The Stranger in Your Gifts

By Ben Halpert, CISO Savvy Cyber Kids, an EarthLink partner

savvylogo

The holidays, a wonderful time of year, bring us closer to our friends and family — and ushers in a season of giving, receiving, and upgrading.  Unfortunately, when technology-enabled gifts enter our lives, so do strangers that we didn’t invite to our festivities.

On the top of many people’s wish lists in past years (and this year too!) are phones and tablets that are more powerful and capable than computers built just a few years ago. Android and iOS (the base software that makes your devices work) smartphones and tablets literally open up the world to us. When our children or grandchildren are researching new subjects for school projects on their tablets, or when we are using our phones to communicate with relatives, share our family adventures, or shop to avoid the traffic, no doubt about it, these devices significantly enhance our daily lives.

Yet before the new glow and nicety of technology enhancements fade, we should take a few minutes to understand — and ultimately reduce — the not-so-nice and naughty aspects of technology-enabled devices. In the media we often hear of crimes being committed using technology to target unsuspecting individuals, both adults and children. Thankfully, iOS and Android devices provide settings that can help to increase our privacy  (in this case, establishing limits to the detailed information about us that is exposed when we use devices).

So what can you do?

Go through your location settings and turn off location services for all apps that don’t need to be tracking your whereabouts. And for those apps that need your precise location (Waze, Uber, Lyft, etc.), select the option to enable location-tracking only when the app is in use (if that option is available).

In addition to the more obvious apps that need to use your location information to be functional, there are other apps that also like to gather information about you — for the provider’s or creator’s own purposes and uses. So turn location-tracking off for those apps, including your browser app that sends your current location to every website you visit and your camera app that shares your personal information (like your home address) on photos that you post on social media apps.

Don’t overlook the social media apps you use. Use all of the privacy setting options (including denying access to your physical location) available to you to ensure you are only sharing your personal and private information with your friends and family, not some stranger that claims to be your friend online.

If you are looking for more specific information on privacy settings for your phones or tablets, leverage the Apple and Android location privacy guides.

 

Savvy Cyber Kids (SCK), a 501 (c)(3) nonprofit organization whose mission is to enable youth, families and school communities to be empowered by technology, recognizes that children may be Digital Natives, who, without intervention, completely lack an understanding of the implications of their digital actions. Founded in 2007 by Internet security expert, noted speaker and author Ben Halpert, Savvy Cyber Kids provides resources for parents and teachers to educate children as they grow up in a world surrounded by technology. Savvy Cyber Kids is grateful for the ongoing support of its presenting sponsors, Digital Guardian and Ionic Security and for the support of its education series partner, Earthlink.

Educating Your Children on Cyber Safety

Educating your children on cyber security

Children are literally growing up “connected.” New social media services pop up like weeds and there is an ever-increasing number of apps and games that connect online. Additionally, many schools are migrating to cloud services, such as Google Drive, and require work to be submitted online. While this connected lifestyle has benefits, there are also risks to your child’s safety. We will explore three common risk areas and what you can do to help your children stay safe.

The Risks

  • Conduct: The lack of physical presence can create a powerful sense of anonymity. This may lead kids to act differently that would in real life.
  • Contact: The lack of physical presence often causes kids to forget that the individual on the other end may not be who they say they are or may not have their best interests in mind.
  • Content: The most popular social media sites focus on ways to capture and post content online, including messages, photos and videos. The temptation for children to “out-post” others or over-share information about themselves is very real and they often do it without realizing the consequences. Children may not realize that publicly posting personal information can lead to identity theft or malware infection.

Educating

  • Safety at Home: Educate your children about safe online behavior and closely monitor online activity.
  • Safety Outside the Home: Emphasize to your children that they should use the same etiquette they use at home when online at school or anywhere else.
  • Online Etiquette: Remember what they say online could go viral or be published in your local newspaper. Educate your children to evaluate their intended comments or postings in this light. “Would you want what you are about to post to be published in the newspaper for all to see and know that you said it?”

Protecting

  • Use parental controls: Many web browsers and mobile phones offer robust features to block objectionable or dangerous content. Third party web-filtering software is also an option.
  • Run malware protection software: Malware protection can provide protection from ‘drive-by’ or otherwise misleading downloads, which children may be tempted to click on.

