Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve all been inclined to share a little more of ourselves on social media. There are more pictures of baking adventures with kids, selfies of good health and shared lists with a rundown of your personal information. Let me explain why sharing life information without precautions can be bad for real life.
Security Questions are Passwords
Decades ago, banks added extra questions to bank signature cards. This included information – such as a mother’s maiden name – to help verify customers needing account services. In the early 2000’s security questions became the norm for every account you set up online. Security questions are often required as an extra security layer to grant account access or to request a password reset. Questions range from asking your mother’s maiden name to the details of your first vehicle to the street you grew up on. The answers to these questions are additional passwords to access your accounts.
Breaches Handing Out Your Secrets
Security breaches happen every day, but in 2016 Yahoo admitted their security breach leaked over 3 billion users’ security answers to hackers, yes 3 BILLION accounts. This shed light on an even more serious issue – you can’t change your mom’s maiden name or the street you grew up on. But those now-public answers have the power to grant access to your accounts.
Fun But Harmful Social Media Posts
The Yahoo breach and other breaches may have spread some traditional security question answers around, but many people use social media to willingly spread the rest of them. Social media serves as a medium to help us connect to others (or argue with them, but that’s a different article). It was made for these things, but sharing such information publicly also opens users up to account hacking.
- Who doesn’t get a kick out of discovering that our soft-spoken, sweet friend that we met in church has a list of favorite concerts that includes hardcore rap?
- Why not gather “Likes” from posting pictures of us restoring our first vehicle on social media or reminiscing over old 1st grade class photos?
- How many have competed to see who’s moved the most times with lists of former hometowns?
- What other sharing have you seen that includes security question answers?
We’ve all enjoyed these posts, but all of these items are answers to many of the traditional security questions that secure our accounts. It’s hard to remember what we’ve used for our security questions around the internet, so we should assume we’ve used our personal information somewhere. Your privacy settings on your account may be high, but social media is stored in an online database that has certainly been hacked more than once.
Other Options for Security Questions
It’s not likely that you’ll switch over to posting fake information to social media to avoid giving up your security question answers. However, you do have the option to make up fake answers to security questions on your accounts. But how do you remember your fake answers? What if you mess up the exact spelling? A lot of people use a paper notebook to keep track of passwords and security answers. If this is you, please stop. With this strategy, one spilled glass or stolen laptop bag creates a whole new disaster in your life. Instead, look into a free password keeper like LastPass where you can add extra notes to your entries and only have to remember one password. With ever-present malware key-stroke loggers hiding silently on many computers, typing in passwords and security question answers still hands the keys over to hackers.
Upgrading To Two Factor Authentication (2FA)
Two factor authentication (2FA) is one of the most popular alternatives to security questions. 2FA requires two steps to allow you account access. The first step is usually your account password. According to PC World, “two-factor authentication is basically a combination of two of the following factors:
- Something you know – such as your password.
- Something you have – some options include getting a text on your phone, iCloud verification, email verification code, authentication app, or a physical security key.
- Something you are – such as a fingerprint reader or retina/face scanner.
There are no specific regulations requiring a business to have or request security questions. However, there have been increasing regulations requiring the safe storage of a user’s personal identifying information, such as the data which can be gleaned from stored security question answers. With this in mind, it’s a no brainer to set up 2FA if it is offered by your vendor. If your vendor does not offer 2FA yet, let them know you want better security on your account.
If you enjoy social media, then keep an eye out for our upcoming blog article – How to Stop My Social Media Account From Being Hacked.
Email is Not Secure
Email Is Not Secure Naturally.
Lately we’ve been hearing about email servers and scandals involved with email in the news. Some people have commented: “So what? Email is secure.” But it’s not, there are steps you must take to make your email secure! We have had clients ask us to email them passwords or other important information. We do not agree with being careless in the handling of very sensitive information. Instead, we pick up the phone and give them a call or use another method such as a trip to their office.
Email was not designed with any privacy or security in mind. Email was designed back when the internet was a much smaller place for simple messages.
How Can Email Get Intercepted?
Email must travel through several servers while making its way from sender to recipient. A message sometimes “hops” through more than a dozen servers on its journey. Each server it touches is mandated by law to store the message, sometimes for several years afterwards. Furthermore, the distance traveled between hops is often spent unencrypted.
The networks where your emails pass through are a series of routers and switches. All of these connections are owned by different people with varying security standards. It is safest to assume that anything you write in an email can be intercepted and read by anybody, as if it had been published to the front page of a newspaper.
