For the past dozen years or so, I’ve been writing insurance continuing education (CE) courses about cyber security and keeping safe online. Yes, I designed these courses for insurance licensees but they contain information that’s beneficial and essential for everyone to know.
There are WAY more than 2 tips available. I’m just limiting myself today. You can bet I’ll be providing more in the future.
TIP 1: Avoid Current Scams
Right now, aside from ransomware, two of the biggest cyber security scams everyone is vulnerable to are Quick Response (QR) codes and CAPTCHA verificiation. Both were designed to keep us safe; however bad actors exploit them to take advantage of us.
Basically, a quick response (QR) code is a form of barcode that stores retrievable data for digital devices to read. If you want the long explanation, AVAST explains it here.
Are QR codes safe? Most sources say yes, however, bad actors do exploit them. A few years ago, they scammed the City of Austin, Texas and its residents. The bad guys replaced official QR codes on parking meters and defrauded both the city and those who parked. How? Their phony QR codes directed payments to a phony site, where the bad actors stole confidential personal and payment information. As a result, parkers were also fined for illegal parking.
Here’s a recent article in PCWorld that tells you how to avoid these scams, which are on the rise.
photo by jensenartofficial on Pixabay
CAPTCHA is an acronym for technology that allows a website to detect the difference between a human visitor and a software program called a “bot”. You’ve used this tech before. You see 9 images and have to click on all of those with buses, or bicycles, or cars. Other tests require you to type a word or answer a question after having to think about or review an image. IBM explains CAPTCHA here.
Although most sources say CAPTCHA is viewed as a great security device, it’s not always convenient or as secure as some would like. In addition, there are an increasing number of of phony CAPTCHA scams out there, as Guardio reports.
photo by https://pixabay.com/users/simon-3/
Tip 2: understand what makes you vulnerable
We all believe we’re practicing safe cyber security. None of us expects to fall prey to cybercriminals or their scams. However, certain characteristics can actually make us MORE vulnerable to cybercrime than the average person. The MOST vulnerable people exhibit more than one of the following characteristics:
- Use a WEAK password
- Use the same password for most (or all) of their accounts
- Work from home
Here’s a list of the major things you want to do to keep safe in the cyber world. They’re also great tools for practicing good cyber security:
Password
Use a strong password: one with 16-20 characters. It should also contain a combination of upper and lowercase letters, numbers, and symbols. It should NOT contain:
- Personal information (like your DOB, address, zip code, last four of Social Security #, etc.)
- Consecutive numbers or letters (123 or abc)
- Repated numbers or letters (333, 3030, or zzz)
- Information others can easily guess (the names of your spouse, kids, or grandkids; your pets names; your favorite sports team, author, or TV show, etc.)
password manager
Use a password manager. Here’s a link that explains what a password manager is, how it works, and a few ratings. Sure, there’s a learning curve, but it’s worth it. Also, keep in mind that different password managers offer different features. You can choose one that’s as basic or feature-rich as you’d like.
multi-factor authentication (mfa)
Make sure you use multi-factor authentication (MFA), also called 2-factor authentication. Basic account logins require you to provide a user ID and password. (Ironically, the user ID is required to be your email address, which anyone can obtain! How secure is THAT?) Of course, because you know your user ID and password , other people can know them, too. This is where MFA comes in: it requires a third piece of information. This info is either something YOU HAVE or something YOU ARE. The something you have is your smartphone and an authenticator app or text messaging app that receives codes. You’re only able to login to your account after providing your user ID and password IF you also provide the code sent to your phone’s authenticator or messaging app. Of course, another method of authentication is biometrics: thumbprints, facial recognition, retina scans, etc.
virtual private network (VPN)
Always use a Virtual Private Network (VPN) if you’re on public WiFi. You should also use it on any network where you’re not sure of the level of security. A VPN camouflages the IP address of your device, its physical location, and encrypts the data you send and receive. Here’s a great article on PCMag that explains what a VPN is, how it works, and offers reviews of companies that provide them. I use two VPNs. One is a basic VPN with my antivirus software (that’s on all my devices). The other is a robust VPN purchased for an annual cost of about $70; I use this one when I travel.
security updates
Make sure you update your computer and ALL devices routinely AND when the updates are available. Did you know that you can schedule these updates so they occur when you prefer them to, rather than whenever your computer chooses to install them? Here are two articles that explain how to do this: one from PCMag and another from Tom’s Guide.
one additional tip
If you’re going to conduct online research about anything related to cyber security, I have a recommendation. Do NOT visit sites that have a vested interest in or bias about the subject at hand. In other words, don’t ask Microsoft or Apple who makes the best computers. Don’t ask McAfee or Norton who designed the best antivirus software. Also, don’t visit news outlets, as they often sell ads to tech companies and have a vested interest in them.
I’ve found the following online resources to be helpful and largely objective when looking for tips, advice, etc.:
As always, share your questions and thoughts.