If A Stranger Asks You

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

savvylogo

If someone you didn’t know approached you on the street and asked you where you lived, would you tell them? Probably not. If they asked you where you banked and for your account number and online banking password, would you consider giving out that information? Very unlikely. Face-to-face and in real time, we tend to be good at protecting what is important to us. We lock our cars, set the house alarm when we leave and stop the mail on vacations.

Somehow, these same questions and intrusions on the screen of our devices can seem less invasive and safe enough to embolden us to share our most valuable assets. I’m not talking about cherished jewelry, a new computer or a family heirloom — the items that you value the very most and have taken steps to insure and protect. Rather, what you have that is worth stealing is less visible yet valuable to you AND others, those with self-serving and malicious intent.

I’m talking about data. Profitable data. Ever get an email that “looked right” from your bank or Internet provider? Ever click on a link in an email without verifying that it’s from a safe source? These days “street smarts” are not enough to keep you safe. You need to apply those same cautious instincts in the virtual world. You need “Cyber Street Smarts” The reality is that your personal data is lucrative source of income to criminals of all kinds — from your account information to your social security number.

If you look at past and current headlines about hacking events that have led to private information being disclosed to others, you will start to see a pattern. In many cases, the sources of the stolen data have not valued their information enough to protect it from misuse. The lesson from these past mistakes is that you need to be thinking about what others value — not just about what you personally value – and protect accordingly.

Today’s IT systems when managed properly, provide a good defense to outside parties wishing to steal your data. So good, in fact, that hackers not only directly attack systems but have also adopted new strategies that compromise individuals to get the data they are after. The latest headlines about the suspected information compromises by Russian hackers that targeted the Democratic National Committee (DNC) is a prime example of the social engineering technique known as Phishing.

A common hacking technique, Phishing, involves a malicious hacker crafting an email, text message, or social media message that is written in such a way that you are compelled to click the link or open a document that is part of the message. The next step typically involves you entering your username and password (also called authentication credentials) to access a bank account, email account, social media account, or any other online service. The temptation to click and open anything has made Phishing the most widely used technique to get people to give up their access credentials for years.

There are a few actions you can take to help ensure you and your family members are not an easy target for the Phishers.

  • Stop reusing passwords. I know this a challenging request based on the many logins necessary every day, each one typically requiring you to authenticate yourself and prove it is you trying to log in by using a username and password. To save you from having to remember hundreds (at last count, I am over 800) of username and password combinations, use a reputable password manager such as Password Safe.
  • Enable strong authentication (also called multi-factor or 2 factor authentication) on ALL accounts that accept it. The multifactor aspect can come in the form of a text message sent to your phone, an email sent to the address you have on file with a service provider, a challenge request from an authenticator app, such as Google Authenticator, a voice call to a phone number on record, or another way to verify that you are actually the one trying to gain access to your account and not someone pretending to be you. For instructions on how to enable strong authentication across multiple services, review the information at the 2FA Tutorials site.
  • Verify the person or organization that sends you an email, text, or social media message with a link or attachment to click ACTUALLY sent it (and it was not forged by someone with malicious intent). You can call them or go directly to the website being used. As an example, if you receive an email from your bank or email provider asking you to reset or verify your password, open a new browser page and type the main service provider site address yourself and then login to see if indeed they need you to take any action.

To protect everything that you have that is worth stealing, fight your basic instinct to click and open anything sent to you. Take a moment to think about the action you are about to take. Should you really click that link? Be aware and stay vigilant.

 

The Stranger in Your Gifts

By Ben Halpert, CISO Savvy Cyber Kids, an EarthLink partner

savvylogo

The holidays, a wonderful time of year, bring us closer to our friends and family — and ushers in a season of giving, receiving, and upgrading.  Unfortunately, when technology-enabled gifts enter our lives, so do strangers that we didn’t invite to our festivities.

On the top of many people’s wish lists in past years (and this year too!) are phones and tablets that are more powerful and capable than computers built just a few years ago. Android and iOS (the base software that makes your devices work) smartphones and tablets literally open up the world to us. When our children or grandchildren are researching new subjects for school projects on their tablets, or when we are using our phones to communicate with relatives, share our family adventures, or shop to avoid the traffic, no doubt about it, these devices significantly enhance our daily lives.

Yet before the new glow and nicety of technology enhancements fade, we should take a few minutes to understand — and ultimately reduce — the not-so-nice and naughty aspects of technology-enabled devices. In the media we often hear of crimes being committed using technology to target unsuspecting individuals, both adults and children. Thankfully, iOS and Android devices provide settings that can help to increase our privacy  (in this case, establishing limits to the detailed information about us that is exposed when we use devices).

So what can you do?

Go through your location settings and turn off location services for all apps that don’t need to be tracking your whereabouts. And for those apps that need your precise location (Waze, Uber, Lyft, etc.), select the option to enable location-tracking only when the app is in use (if that option is available).