Email servers are where your messages are physically stored before being downloaded to your email browser. Email servers are insecure by default. If a message was originally sent unencrypted across unencrypted networks, it’s going to come onto the server unencrypted.
Even after reaching its intended destination, many computers do not have a login screen or a lock screen code – same with many phones and tablets. If you leave your tablet at the local coffee shop with no lock code, for example, you’ve just compromised all of the email stored inside.
What Are My Options to Keep My Email Secure?
Encrypted Email
Use end-to-end encryption. This is a process which scrambles the message using a complex mathematical formula that can only be solved using a long public key stored on the receiving end. This can prove to be logistically daunting depending on the number of people you contact regularly. This is because all of them must have a copy of your public key set up in their email program in order to read your emails. Even with this type of encryption, email headers are still left open. You won’t be able to hide who you are sending an email to. The NSA has even touted scanning email headers for information during digital pat downs.
Mix It Up
You could send an email to a client letting them know that you’re texting them a password, for example. Then send the text with no additional references about what it’s for. Sending sensitive messages in multiple parts using different channels reduces the likelihood that a man-in-the-middle will receive enough information to do damage.
Use a Service
For sending passwords, LastPass is still one of the most secure services around. You can share passwords in LastPass with other LastPass users.
Messaging apps get mixed reviews from a security standpoint. For example, Skype used to be considered a good encrypted chat service. That is, until it was confirmed that Microsoft had built in a dangerous back door for themselves. Even if you trust Microsoft, back doors very seldom go unexploited once they’re known to exist.
File Services
Services like DropBox are also useful and fairly secure. Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish, though mobile DropBox is not secure. You could also create and send an encrypted ZIP file.
Staying Secure
It’s important to continue downloading and applying updates for the services you use. Even if you are using a mainstream app, it could still be insecure if you haven’t updated it lately. For a long time, iMessage was thought to be secure. Then vulnerabilities were found and Apple had to release security patches to close those holes. If you’re not sure about a security patch, visit the provider’s website and check their support area for recent updates.
LinkedIn and QuickTime Vulnerable
Feeling vulnerable today?
You will after reading this blog post recently shared during a radio interview on The Union Edge: Labor’s Talk Radio show.
LinkedIn Breach Announced
LinkedIn recently announced that they had been made aware of a data hack that happened back in 2012. Stolen information included email addresses, passwords, and member ID numbers. LinkedIn became aware that the stolen account information was being sold online. So LinkedIn emailed all of their members.
What does this mean to me?
Big deal, it was 2012. BUT some people use the same passwords for most of their online accounts AND never change their passwords from year to year… so if you were using the same password that you had on your LinkedIn account elsewhere then you may have more to do than just updating your LinkedIn password.
What to Do
- Don’t use the same password across online accounts.
- Update your passwords on account at least once every 6 months.
I know keeping track of different passwords is difficult and updating it at intervals is even more work. Make your life easy and get yourself a password keeper such as LastPass or KeePass.
Better delete QuickTime!
The Department of Homeland Security issued an alert after Apple announced they will no longer be providing security updates for the QuickTime video player.
“Cyber security experts at the Zero Day Initiative and Trend Micro said they had identified two vulnerabilities in QuickTime for Windows, that could allow hackers to take control of affected computers. The bugs would allow hackers to attack PCs if users visit a compromised web page or open a tainted file.” via DailyMail.com.
QuickTime for Mac OSX is still being supported and updated, so Mac users need not remove QuickTime from their computers. But Windows users should definitely remove the product from their PCs as there are no security updates to fix the current and future security vulnerabilities of the program. The only way to protect against an attack via QuickTime is to remove QuickTime completely from your PC.
How Un-Install QuickTime
You have a couple of ways to properly remove QuickTime from your PC.
Control Panel
1. Go to your computer’s control panel
2. Choose Programs and Features
3. Scroll to QuickTime, click on it once
4. Choose “Uninstall” from the toolbar and follow prompts.
Start Button
1. Click on your Windows Start Button
2. Choose All Programs
3. Locate the QuickTime folder and click on it once
4. Choose Uninstall and follow prompts.
Left out in the cold
Many applications on Windows computers and websites require Quicktime, so now what? It’s time to seek an alternative such as VLC Media Player or XBMC. Both are free alternatives, there are others out there that work too.
Bring back the warm fuzzy
So after installing a Password storage program and a new alternative to QuickTime today, go for the extra credit and run a virus and malware scan on your computer and make a backup. You’ll thank us later or maybe send us a gift card for a coffee.
Visit our blog at AppletreeMediaWorks.com for more information.