I don’t have a lot of fears. I do have plenty of things that I worry about – will we ever get the kids to bed on time, what are we having for dinner, when can we take a real vacation that doesn’t involve visiting extended family… not that I don’t love my extended family, but it would be great to do something really special, just with my husband and kids, right? But none of this worry really gets me in a cold sweat. It’s more like a constant white noise going on in my mind. What does freak me out is the threat of cyber-crime. The thought that someone could get hold of my personal information and use it to impersonate me, or ransom it back to me for a price – now, that’s a scary one. Or worse, the thought that someone will trick one of my loved ones into giving them private information, and we won’t find out about it until it’s too late. I worry about that a lot, for my own family and for HealthStar’s Client base, too. So, what do I do to protect myself? Below are a few key steps that I have taken. You can do these things too, and please help any potentially vulnerable family members or community members if you have the opportunity. Sometimes, we need a little help to achieve safer and more secure private information.
- Use unique, strong passphrases for sites with sensitive information, and for your email account. Using the same password or passphrase across accounts makes it easier for bad guys to get access to multiple different sites. Most accounts use an email address as an option for a username. Once the bad guy has your email address and even one correct password, any accounts using that combination for access are at risk. Be especially careful with email account passwords, as unauthorized access to your email could add up to a big problem. For example, if I gain access to your email account, and I know you bank at Wells Fargo, I can use your email address to reset your bank password, check your email for the password reset, and then use the new password that I assigned to sign into your bank account. For information about password security, see the links at the end of this article – generally, you should choose a unique passphrase made up of several words or numbers, that isn’t easy to guess, and that isn’t in the top list of compromised passwords. For example, TrollRainbow1946Homerun. There isn’t enough word space here to get into the nitty gritty details of choosing a secure password, but choosing something along these lines will make it harder to guess, harder to hack, and might also help you choose something you can actually spell and remember. If a bad guy still gets your password, further issues can be prevented if you:
- Use multi-factor authentication wherever possible, especially on sensitive accounts. Multi-factor authentication is just a fancy way of saying you’ll be required to use more than one method to show that you are the owner of the account you’re accessing. For example, with my email, I have the account set to always require a second access code. I’ll sign in with my usual email address and password, and then the system will send a numeric code to my cell phone. I’m required to enter that cell phone code to complete the login. This method proves that I have access to a specific physical device, as well as access to the account password. The second access code could be a security question, a phone call that speaks a code, or an email sent to a secondary account. Using the secondary access code requiring you to have a specific device, like your cell phone, is very secure, because it’s possible someone could have unauthorized access to a second email account or could guess a secret question’s answer.
- Don’t sign in to unsecured networks. Wait, am I telling you not to use the popular “free wi-fi” available at so many businesses? YES. If you’re doing something that you don’t want broadcast to the bad guys, like banking, paying with a credit card, or checking your email, then don’t do it on these networks. It is too easy for someone to set up a fake second network that looks like the name of the business, and then you unwittingly sign on to the fake network, where the fake broadcaster (aka bad guy) will grab whatever you’re doing. If you’re just browsing the internet, it’s probably fine, but any personal information could be potentially picked up, so be wary.
- Don’t open email you aren’t expecting. Examples shown in computer training are usually overstated and obvious, but email scams can be surprisingly hard to identify. Be cautious of any email that you weren’t expecting, and don’t click on links in email or provide any personal information through an email link. For example, some popular scams copy the look of communication from banks, telling you there is a problem with your account. Instead of clicking on the link in the email, or calling the number in the email, any issue can be verified by calling your bank at the number on your card or visiting the bank’s website through a web search, NOT through the link on the email. Links in scam emails can lead to fake sites, which will collect any information you enter, possibly leading to identity theft or unauthorized access to your bank accounts or other private accounts. Also, be suspicious of poorly written email, or anything that sounds too good to be true.
- Be cautious of posting personal information on social media. Personally, I don’t post on social media, but I know that puts me in the minority, and possibly makes me seem overly paranoid. Lots of people are accepting of the “big brother” type intrusions that come with social media, but may not be very informed about the far-reaching implications. Information that you post is being collected in huge quantities, and you don’t always know who is at the end of that collection, or what kind of security is being applied to your personal information. Posting private information on social media can also be an invitation to criminals. Posting about a vacation? Sounds like a good time to stop by and break into your house. Posting about a new job? Sounds like a good opportunity for a LinkedIn or job hunting scam. There are very savvy criminals out there, and the less information we make available to them, the safer we will be. I’m not saying don’t use social media at all, but I do think we should all be aware that anything we post is available to both good guys and not-so-good guys, so post accordingly.
- Watch out for fake IT support pop-ups or phone calls. There are lots of these – you’ll get a phone call from “Microsoft” saying they need to access your computer for service. Or you might see a pop-up that says something about your computer needing support/service, or “your computer has a virus!” with a phone number for support. Once you’re on the phone, the “tech” will ask you to allow remote access to your computer, and then he or she can (here’s the bad part) copy the computer’s entire contents, or can encrypt and hold the encryption password hostage for a price, locking you out of your own data. Once you’re in this situation, there is no fix, unless you:
- Keep a backup of your computer, or at least back up your critical files. If you have a good backup, then you can always take your computer off the network if you get into a situation like the one above. Then, you can restore from your backup file once you’re offline. This doesn’t help save you from identity theft if the person was able to copy your computer’s contents, but it will help if your computer contents are being encrypted. Backing up sounds intimidating, but many computers have an automatic backup that can be set up, or you can back up by simply copying files to an external hard drive. An external hard drive might cost in the ballpark of $50 to $150 depending on the size – a small investment for how much trouble it might save if you lose everything! You can also use an online backup service. There are many reputable computer techs who could help with this without taking much time, which leads me to my final tip:
- Find a local tech that you can trust, and get comfortable with him or her. We rely on our technology for almost everything, so down time will be painful and potentially costly. Like a financial advisor or trusted auto mechanic, it is great when you already know someone you can trust when an issue with your personal technology comes up! There are lots of computer techs available to help people who aren’t comfortable with in-depth computer setup or maintenance. If you can maintain a relationship with a tech you can trust, it will be that much easier to recover in the event of a catastrophe, and it’s always nice to get advice from an expert. I have lots of backup to help me do my job, and I know I wouldn’t get much sleep if I wasn’t able to ask an expert for help when I need it!
If this article helps even one person keep his or her information safe and private, I’ll be pleased. There are so many people just waiting for the opportunity to sneak, steal, and destroy just to get ahead. Let’s help our vulnerable population stay out of harm’s way – tell the ones you care about to keep their private information safe!
-Beth Taylor, IT Manager
HealthStar Home Health
Want to learn more? Check out the below articles!
https://hbr.org/2017/05/why-you-really-need-to-stop-using-public-wi-fi
https://www.us-cert.gov/ncas/current-activity/2018/03/27/Creating-and-Managing-Strong-Passwords
https://techspective.net/2018/05/23/10-best-practices-to-secure-and-protect-passwords/
https://www.theguardian.com/technology/2014/dec/24/cybercrime-2015-cybersecurity-ransomware-cyberwar
https://www.consumer.ftc.gov/articles/0346-tech-support-scams
https://www.howtogeek.com/242428/whats-the-best-way-to-back-up-my-computer/
https://www.cnet.com/how-to/easiest-ways-to-backup-your-files/
https://www.acronis.com/en-us/
https://www.sec.gov/reportspubs/investor-publications/investorpubsphishinghtm.html
https://www.techrepublic.com/blog/10-things/10-reasons-why-i-avoid-social-networking-services/