We all worry about cybercrime, but many of us don’t know just what it looks like or how to prevent it. Jmore spoke to Baltimore tech entrepreneurs Harel Turkel of SOS Technology Group, Sam Friedman of Cyberbit and Bruce Spector of Baltimore Cyber Range, for advice on protecting yourself and your business online.
Easy to Be Hard
“Hackers go for the easier targets, and they’ll keep going until they find a way in,” says Sam Friedman of Cyberbit, which provides cybersecurity training and simulation. There are a few ways you can shield yourself, however.
For convenience, keep passwords in a secure place that’s easy to access. For example, use electronic files that need your fingerprint to unlock or a secure app on a mobile device, which can give you security as well as easy access. Always use smart passwords. When opening accounts or setting up systems and sensitive files, use passwords containing a variety of 8 to 12 characters, including uppercase, lowercase, numbers and symbols, and change them every few months.
To prevent losing important files, consider backing them up on the cloud. Check out iCloud for Apple products and Google Drive for Android. Alternatives include OneDrive and Dropbox. This strategy also will serve you well if your device is lost or stolen. An alternative is to store important data on a hardware-encrypted USB drive with encryption that cannot be disabled.
Before you open email from an unknown person or organization, look for signs of phishing or fraud. “Awareness is the key. For example, look for typos and spelling errors,” says Friedman. Other attempts to steal your user names and passwords include “Urgent Action Required” and requests for your Social Security number, bank account or anything confidential requested in an unsolicited email.
To help prevent the fraudulent use of your name, credit cards and credit reports, Harel Turkel of SOS Technology Group recommends LifeLock. “LifeLock offers lots of identity protection for little money.” Another identity theft protection software available to consumers is Identity Guard.
Vigilance While Traveling
Don’t use a public, unsecured Wi-Fi for anything that’s sensitive or confidential. Do nothing password-related on any public Wi-Fi. Open networks at airports, doctors’ offices, cafes and other public places offer high risk of exposure. If you are not prompted to input a key, password or passphrase, the network is not secure. Also, before traveling, don’t forget to turn off file sharing and AirDrop.
If you anticipate that you’ll need to do banking when traveling, sign into a money transferring service, such as Venmo or PayPal, and connect to your bank in advance.
You also should be careful where you roam online. Don’t log on to any website that doesn’t begin with HTTPS, which indicates it’s secure. It’s safest only to check general interest websites, such as news, stock markets and weather. Finally, be sure to log off after checking your bank statement online or any other sensitive sites.
The Perceived Threat
If you use confidential or proprietary information, you have a higher level of threat. That includes doctors, lawyers, accountants and anyone with proprietary reports or confidential facts and figures.
In addition to considering the likelihood of being hacked, also assess what harm you could sustain if a stranger cracked into private client information.
Turkel recommends, “Purchase a business-class firewall,” a network security device that monitors incoming and outgoing network traffic. “Check out Cisco, SonicWall, Sophos. You might want to consider the help of an IT consultant.”
Important data that needs to be accessed remotely should be made available over a secure channel or virtual private network (VPN). Your computer’s network control panel likely offers a VPN, but in most cases you also need to log on to a VPN service.
Consider employing two-factor authentication. The user enters a password, receives a code via email or text, then enters it to access the account.
For Entrepreneurs with Employees
According to Bruce Spector of Baltimore Cyber Range, “Ninety-nine out of 100 cybersecurity attacks are because someone let that threat into your system.”
The antidote? “Education is the best way to keep your system secure,” Spector says.
If you have any or many employees, the ratio of convenience to perceived level of threat becomes more important. Some employees are likely to default to the easiest levels of convenience unless you emphasize what you consider the most appropriate cybersecurity practices.
In anticipation that employees eventually will depart or be asked to leave, have a range of predetermined procedures in place. These can include ways to prevent their future access to confidential data and methods that wipe clean their computer’s history.
Turkel maintains that, “Every company has been breached, even if it doesn’t know it has been breached.” For example, “computers might already have zero-day threats,” which are undetectable until their malware is released.
Ransomware is another problem. It sometimes follows a denial of service that prevents the use of your computer system.
“Ransomware doesn’t just happen to large businesses,” says Turkel. In his experience, the average amount demanded is less than $10,000. Sophos and Symantec claim to address zero-day threats.
“The only remedy to ransomware is to have good backups in place,” Turkel says.
If you need professional assistance, there are a variety of resources to consider. Some professional associations provide this assistance to members at little or no charge, including the American Bar Association and the American Medical Association. Cyber awareness training websites are available.
If you have several employees, review some local cybersecurity services, such as Baltimore Cyber Range, Cyberbit and SOS Technology Group, to find one that works best for your needs.
“Don’t be paranoid, but be aware,” says Friedman. Make preventive actions more convenient and determine your actual threat level so you know what higher-level responses need to be taken.
For extra security, you can use top-grade anti-virus, anti-malware protection, such as Norton or Sophos, but make sure you stick to only one. Security software tends to take up a lot of processing power, so that having two programs scanning a system at the same time can bring your computer to a grinding halt. Microsoft computers come with security software — make sure that is disabled before running premium protection software. And always make sure your software is up to date — computer viruses, like their biological counterparts, are constantly changing.
When messaging, try to use only apps with end-to-end encryption for truly private conversations and text messages. Signal is one prominent product, which has been added to WhatsApp, Facebook, Messenger and Skype. Other products include Wire and Viber.
And finally, know where your mobile phone is at all times!
Peter Arnold is an Olney, Md.-based freelance writer.
When are you especially likely to be hacked? While traveling. You are apt to be less attentive and more likely to use an unsecured network. So review the preventive tips offered here.
What is one of the first things hackers try to identify? Passwords that are common and not changed frequently. Using smart passwords is not as difficult as it sounds.
How do cyberpunks often break in? Through a careless employee. But a little education can go a long way.