thoughtless clicking. Whether it is a fake or corrupted website designed to plant malware on your device or a phishing email that looks like it came from a trusted institution or a friend but is in reality from a cyber fiend, you must have a pause in place — and it has to be automatic — when it comes to clicking on anything that comes your way from “out there,” even — or especially if — it looks like a friend or family member sent it.

7. Make Your Security a Seamless Part of Your Day

If you see a story about a data breach or a security compromise on a device you use, consider that an action item for your day. Just take a second to find out if you are affected, and then take whatever precaution you can. The 40 minutes that average person spends on personal grooming is a good rule of thumb. Think of your cyber hygiene like a glance in the mirror.

8. Use Two-Factor Authentication

Increasingly, two-factor authentication is available on the accounts we use daily, and it is essential that you set it up. It means that if a person hijacks one of your accounts, there isn’t much damage they can do without also having possession of your mobile phone or access to your email account. It’s an easy measure anyone can take to improve their personal cybersecurity.

In my book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, I go into greater detail about the various ways your information can be got and what you can do to protect it. The main lesson: Practice what I call “The Three Ms,” which are as follows:

  • Minimize Your Exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and consider freezing your credit. (Here’s how to decide if you need a credit freeze.)
  • Monitor Your Accounts. Check your credit report religiously, keep track of your credit score, read Explanation of Benefits statements from your health insurer and review major accounts daily, if possible. (You can check two of your credit scores for free on Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from your bank, credit union and credit card companies or purchase a sophisticated credit and identity monitoring program.
  • Manage the Damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve compromises. These are oftentimes available for free or at a minimal cost through insurance companies, financial institutions and HR departments.

Worried about getting hacked? You can find a full 50 ways to avoid (and deal with) a cyberattack on Credit.com. 

Image: LightFieldStudios

The post Are You Hack-Proof? Here’s How to Make Sure appeared first on Credit.com.

Ransomware Is a Real Threat (Even to You, Apple Users)

ransomware

Maybe the thought actually occurred to you that something was “phishy” about that link, but that’s so 30 seconds ago. You clicked and now your computer screen is locked. Behind that frozen screen lie your personal files — everything from photos to tax documents — all of it encrypted by a third party that promises to return access for a ransom, which is usually between $200 and $5,000, according to the FBI.

Encryption can be a tool for good and evil. It’s the safest way for an enterprise to keep information safe from prying eyes and sticky fingers, but unfortunately it’s relatively easy for a hacker — and not even a very clever one — to use it to force an ugly situation: your files are encrypted and can only be unlocked by the thief.

A recent newsworthy item takes its lead from the popular “Saw” horror series. If you get hit with this one, Billy the Puppet from the franchise pops up on your screen with the message: “I want to play a game with you.”

Think that invitation from Billy the Puppet sounds fun? Before you go looking for the jigsaw ransomware, also known as BitcoinBlackmailer.exe, let me assure you that it’s not. There are different versions, but they all say pretty much the same thing: “Your computer files have been encrypted. Your photos, videos, documents, etc….But, don’t worry! I have not deleted them, yet. You have 24 hours to pay 150 USD in Bitcoins to get the decryption key. Every hour, files will be deleted. Increasing in amount every time. After 72 hours all that are left will be deleted.”

If you get the jigsaw ransomware, don’t panic. As ZDNet (my source for the above script) points out, a company named Forcenet already solved the problem with simple reverse-engineering. According to those at Forcenet, “A genius malware author this is not, the use of C#/.NET makes it trivial to reverse engineer and analyse.”

Not Just an Inconvenience & Not Just a PC Problem

The point here is not whether or not a particular ransomware poses an extinction-level threat. Ransomware attacks are on the rise. According to Symantec’s 2016 Internet Security Threat Report, “crypto-style ransomware grew 35% in 2015.” In this report, Symantec warns that this often profitable approach, while adept at ensnaring PC users and branching out through network-connected devices, is increasingly targeting, “smartphones, Mac and Linux systems.”

