Your home can still be your castle – even in the digital age
Home cybersecurity used to be fairly straightforward, but these days the situation has changed. With the internet playing an increasingly dominant role in how we live and work, you should take a moment to examine whether your personal Wi-Fi network is truly secure. Here are a few easy tips and tricks for how you can best protect yourself and your home in the digital age.
Your wireless network
Consisting of a modem and a router, wireless network devices are responsible for bringing the internet into your home and directing it to all your internet-compatible devices.
You need to change the default administrative password within the router to establish control over the configuration of your home system. Be sure to use a password that is difficult to guess. Try using a random series of words that are easy for you to remember. Employ numbers if possible and capital letters for extra security. At the end of the day, you want to protect yourself by making sure that only devices you know and trust have access to your Wi-Fi network.
For extra security and peace of mind, you can even consider installing a guest network. That way, you can let visitors connect their devices but avoid opening yourself up to potential security problems.
To have confidence in your cyber security, you will want to take a hard look at the strength of all your passwords – from your wireless network to the passwords you use for each device and application.
You should try to use a different password for each device and account. This can be a daunting prospect, as it is now common to have dozens of accounts that require a password. Use a password manager tool if you are having difficulties. There are a variety of different services out there, and you can easily compare features and prices online.
Finally, don’t forget about enabling two-step verification wherever possible. Two-step verification is where two authentication steps are performed sequentially to verify whether an attempted login is legitimate. Often, this process involves a login through an online account and then the entry of a numerical code that is either emailed or texted to the account holder.
It’s wise to become familiar with all of the devices you foresee needing to connect to your wireless network. While in the past this largely consisted of a couple of personal computers, it now could include everything from smartphones and television sets to printers, refrigerators and cars. Educate yourself not only on each device’s make and model, but also its IP address. You’ll also want to save yourself some headaches by enabling each device to download and install automatic security updates.
Unfortunately, no matter how cautious you are, you may still have a security lapse someday. You should have a contingency plan in place and regularly archive your important files and programs.
There are many different strategies you can take to make this easier. You can store your data on the Cloud with end-to-end encryption. You could save it to an external hard drive. Or you could even go the untraditional route of burning your data to a CD. Whatever you decide, you will want to make sure that you can reliably restore your data following a security breach. The good news is that many mobile devices already support automatic data backups, and there are numerous software options out there that are cost effective and relatively easy to use.
Final Thoughts Creating a cyber-secure home network can feel like a challenge. But the benefits of doing so far outweigh the costs. By adhering to these steps, you will be able to create an online experience that is fun and efficient but that does not skimp on security.
As technology advances, so does the deception
The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.
What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.
Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.
When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.
Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.
The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.
Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.
Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.
Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.
Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.
It’s one less stressor!
The more we use mobile technology, the more passwords we accrue. It’s not unusual for an individual to have more than 20 different sites — bank, social media, Netflix, home security — that she routinely enters. Add to this borage of passwords the lack of cohesiveness between websites. One password might require lower and upper case and numbers and punctuation, and another asks for your childhood street address.
How does one simplify the technology puzzle and avoid getting overwhelmed by too many passwords? Here are five steps to follow to keep the letters, numbers and punctuation that make up your internet profile easier to recall and more secure.
Step 1: Use passphrases instead of passwords
Many experts suggest length is key to preventing a hack. The longer the password, the better, even upwards of 20 characters. Use a phrase that is easy to remember such as a favorite cheer for a sports team or something that is second nature in response to you. Some examples might be I-need-my-coffee-at-8AM! or GoBadgerBasketball1984.
Step 2: Use a password manager
How many of you have snapped a photo of your passwords or a photo of a driver’s license to remember information. What happens when your cell phone is gone? Can you access this information? There are hundreds of password managers that can be utilized both via desktop or laptop and smart phone. Although the inputting passwords up front might take time, it’s the sense of organization that is the reward. It’s best not to use the same password for every site. It’s also nearly impossible to remember a different password for each site.
A password manager allows you to use one code to access all of your other codes. This helps secure credential storage as well. The manager can assist in synchronization across multiple devices.
Step 3: Use Two-Step Verification
This is also known as two-factor or multi-factor authentication. This means that a password and a secondary smartphone code are required for access. This might be something such as a finger print, face identification or other tech-savvy options. These are much more secure and nearly un-hackable. Individuals should enable this security whenever possible, especially for financial, email, and other secure and/or private accounts. This can also be enabled with a password manager.
Step 4: Do Your Research
Stay up-to-speed on current online hacks and breeches of data that have occurred. A good resource is https://haveibeenpwned.com to see if any of your online accounts have been compromised. This could be a healthy routine to visit the site once a month to check in on all online accounts and data that you want kept private.
Another easy safety device is to set up alerts on your phone or through Google, Yahoo, etc., that alert you to current scams or if any of your information has been violated. There are thousands of security breaches daily, and don’t panic if you are contacted; it does not mean your information has been compromised. Do your due diligence and determine if you need to go to your password manager to update information.
