Click here to learn more about our financial professionals by visiting FINRA's BrokerCheck.


OCTOBER SAVVY CYBERSECURITY NOTES

| October 12, 2018
Share |

In this issue:

  • Three things to do during National Cybersecurity Awareness Month
  • Cybersecurity shorts
  • Software updates

Three things to do during National Cybersecurity Awareness Month

Did you know that October is National Cybersecurity Awareness month? The observance became official four years ago under the National Cyber Security Alliance. The goal of the month is to ensure that we all have the resources we need to become safer online.

We want to be sure that you have the ability to improve your cybersecurity in at least one way this month.  We want to go over three different actions you can take in the next five weeks to become more cyber-secure.

  1. Freeze your credit files

If you have been putting off freezing your credit files, you are officially out of excuses. As of September 21, credit freezes are free in all 50 states. A credit freeze is the best way to stop hackers from opening new lines of credit in your name because it locks your files with a PIN. New credit can only be approved when the PIN is temporarily lifted from your account.

In order to be secure, you must freeze your credit at all three of the big credit bureaus—Equifax, Experian, and TransUnion. This can be done online or over the phone. Previously, the cost to freeze your credit ranged from $0 to $10 depending on your state of residence. A new federal law has made the process free. Click here to start the process of freezing your credit.

  1. Download a password manager

If you are still reusing the same password at various sites, break the habit by investing in a password manager. A password manager is a software program that stores all of your usernames and passwords for various websites in a secure vault. These passwords are protected with one master password—the only password you need to remember.

Password managers are very safe and offer you a way to have hundreds of unique without having to memorize any of them but one. Most of them can be synced on various devices so you can carry your passwords everywhere you go. Some popular password managers are Dashlane, LastPass, and 1Password.

  1. Back up your files

One of the best ways to protect yourself against a ransomware attack is by backing up your files. Ransomware is a type of phishing attack that contains a fraudulent attachment or link. If opened or clicked, the malware encrypts all the files on the machine and locks it so the victim cannot access anything. The attacker demands a Bitcoin ransom to get the files back.

To avoid paying the ransom (which may or may not work), keep regular backups of your files. We recommend following the rule of three. Your files should be in three places: your device, a cloud service (such as Dropbox, OneDrive, or iCloud), and an external storage drive such as an external hard drive. That way if you do fall victim, you can have the malware removed from your machine and re-download everything from one of your backups.

 

Cybersecurity shorts

Payment company used by thousands of state and local governments leaks over 14 million customer records. Government Payment Services Inc. (govpaynow.com) had a flaw in its website that exposed millions of records including names, addresses, phone numbers, and more dating back to 2012. The website is used by governments to collect payments for bail, traffic citations, and other fees. Security writer and expert Brian Krebs notified the company of the issue. The company responded that while it restricted access of this information to authorized personnel, it did not believe enough information was exposed to initiate fraud.

New federal law will allow parents to freeze their child’s credit report for free. Child identity theft has been a major issue for years and in the past, there was little parents could do to protect their children. A new federal law went into effect earlier in September that allows parents in any state to check the child’s credit report and place a freeze on it with the big three credit bureaus for free. Previously, only some states allowed parents to open and freeze a credit report for their child. You can visit identitytheft.gov/steps and click on Child Identity Theft for more help and information on how to place the credit freezes. 

Instagram begins introducing better security features. The social media platform has offered text message two-step verification for some time now. However, they did not allow users to use a third-party authenticator app to protect their account. In the coming weeks, users will be able to use an app such as Google Authenticator or Authy to protect their Instagram account. While this is a welcome improvement, many security experts remind users that the platform still has plenty of room for improvement regarding its security.

New scam targets homebuyers about to close on a house. This growing scam begins with criminals gaining access to a real estate broker or attorney’s email address through malware or phishing. Once they gain access to the professional’s account, they send an email to a client with new wire instructions for the down payment. Thinking they are sending money to the attorney, victims actually wire the money to a criminal. Often, the accounts are overseas and it's nearly impossible to retrieve the money.

Mobile spyware software leaks over one million sensitive records, including passwords, text messages, and call logs of customers. The program mSpy is regularly used by customers to spy on their children or partners. A security researcher recently discovered an open database on the Internet of mSpy's records. Anyone could access the records as they were not password-protected. This is the second breach suffered by mSpy.

Google Chrome browser extension, Mega.nz was hacked revealing usernames and passwords. Mega, a user-encrypted cloud service, says that a hacker uploaded a malicious version of its Google Chrome extension to the Google Chrome store. The fake extension asks for more permission including being able to read and change data on the websites users visit. The malicious version was removed from the Google Chrome store five hours after being discovered.

Despite being aware of cybersecurity risks, many fail to take basic precautions, says a new AARP Massachusetts study. The survey of Massachusetts residents discovered that nearly half of all adults had experienced fraudulent charges on their credit or debit cards but only 13% have frozen their credit. Forty-nine percent of adults shared that they reused passwords and over half failed a digital identity IQ quiz. The survey found that many feel overwhelmed. Two-thirds felt that it was inevitable that they would fall victim to identity theft.   

British Airway flyers beware—customer payment cards were compromised in data breach. The airline recently announced a breach that occurred between August 21 and September 5 of this year. The breach exposed nearly 400,000 payment cards. The company recommends that customers contact their bank or credit card companies.  Affected customers should be contacted by British Airways.

High-net-worth investors have many concerns about cybersecurity according to a survey conducted by Aon's Cyber Solutions. The survey found that over half of respondents either suffered a cybersecurity event themselves or knew somebody who did. Over three-fourths of those surveyed were concerned about cybersecurity risks in regard to their finances. More were concerned about cybersecurity-related threats than volatility or interest rates.

Wireless carriers team up for new initiative to authenticate you online. AT&T, Sprint, T-Mobile, and Verizon are working together to create an alternative to traditional passwords. "Project Verify" would get rid of traditional usernames and passwords. Instead, websites or apps would use data elements related to the customer's smartphone to verify their identity. While more convenient, security experts worry about the wireless carriers' abilities to correctly authenticate users.

Software Updates

Adobe: As usual, Adobe updated its Flash player this month noting the update as "important." If you still need to run Adobe Flash player, be sure it is updated to version CVE-2018-15967. If you do not regularly use Flash, delete it from your computer. It is a problem-ridden program and Adobe will discontinue it in 2020. You can read more about the update here.

Microsoft: Microsoft released updates addressing over 60 security issues this month. Some of the flaws were labeled "zero-day" which means they are already being exploited by hackers. Updates are included for Internet Explorer, Edge, Office, and other programs. Your devices should prompt you to update automatically but you can read more about the updates here.

Share |