In addition to the more obvious apps that need to use your location information to be functional, there are other apps that also like to gather information about you — for the provider’s or creator’s own purposes and uses. So turn location-tracking off for those apps, including your browser app that sends your current location to every website you visit and your camera app that shares your personal information (like your home address) on photos that you post on social media apps.

Don’t overlook the social media apps you use. Use all of the privacy setting options (including denying access to your physical location) available to you to ensure you are only sharing your personal and private information with your friends and family, not some stranger that claims to be your friend online.

If you are looking for more specific information on privacy settings for your phones or tablets, leverage the Apple and Android location privacy guides.

 

Savvy Cyber Kids (SCK), a 501 (c)(3) nonprofit organization whose mission is to enable youth, families and school communities to be empowered by technology, recognizes that children may be Digital Natives, who, without intervention, completely lack an understanding of the implications of their digital actions. Founded in 2007 by Internet security expert, noted speaker and author Ben Halpert, Savvy Cyber Kids provides resources for parents and teachers to educate children as they grow up in a world surrounded by technology. Savvy Cyber Kids is grateful for the ongoing support of its presenting sponsors, Digital Guardian and Ionic Security and for the support of its education series partner, Earthlink.

Educating Your Children on Cyber Safety

Educating your children on cyber security

Children are literally growing up “connected.” New social media services pop up like weeds and there is an ever-increasing number of apps and games that connect online. Additionally, many schools are migrating to cloud services, such as Google Drive, and require work to be submitted online. While this connected lifestyle has benefits, there are also risks to your child’s safety. We will explore three common risk areas and what you can do to help your children stay safe.

The Risks

  • Conduct: The lack of physical presence can create a powerful sense of anonymity. This may lead kids to act differently that would in real life.
  • Contact: The lack of physical presence often causes kids to forget that the individual on the other end may not be who they say they are or may not have their best interests in mind.
  • Content: The most popular social media sites focus on ways to capture and post content online, including messages, photos and videos. The temptation for children to “out-post” others or over-share information about themselves is very real and they often do it without realizing the consequences. Children may not realize that publicly posting personal information can lead to identity theft or malware infection.

Educating

  • Safety at Home: Educate your children about safe online behavior and closely monitor online activity.
  • Safety Outside the Home: Emphasize to your children that they should use the same etiquette they use at home when online at school or anywhere else.
  • Online Etiquette: Remember what they say online could go viral or be published in your local newspaper. Educate your children to evaluate their intended comments or postings in this light. “Would you want what you are about to post to be published in the newspaper for all to see and know that you said it?”

Protecting

  • Use parental controls: Many web browsers and mobile phones offer robust features to block objectionable or dangerous content. Third party web-filtering software is also an option.
  • Run malware protection software: Malware protection can provide protection from ‘drive-by’ or otherwise misleading downloads, which children may be tempted to click on.

Recovering From Ransomware

 

recovering from ransomware

Ransomware is a special type of malware that is actively spreading across the internet today threatening to destroy victim’s documents and other files. Ransomware is just one of many different types of malware which has become very common because it is so profitable for criminals.

Ransomware is commonly spread by emailing victims and tricking them into opening an infected attachment or clicking on a link to the attacker’s website. Once this particular type of malware infects your computer it will start encrypting your files or your entire hard drive. You are then locked out of your entire system or cannot access your important files. The malware will inform you that the only way to unlock your system to recover your files is to pay the cyber criminal a ransom to provide you with a password to decrypt your information. Most often the ransom is paid in some form of currency such as Bitcoin.

Should You Pay the Ransom?

The problem with paying the ransom is that often people pay these criminals when they are infected which motivates criminals to infect others. Though you may not have another option to recover your files, there is no guarantee you will get your files back. During the decryption process, you may be infected with additional malware. Decrypting after the ransom is paid doesn’t confirm the ransomware is removed from your device.  Ransomware can stay dormant on your device and attack again later.

Back Up Your Files

The best way to recover from ransomware without paying the ransom is to recover your files from backups. This way even if your computer is infected with ransomware you have a way of recovering files after rebuilding or cleaning up your computer. Keep in mind that if your backup can be accessed from the infected system, ransomware might delete or encrypt your backup files. Therefore, it’s important to back up files to either a reputable cloud-based service or to store your backups on external drives that are not always connected to your system. Be sure to regularly test that you can recover the files you need should your system become infected with ransomware. Backups are important as they also help you recover when you accidentally delete files or your hard drive gives out.

Further Protective Measures

  • The more current your software, the fewer known vulnerabilities your systems will have and the harder it is for cyber criminals to infect them. Therefore make sure your operating system, applications, and devices are enabled to automatically install updates.
  • Use a standard account that has limited privileges rather than privileged accounts such as administrator or root. This prevents many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing their malware for them. They might send you an email that looks legitimate and contains an attachment or a link.
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Ensure that you have malware protection installed and do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and make sure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources