Linda McHenry

Tag: cyber security

  • 2 Cyber Security Tips for Keeping Safe Online

    2 Cyber Security Tips for Keeping Safe Online

    For the past dozen years or so, I’ve been writing insurance continuing education (CE) courses about cyber security and keeping safe online. Yes, I designed these courses for insurance licensees but they contain information that’s beneficial and essential for everyone to know.

    There are WAY more than 2 tips available. I’m just limiting myself today. You can bet I’ll be providing more in the future.

    TIP 1: Avoid Current Scams

    Right now, aside from ransomware, two of the biggest cyber security scams everyone is vulnerable to are Quick Response (QR) codes and CAPTCHA verificiation. Both were designed to keep us safe; however bad actors exploit them to take advantage of us.

    Basically, a quick response (QR) code is a form of barcode that stores retrievable data for digital devices to read. If you want the long explanation, AVAST explains it here.

    Are QR codes safe? Most sources say yes, however, bad actors do exploit them. A few years ago, they scammed the City of Austin, Texas and its residents. The bad guys replaced official QR codes on parking meters and defrauded both the city and those who parked. How? Their phony QR codes directed payments to a phony site, where the bad actors stole confidential personal and payment information. As a result, parkers were also fined for illegal parking.

    Here’s a recent article in PCWorld that tells you how to avoid these scams, which are on the rise.

    photo by jensenartofficial on Pixabay

    CAPTCHA is an acronym for technology that allows a website to detect the difference between a human visitor and a software program called a “bot”. You’ve used this tech before. You see 9 images and have to click on all of those with buses, or bicycles, or cars. Other tests require you to type a word or answer a question after having to think about or review an image. IBM explains CAPTCHA here.

    Although most sources say CAPTCHA is viewed as a great security device, it’s not always convenient or as secure as some would like. In addition, there are an increasing number of of phony CAPTCHA scams out there, as Guardio reports.

    photo by https://pixabay.com/users/simon-3/

    Tip 2: understand what makes you vulnerable

    We all believe we’re practicing safe cyber security. None of us expects to fall prey to cybercriminals or their scams. However, certain characteristics can actually make us MORE vulnerable to cybercrime than the average person. The MOST vulnerable people exhibit more than one of the following characteristics:

    • Use a WEAK password
    • Use the same password for most (or all) of their accounts
    • Work from home

    Here’s a list of the major things you want to do to keep safe in the cyber world. They’re also great tools for practicing good cyber security:

    Password

    Use a strong password: one with 16-20 characters. It should also contain a combination of upper and lowercase letters, numbers, and symbols. It should NOT contain:

    • Personal information (like your DOB, address, zip code, last four of Social Security #, etc.)
    • Consecutive numbers or letters (123 or abc)
    • Repated numbers or letters (333, 3030, or zzz)
    • Information others can easily guess (the names of your spouse, kids, or grandkids; your pets names; your favorite sports team, author, or TV show, etc.)

    password manager

    Use a password manager. Here’s a link that explains what a password manager is, how it works, and a few ratings. Sure, there’s a learning curve, but it’s worth it. Also, keep in mind that different password managers offer different features. You can choose one that’s as basic or feature-rich as you’d like.

    multi-factor authentication (mfa)

    Make sure you use multi-factor authentication (MFA), also called 2-factor authentication. Basic account logins require you to provide a user ID and password. (Ironically, the user ID is required to be your email address, which anyone can obtain! How secure is THAT?) Of course, because you know your user ID and password , other people can know them, too. This is where MFA comes in: it requires a third piece of information. This info is either something YOU HAVE or something YOU ARE. The something you have is your smartphone and an authenticator app or text messaging app that receives codes. You’re only able to login to your account after providing your user ID and password IF you also provide the code sent to your phone’s authenticator or messaging app. Of course, another method of authentication is biometrics: thumbprints, facial recognition, retina scans, etc.

    virtual private network (VPN)

    Always use a Virtual Private Network (VPN) if you’re on public WiFi. You should also use it on any network where you’re not sure of the level of security. A VPN camouflages the IP address of your device, its physical location, and encrypts the data you send and receive. Here’s a great article on PCMag that explains what a VPN is, how it works, and offers reviews of companies that provide them. I use two VPNs. One is a basic VPN with my antivirus software (that’s on all my devices). The other is a robust VPN purchased for an annual cost of about $70; I use this one when I travel.

    security updates

    Make sure you update your computer and ALL devices routinely AND when the updates are available. Did you know that you can schedule these updates so they occur when you prefer them to, rather than whenever your computer chooses to install them? Here are two articles that explain how to do this: one from PCMag and another from Tom’s Guide.

    one additional tip

    If you’re going to conduct online research about anything related to cyber security, I have a recommendation. Do NOT visit sites that have a vested interest in or bias about the subject at hand. In other words, don’t ask Microsoft or Apple who makes the best computers. Don’t ask McAfee or Norton who designed the best antivirus software. Also, don’t visit news outlets, as they often sell ads to tech companies and have a vested interest in them.