In plain English: ransomware is a danger for anyone using a network-connected device. A former NSA employee recently released a tool for Mac users called RansomWhere, which detects when files are being encrypted on an Apple device and allows the user to stop it. That’s notable because, until now, most Apple users have been relatively unscathed by ransomware.

How People Are Affected by Ransomware

While many ransomware attacks are fixable, they can be embarrassing. A number of the links that get people “got” involve sites you wouldn’t want your mother — or spouse, or child — to think were part of your regular Internet diet, or sites that would suggest you’re about to go into personal bankruptcy. Ransomware crooks use various hot-button clickbait to lure victims.

But do you know what’s worse than being embarrassed by a public airing of what piques your curiosity? A lot of things are, but when it comes to ransomware, at the top of the list has to be the increasing risk for more serious kinds of fallout as hospitals are being more frequently targeted by this form of attack.

In February, Hollywood Presbyterian Medical Center was hit by ransomware. The incident got a great deal of attention because instead of risking patients’ lives, the hospital decided to pay the ransom, which was about $17,000 — or 40 bitcoins. Another hospital was hit in Kentucky, but they only had to pay a ransom of 4 bitcoins, according to internet security reporter Brian Krebs. MedStar Health was also a victim of ransomware, with employees reporting, “a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom.” MedStar owns 10 hospitals and 250 out-patient facilities in Maryland and D.C.

TrendMicro, a company that focuses on internet content security software and cloud computing security, recently predicted “2016 will be the year of online extortion.” If ever there was a time to be careful out there, it was last year. And the year before that, and the one before that, too, but also: tomorrow. Tomorrow is still really not the sort of thing that’s conducive to a good night’s sleep, because the underlying message here is that you are going to get got. Being informed is your best defense.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: iStock

The post Ransomware Is a Real Threat (Even to You, Apple Users) appeared first on Credit.com.

For Mac Users, The Security Bubble Has Burst

Apple’s Mac operating systems are known for their resistance to malware, viruses, hackers and ransomware, which is one reason many people opt for Mac computers.

Still, they’re not invincible, and as a security company recently reported, Mac users should be aware of potential threats. Researchers at Palo Alto Networks reported finding “the first fully functional ransomware seen on the OS X platform,” according to a March 6 post on their site.

What Is Ransomware?

Ransomware is what it sounds like: Cyber criminals infiltrate your computer and hold it (or more specifically, its data) hostage. They demand you pay them if you ever want your files back. They often want payment in digital currency like Bitcoin, because these transactions are difficult to trace — and it’s a hassle for the victim to acquire and transfer.

Apple did not immediately respond to request for comment on the reported attack. However, Palo Alto said in its blog post that, after it reported the occurrence to Apple, the Mac maker shut down the infiltration and updated its anti-virus system.

How to Protect Yourself

Ransomware attacks can be particularly stressful for consumers if the stolen data includes personal information, work data or irreplaceable files (think photos). Not only is this a case to back up your hard drive, it’s also a reminder that you may want to install anti-virus software or malware protection on your computer, no matter how secure you think it is.

Guarding your personal information is no joke. Losing your sensitive information to a criminal puts you at risk for identity theft. It can take a lot of time and money to recover from identity theft, not to mention the credit damage you might suffer. On top of that, if someone gets access to your Social Security number, the risk of fraud never goes away, because the Social Security Administration rarely changes numbers.

Protecting your devices goes hand-in-hand with habits like reviewing your financial accounts for unauthorized activity and monitoring your credit for signs of fraud. (You can see a free summary of your credit report, updated each month, on Credit.com.)

Taking steps to prevent cyberattacks is important, but so is having a plan for how to deal with one if it happens. Ideally, such planning will make the incident less stressful and less costly. You can report cyber crime to the Federal Bureau of Investigation and go here to learn what to do if you are a victim of identity theft.

More on Identity Theft:

Image: jrwasserman

The post For Mac Users, The Security Bubble Has Burst appeared first on Credit.com.