Cybercrime will cost approximately $500 billion to the global economy this year and that number is expected to grow to $2 trillion by 2019. For criminals, the reward is great, the future is bright, and the risks are low. For consumers, the risks are high and the potential costs of time and dollars are real.
As a business with access to sensitive information and data, Resource Planning Group recognizes the importance of our role and we devote significant resources, education, and time to helping our clients stay secure. In keeping with that mission, we hosted a cybersecurity event last month with a widely-recognized authority on technology and cybersecurity, Bill Winterberg. Bill spoke for approximately 90 minutes on the tools and techniques that people can use to minimize the chances of becoming the victim of a well-engineered cyberattack. The following is a summary of the implementable advice, tools, and resources that he presented and suggested.
- Use a Password Manager. Bill is a big advocate of the electronic password manager as opposed to the less secure methods of a repeated password or a paper list of passwords. We wrote an article on this subject two years ago. He personally uses Lastpass. We use Dashlane. In any event, the old method of using the same secure password for multiple websites is an antiquated approach that exposes you to attack at multiple institutions when the weakest link of those websites is hacked.
- Use Safe Passwords. Bill suggested that you should treat your passwords like your underwear: change them often, don’t share them with friends, and don’t leave them out for others to see. He also promoted good password hygiene and provided this website as a good place to score your password complexity to determine how easy or hard it is for a thief to break.
- Use Multi-Factor Authentication. Although not available for every online account, websites like Google, Facebook, Sharefile, and Dropbox along with many bank websites and password managers allow you to turn on multi-factor authentication. What is it? It is the requirement of more than just a password to access an account. The most common form of multi-factor authentication for consumer accounts is a temporary pin delivered by text message to your phone that gets used along with a password to access an account. If you use accounts where multi-factor authentication is available, use it.
- Use https Secure Protocol. Any website where secure communication of data is important should be prefaced by https:// rather than http://. This “HTTP Secure” protocol protects the integrity of any exchanged data. Some websites have both a secure and unsecure version. This add-on for Chrome and Firefox browsers promoted by Bill, ensures that you’re always using the secure protocol, if available.
- When Using Public Wi-Fi, Expect that Someone Else Sees Everything You Do. Winterberg described how inexpensive tracking devices (<$100) permit novice hackers to see everything you’re doing while you’re connected to public Wi-Fi. If you ever use public Wi-Fi (paid or unpaid) at the airport, hotels, or coffee shop, you should obviously be extremely careful with the data you’re sharing. Moreover, Bill suggested that public Wi-Fi users get an app like Cloak VPN (for iOS devices) or HMA VPN (Windows and Android) which automatically creates a secure virtual private network (VPN) to protect any data transmission over public Wi-Fi.
- Ramp Up Mobile Device Security. Your mobile device and tablets come with advanced security features but many of them have to be turned on to do the job. For example, iPhone users absolutely need to turn on the “Find my iPhone” feature to enable the critical remote wipe capability. Users also need to ensure that encryption is activated for phones, tablets, and laptop computers to secure data in the event the device ends up in nefarious hands. In the case of iPhones, encryption is automatically activated when you enable the passcode lock. Lastly, Winterberg insisted that everyone should be using passcodes of at least 6 characters and ideally more than 8 since the old 4-character passcode is too easy for thieves to break.
- Use a Software and Hardware Firewall. Not only should you have firewall software installed on your computer but Winterberg suggested that everyone with home Wi-Fi should be sure to enable the wireless router’s firewall, as well.
- Don’t Send Any Sensitive Data or Attachments by Email. Bill promoted the use of electronic password-protected vaults for transmitting any secure documents or data since you never know who will see an email or where it will end up. Moreover, password protected attachments can easily be accessed by a tech-savvy 12 year old. RPG uses one of the secure electronic vaults that Winterberg recommended to avoid sharing private data or attachments by email and we encourage clients to upload any private attachments using this vault.
- Maintain a Healthy Suspicion of All Emails. Spoofing, Phishing, and Social Engineering are all types of hacks that criminals now use because they’ve been successful in the past. One example includes an email that looks like it came from a close friend or business associate with an enticing malware attachment or link. Another example is a phone call or email that appears to come from a respected company like Microsoft, Dell, or Norton and seeks to convince you that something on your computer needs to be updated. Criminals also create ‘required action’ emails that appear to be from large financial institutions like Citibank or Bank of America. These emails have links to the copycat version of the financial institution’s website with the hope that you will enter user ID and password. Winterberg suggested that email users
- avoid opening any attachments or links that were not expected, regardless of whether the sender is trusted;
- be skeptical of any email that uses a sense of urgency, fear, or temptation to encourage action;
- use snopes.com to research whether an email solicitation might be suspicious; and
- always use the known website URL for a financial institution and never just rely on the link in an email.
- If You Become the Victim of an Attack, Be Quick in Taking the Appropriate Steps. No one expects or wants to be the victim of a cyber-attack but it happens with regularity. Bill suggested that you start by completely wiping or replacing your computer which obviously means that you should not store anything essential on your hard drive or desktop that is not regularly backed up somewhere else. He also encouraged immediately changing all your key passwords and using excellent resources from the FBI and the Federal Trade Commission to report the attack, develop a recovery plan, and execute.
We hope this summary of Bill Winterberg’s recommendations is useful. We will relentlessly continue to take precautions such as the ones mentioned above to help protect the security of our clients and are available to offer additional guidance or resources if you have any questions.