Gizmo Guy: Keep a Guard Up
Along with death and taxes, comes another thing we can all be sure of, says cybersecurity advocate, entrepreneur, and author Adam Levin.
/arc-anglerfish-arc2-prod-pmn.s3.amazonaws.com/public/ZZ44I7O6QVHJ7BMRETLUJCWOQA.jpg)
Along with death and taxes, comes another thing we can all be sure of, says cybersecurity advocate, entrepreneur, and author Adam Levin.
Sooner or later, our internet service will be breached, and our computers turned into criminal accomplices, he warns. And even our smart appliance servants may turn into weapons of destruction.
Every day, con artists worldwide (some government sponsored) are doing their darnedest to learn details about us with programs that hack into our email, contact lists, and social media, or worm into our lives via "malware"-infected sites that load spy tools on our machines to track our keystrokes.
Bad guys also "phish" for personal tidbits by pretending in emails to be "friends" or business contacts, asking seemingly safe questions like "Hey, what's your birthday?"
All that's done to shape your imitation profile good enough to spoof the world: asking friends to wire money to Paris, where you're "stranded," or for retailers to ship that Rolex to you in Bora Bora (and send the bill to Philly.)
Adding insult, some of those cool, new internet-connected smart appliances that aim to be our "personal assistants" can be turned against us. In October, a bot army (mostly security cameras and connected video recorders) was remotely rallied and put to evil work, flooding the web with millions of fake communiqués that shut down the internet relaying network Dyn and such clients as Twitter, Spotify, PayPal, Netflix, Facebook, Airbnb, and HBO.
More recently, a team of good-guy hackers in Israel showed how it could spread a virus from just one to many Philips Hue smart lightbulbs, thanks to a software gap, since patched.
"The cyber war has replaced the Cold War," said Levin, author of Swiped, chairman of IDT911, an identity-theft remediator, and a former director for the New Jersey Division of Consumer Affairs. "It's now possible to knock out a major city's 911 service with 200,000 bots," he says. "Or to shut down systems in hospitals, affecting everything from computers to insulin dispensers and pacemakers." And that's not just speculation. Some big hospitals have been hit by "ransomware," paying hackers to unlock hijacked computers. "The bad guys even have customer support agents to help you make the payment," said Levin.
As the shopping season ratchets up, the cyber rats do too. That's why our 2016 wish list - 10 Best Practices to Beat the Cyber Snatchers - can help.
1. Don't reuse the same email and password on different sites. Or the next time that a Yahoo (500 million hacked accounts!) is breached, you'll be screwed. Change passwords often and make 'em fancy with uppercase and lowercase letters and numbers only you will recall. A clRp4g8Lds trumps donalduck1 or password. For extra safety, Amazon and Yahoo now let users enjoy "two-factor authentication," requiring an extra check-in like the three-digit code on the back of credit cards.
2. Save all those passwords on a Password Saver like LastPass, 1Password, DashLane, StickyPass, or True Key. "They're easy to use and very few have been breached," said Levin. Cost is $40 to $60 a year.
3. While sites invite you to sign on with your Facebook account, DON'T. You'd be sharing far too much personal stuff, like answers to security questions. Keep your mobile phone number private, so big brother can't be watching you. And while free public Wi-Fi seems appealing, it's ripe for malware loading.
4. Beware the seasonal scams. Just last week, "Costco" promised a $50 coupon for holiday shopping if I'd first verify member particulars. (But I'm not a member!) And as happened last year, millions of phony order confirmations (requesting you resend "misplaced" credit-card details) will likely flood shoppers' in-boxes after Thanksgiving/Black Friday/Cyber Monday. Just when you're anticipating merchandise deliveries.
5. Look out for the "barrage" of fake retail and product apps popping up in the Apple and Android app stores, warns Chris Mason, CEO of the app creation firm Branding Brand. Among them: counterfeit apps for "Overstock Inc." (not quite Overstock.com), Jimmy Choo, Nordstrom, and Dollar Tree (which has no official app).
6. Is the security fire wall "up" on your home computer? Your internet service's online support team (or a friendly "geek") should be able to tell.
7. Change passwords on internet linked products from the factory default settings. Too often it's the user name "admin" and password "1-2-3-4-5."
8. Stick with MAJOR name internet-of-things devices like Nest thermostats, backed by Google, and Lutron app-controlled light switches that get updated at the first hint of a breach.
9. What to do with those bargain-priced surveillance camera systems (made by Hangzhou Xiongmai) that were core to the Oct. 21 Dyn attack? Let them snoop but take them off your network. Also, disable the discredited "Universal Plug-and-Play" feature that used to make the networking of routers, printers, and cameras dirt simple and ripe for hacking.
10. If your Wi-Fi router supports "guest networking," consider segregating internet-of-things devices in that separate-but-equal communications zone. Hey, can't touch me now!
215-854-5960 @JTakiff