Tis the Season (To Not Get Hacked!)

With the holidays here, everyone's mind is on eggnog, good times with friends, and the latest gadget under the tree. And it is also a good time to think about the simple things you can do to protect yourself from having your financial information or identity stolen by the new toy you just received. So let me provide you with the "top 10" list I give friends and family when asked about what they can do to protect themselves from hackers when the topic comes up at the dinner table or around the fire pit (and believe me, it does).

1. Pick and use a password manager (LastPass, 1Password, etc). As the endless breaches in the news have shown; somewhere, somehow, your account information has likely already been stolen. If you are reusing passwords across sites, as it appears most people do, then your account information being stolen on one site potentially exposes you across countless others where you have reused the same credentials. A password manager allows you to easily create and use complex, random passwords across the websites you access, all protected by a single password you know and only use for the password manager itself (my suggestion, use an online passphrase generator such as the one at untroubled.org to create your master password).
2. Consider replacing your old (as in more than 3 years old) PCs, smartphones and network equipment with the latest gear. Security is a constantly evolving field, and what was state of the art a few years ago can be Swiss cheese from a security standpoint today, especially for consumer electronics. For your PCs make sure you are using the latest Windows or Apple operating systems and that their automatic update features are turned on. For network equipment (WifFi routers for example), take advantage of the latest mesh technology which will not only give you greater coverage and speed, but will also automatically keep themselves up to date with security patches (Google Wifi for example). For smartphones and iPads, make sure that they are running the latest operating system available (and are capable of running it). If not, replace them.
3. Speaking of iPads, now is the time to consider swapping out your old PC or laptop and upgrading to a new iPad or iPad Pro as your main computing device. Not only will it be more secure against malware, it will also be easier to maintain and for most people I know who are not in technology fields, will handle all of their computing needs in a very portable package. No more antivirus, firewalls or other security features to contend with (assuming you are switching to an Apple iPad).
4. Turn on 2 factor authentication wherever it is available (LinkedIn, Twitter, Google, Apple, etc). Two factor systems (which usually send a confirmation code to your phone that you need to enter along with your user id and password) are a strong additional layer of protection against your accounts getting hacked, and can provide a warning that someone may be trying to get into your account without your knowledge. My preferred password manager, LastPass, also features it as an additional security measure for access to LastPass itself.
5. Whatever new device you get under the tree this year, make sure that you read the manual to understand what security features are available. All too often even when security controls are available in a product, they are not enabled by default. Enable them and whatever you do, please make sure to change the default password for the device (using the fancy new password manager you installed to generate a complex, random password). Don't forget to use your password manager to generate a secure and random password for your home WiFi network as well.
6. If you are traveling over the holidays, be sure to access the internet safely by buying a VPN (Virtual Private Network) subscription for the laptops or smart devices you are taking with you. The free wifi hotspots that you may access when traveling are veritable dark alleys of potential criminal activity where your account information can be spied on or stolen if you are not using a VPN. Also when you travel, save the posts on social media about where you are for when you get back. More than a few homes have been broken into while the owners were out of town on the vacation they broadcast to the world on social media in real time. Finally, be aware that there are people around you in the bus, train or plane who see and hear whatever you are doing on your phone, pad or laptop - be discrete.
7. For those who are a bit more interested in twiddling with technology, take a look at the free products available that can protect your entire home network from malicious websites and phishing emails. While not a guarantee, they go a long way toward ensuring that the computers and devices on your home network can't communicate with known websites that serve malicious software or support phishing attacks. In addition, depending on the product you use, they can protect your family against web content you do not want them to see such as porn or tasteless websites. Examples include Symantec's Norton Connectsafe or Cisco's OpenDNS Family Shield. Installing them is as simple as changing a field or two in your home router's software and should take less than a minute.
8. Two is one, and one is none. This simple motto is a reminder that when it comes to protecting your data, there is no such thing as too many backups. As more and more of our memories and records transition to digital, making sure that you have backups of that data becomes ever more vital. Whether you are infected with ransomware, or simply have a hard drive crash on your main PC, at some point when you least expect it and most need it, you will lose your data. And without a backup (or multiple backups), it will be gone forever. My recommendation, make use of whatever backup features are available in your PC's operating system (such as Apple's Time Machine), and then supplement that with a commercial backup product (such as Backblaze or Carbonite) that securely backs up your information to the cloud.
9. Be vigilant. Knowing that your online or financial accounts have been compromised is the most important step in being able to rectify the situation before it gets worse. If you don't have credit monitoring already you can obtain it for free from CreditKarma.Com. To monitor your online accounts, you can signup at HaveIBeenPwned.com to receive alerts when your userid shows up in a report of breached accounts from a hacked website or company, or most password managers also provide this feature if the compromised account is one they maintain.
10. Finally, for financial information at least, prevent the problems before they occur by considering putting a credit freeze on your accounts at the credit bureaus. These freezes will help stop new accounts from being opened in your name until you remove the freeze. While this does impose some inconvenience and potentially some cost to add or lift the freeze, the piece of mind that comes from knowing that you are largely protected from identify theft is well worth it. Details are available at the FTC's website.

That's it! If you like this article, feel free to share it with your network, friends and family. Be safe, be happy and I hope everyone has a wonderful holiday season this year!

-------------

I advise boards, executives and companies on matters of information risk, security and privacy. To discuss how I can help you and your organization, contact me at [email protected]. To learn more about risk management, information security and privacy, be sure to read my prior articles and follow me to be alerted to new articles.