    I’ve found the following online resources to be helpful and largely objective when looking for tips, advice, etc.:

    As always, share your questions and thoughts.

  • 8 Resources for Staying Safe Online

    Most people are fully aware of their vulnerability to cyber crime; however, most don’t know precisely what they can do about it–or where to do for information.

    According to the 2019 Cyber Barometer published last month by Generali Global Assistance, more than 50% of individuals around the world were the victim of a cyber crime, or knew someone who was. In the U.S. credit card theft and identity theft are currently the most common forms of cyber crime. If you would like to view an infographic of Generali’s study, click here.

    I have come across a LOT of websites when conducting research for the insurance courses I write that provide tips and advice to people seeking to protect themselves. URLs to those websites, and the valuable information they provide, appear below. I hope you find some of the helpful!

    1. Consumer info from the FTC: https://www.consumer.ftc.gov/topics/privacy-identity-online-security
    2. Identity Theft Resource Center: https://www.idtheftcenter.org/
    3. Security Awareness Free Resources (click Resources Tab at the top right of the home page): https://www.knowbe4.com/
    4. Security Tips (MANY of them, for various types of threats), from US-CERT: https://www.us-cert.gov/ncas/tips
    5. IRS Tax Scams: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
    6. Privacy Rights Clearinghouse: https://www.privacyrights.org/
    7. How Secure Is My Password: https://howsecureismypassword.net/
    8. Password Generator Tool: https://thebestvpn.com/password-generator/
  • My credit card info keeps getting stolen … does yours?

    My credit card info keeps getting stolen … does yours?

    I stayed at a Marriott hotel near Boston last April, so I was very concerned when I heard about the Starwood breach. As a result, I’ve conducted a bit of research on the subject.

    Marriott purchased Starwood Hotel & Resorts, in part, because of Starwood’s popular loyalty program. Unfortunately, Marriott also purchased Starwood’s cyber issues. A vulnerability in Starwood’s hotel reservation system had been allowing unauthorized access to it since 2014, a year before the acquisition between the two corporations was even discussed.

    Although original estimates indicated more than 500 million guests were affected, recent estimates by Starwood top out at 383 million. Some of which may be duplicates. Phew! That makes me feel SO much better. You too?

    Here are the most recent figures released by Starwood (on January 4, 2019):

    • 8.6 million encrypted payment card numbers were compromised
    • 5.25 million UNencrypted passport numbers were compromised
    • 20.3 million encrypted passport numbers were compromised
    • 327 million guests had some combination of the following types of information compromised:
      • Name
      • Mailing address
      • Date of birth
      • Gender
      • Arrival and departure info
      • Reservation date
      • Communication preferences
      • Encrypted payment card numbers

    Although you may be breathing easier because stolen credit card info was encrypted, you might want to reconsider. Why? Well, it seems the encryption key might have been stolen right along with the payment card information. The bad guys had access to the system for 4 years. I wonder what other info they stole…

    From what I’ve learned, hotels are notoriously vulnerable to security breaches because they often don’t use chip readers and, instead, either enter credit card info manually into their systems or swipe credit cards when guests check in. One cybersecurity expert reported that both the Hyatt and Trump hotel chains were hacked in 2016.

    What bothers me is that hotels keep your credit card information after you leave–even when you ask them to destroy it and they swear they will. That happened to me last spring, when I traveled to the Kansas City on business. My client paid for my hotel stay and, when I checked in, the hotel required me to present my personal credit card for “incidentals.” I asked the desk clerk how much I would be charged and whether the hotel would keep my payment information afterward. I was told that a $25 “hold” would be placed on my card at check-in and, if I did not charge anything during my stay, the hotel would remove the hold and destroy my card info.

    Well, that’s not what happened. Several months later, after a glitch in communication between my client’s booking agent and the hotel, the hotel charged $152.25 to MY credit card rather than the client’s credit card. (The hotel had not destroyed the info on either card.)

    This charge was made although I had not paid the hotel anything (the “hold” was removed) and without my authorization. I called my credit card company, reported a fraudulent charge, and had the card cancelled and reissued.

    This was the 2nd time in less than a year I used my credit card legitimately and, through illicit means, an unauthorized third party acquired my info and used it for their own benefit. As a result, the Starwood breach–and the cope of it–does not surprise me. I’m just glad I stopped using debit cards years ago.

    Feel free to share your own stories. I know you have them…