This information might seem overwhelming; however, being knowledgeable and proactive about passwords and data is crucial to a healthy cyber profile. Technology is constantly advancing. Use these nuances to your advantage. Streamline passwords and stay tech-intelligent.
Now is the time to educate yourself.
In the chaotic economic and physical landscape of 2020, the last thing any individual should have to contend with is being taken advantage of when vulnerable. Nonetheless, scammers are still looking for loopholes to victimize the innocent. Their newest tactic is a scam call “smishing.”
What is smishing? How does one become educated and protected, and how can you be proactive for the next scam?
Smishing is the practice of sending fraudulent text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing is basically a “phishing” scam involving the exchange of text messages or SMS messages.
Common platforms and applications that the hacker might use include a built-in smartphone messenger, iMessage, Facetime, Facebook messenger, WhatsApp, Slack, Skype and other face-to-face mobile vehicles.
Sadly, this is quickly becoming an increasingly popular and successful means of deception. Smishing is especially confusing as people often believe their cell phones are safe from hackers and scammers. Junk text messages were a rarity in years past. Nowadays such texts are common, and many businesses, including doctors, routinely text individuals to confirm appointments or prescription refills.
Due to the newer nature of this scam, and lack of education about its pathway from spam to private information, many consumers, especially those more at risk, such as the elderly, or those without internet access, are prime targets.
In prior years, there was a massive effort to educate the public about not clicking on random links in their email, and that became extremely successful. Nonetheless, criminals are finding a new path, and that is through the technology that is closest to them — cell phones.
Now is the time to educate yourself on how to differentiate spam and phishing text messages from important communication. When receiving a text message from an unknown source, here are four things to think about before responding:
- If it seems too good to be true, then it is! If you receive a generous coupon code from a place you have never heard of or an amazing incentive from a popular brand like Target, McDonald’s, Nike or others, don’t respond. Instead, check a website from the company or call the main phone number to see if the offer is legit. Don’t call a number on the text message, and never respond to an offer by texting personal information.
- Time sensitivity. If you receive a text asking for personal information to fulfill a medical or business request, and they need it ASAP, it’s a scam. A reputable company, medical office or organization is going to pick up the phone and call an individual, not text.
- Long text messages from unknown sources, including a link, are also a good indication of smishing, or phone phishing schemes. Never, click on a link from an unknown source. The link can immediately allow phishers access to confidential and valuable information from your phone. Be vigilant for text messages asking for personal information, passwords or other sensitive information.
- Does the text message have grammatical errors or strange sentence structure? While many people use talk-to-text, it would never be a means of communication for a business to connect with a customer. Another red flag is when the pronoun to your name such as Ms., Mrs., Mr., Dr., etc., is incorrect or even used at all from a stranger. Don’t respond to these messages.
What to do once smished? Delete! And if necessary, block the sender. If you are truly questioning whether a text is legit, try logging onto the internet from a different device to do some investigative work. Bottom line: You do not want to compromise the security of your personal information to anyone via text.
Are you ready?
Can you spot when you’re being phished? One of the first steps is fully understanding what phishing is. Unfortunately, it’s not as fun as heading to the stream with your waders. Phishing can take place via phone call, text, or email, but the latter is the most common place. The attacker will pose as a legitimate institution in an attempt to get secure information from their target. Some examples include those spam calls you receive from the “IRS” robot asking for your social security number.
Over email, things can get a little bit more malicious. It’s common sense to know that an unsolicited robotic voice asking for your social security number isn’t legitimate. However, what happens when you receive an email with a link that you wouldn’t usually give a second glance to? Cyber attackers rely on that lack of attention to target vulnerable users. Here are some ways to tell if the email you’ve received is a phishing email:
- Remember that if it seems too good to be true, it probably is. Those flashy designs advertising expensive items for free could (and in all likelihood will) result in identity theft.
- Be mindful of emails from unknown senders insisting that you act urgently. The attacker is trying to pressure you into acting without thinking.
- Watch out for unknown hyperlinks and attachments. They’ve gained popularity over recent years. They avoid giving you all the details in the email to avoid looking immediately suspicious and urge you to click on the link for more information. Never click on a link from an unknown or untrustworthy sender.
All of that might seem like a lot, but knowing what to look out for is the first step in protecting yourself from cyber-attacks. After a while it will all become like second nature. There are also plenty of other preventative steps that you can take to ensure that you and your inbox are protected.
Spam filters can go a long way toward stopping malicious content from getting to your inbox at all, and you can update your browser’s security settings to block fraudulent websites from opening at all. Setting up two-factor authentication with your financial institutions and any website where your bank data may be stored can help protect you as well.
Jigsaw and Google have partnered to keep an up-to-date phishing quiz to see if you’re ready to identify phishing attempts that may come your way. You can take it here.