Recovering From Ransomware

 

recovering from ransomware

Ransomware is a special type of malware that is actively spreading across the internet today threatening to destroy victim’s documents and other files. Ransomware is just one of many different types of malware which has become very common because it is so profitable for criminals.

Ransomware is commonly spread by emailing victims and tricking them into opening an infected attachment or clicking on a link to the attacker’s website. Once this particular type of malware infects your computer it will start encrypting your files or your entire hard drive. You are then locked out of your entire system or cannot access your important files. The malware will inform you that the only way to unlock your system to recover your files is to pay the cyber criminal a ransom to provide you with a password to decrypt your information. Most often the ransom is paid in some form of currency such as Bitcoin.

Should You Pay the Ransom?

The problem with paying the ransom is that often people pay these criminals when they are infected which motivates criminals to infect others. Though you may not have another option to recover your files, there is no guarantee you will get your files back. During the decryption process, you may be infected with additional malware. Decrypting after the ransom is paid doesn’t confirm the ransomware is removed from your device.  Ransomware can stay dormant on your device and attack again later.

Back Up Your Files

The best way to recover from ransomware without paying the ransom is to recover your files from backups. This way even if your computer is infected with ransomware you have a way of recovering files after rebuilding or cleaning up your computer. Keep in mind that if your backup can be accessed from the infected system, ransomware might delete or encrypt your backup files. Therefore, it’s important to back up files to either a reputable cloud-based service or to store your backups on external drives that are not always connected to your system. Be sure to regularly test that you can recover the files you need should your system become infected with ransomware. Backups are important as they also help you recover when you accidentally delete files or your hard drive gives out.

Further Protective Measures

  • The more current your software, the fewer known vulnerabilities your systems will have and the harder it is for cyber criminals to infect them. Therefore make sure your operating system, applications, and devices are enabled to automatically install updates.
  • Use a standard account that has limited privileges rather than privileged accounts such as administrator or root. This prevents many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing their malware for them. They might send you an email that looks legitimate and contains an attachment or a link.
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Ensure that you have malware protection installed and do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and make sure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources

Pro Tip: Encryption How To’s

encryption

You have probably heard people talk about using encryption to protect themselves and their information. In this article, we will explain what encryption is, how it protects you and how to implement it properly.

Why Use Encryption?

You might have sensitive information on your devices, such as documents, pictures and emails. If one of your devices were to be stolen, all of your sensitive information would be in someone else’s hands. Encryption protects you in these situations by helping ensure unauthorized people cannot access or modify your information.

How It Works

Encryption converts information into a non-readable format called ciphertext. Today’s encryption works by using complex math operations and a unique secret key, converting information into ciphertext. The key locks or unlocks the encrypted information. Your key could be a file stored on your computer, a password or a combination of the two.

What Can You Encrypt?

There are two types of data to encrypt:

  • Data at rest – such as the data stored on your mobile device
  • Data in motion – such as receiving email or messaging

Encrypting data at rest is vital to protect information in case your computer or mobile device is lost or stolen. Full disk encryption (FDE) is a widely used encryption technique that encrypts the entire drive in your system. This means that everything on the system is automatically encrypted for you. Today, most computers come with FDE but you might have to manually turn it on or enable it. FileVault is used on Mac computers while Windows computers can use Bitlocker or device encryption. Mobile phone encryption for the iPhone and iPads automatically enable FDE once a passcode has been set. Starting with Android 6.0 (Marshmallow), Google is requiring FDE be enabled by default provided the hardware meets certain minimum standards. Please check with your device manufacturer to determine if it supports FDE.

Information in motion is also vulnerable. If data is not encrypted it can be monitored, modified, and captured online. This is why you want to make sure that all sensitive online transactions and communications are encrypted. A common type of encryption for data in motion is HTTPS. This means that traffic between your browser and a website is encrypted. Look for https:// in the URL, a lock icon on your browser or your URL bar turning green.

Key Things to Remember

  • Your encryption is only as strong as your key.
  • If using a passcode or password for your key, make sure it is a strong, unique password.
  • The longer your password the harder it is for an attacker to guess or brute force it.
  • If you can’t remember all of your passwords we recommend a password manager to securely store your passwords.
  • If your device has been compromised or is infected by malware, cyber attackers can bypass your encryption or leverage your secret key to decrypt the data if your key is not stored securely. It is important you take other steps to secure your devices including using anti-virus, strong passwords, and keeping them updated.