This post was written by Firma IT. They're the IT and Cybersecurity Firm we use here at the office. They asked if they could create a blog post for our site and newsletter. We thought it was a great idea because one cannot be too careful today with cybersecurity issues. Here's their blog:
Cybersecurity -- It sounds like a term that comes from a futuristic 80s sci-fi movie, complete with neon lights and a synth-wave soundtrack, with androids policing your every move.
Cybersecurity is defined by the Oxford online dictionary as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” But what does that mean to you, the reader? Well, unless you literally live under a rock and completely off the grid, it means absolutely everything.
Because for those of us who don’t live under a rock, our lives are completely online, whether you realize it or not. And furthermore, your privacy is at risk. Every second of the day. Your phones, computers, cars, refrigerators, and even your security cameras. Those can all be hacked and the information sold to the highest bidder.
Take this scenario for instance:
Each day before work you enjoy getting a nice pick-me-up latte from your local coffee shop. This place doesn’t have a drive-thru, but you don’t mind. They have decent Wi-Fi, so you listen to some music and check your work emails while you stand in line. It’s a popular place, so it’s a bit of a wait. Because you come here so often, your phone automatically connects to their Wi-Fi hotspot.
Today is no different. You stand in line and decide to check your account balance to make sure you can afford your usual latte. You open your bank app and it asks you to sign in. Once you’re signed in you can see your balance and see that everything is good to go. You decide to close the app and browse your Facebook feed.
Later that day you get a call from your bank, and they tell you some money has been transferred out of your account and they thought it looked suspicious since the account numbers originate from Thailand.
The above example is one that happens quite often and is easily performed by hackers. But you ask yourself, how? What happened?
The hack is known as a “Man-in-the-middle” attack, using a “Rogue Access Point”. Without going into too much jargon, essentially someone walked in, placed a battery powered Wi-Fi capable device in a hidden spot and copied the name of the coffee shops Wi-Fi (SSID) and that device is overloading the correct Wi-Fi forcing it to reboot several times per hour. Because the Wi-Fi is being rebooted, your device (your phone) is looking for the connection to become available again and then connects to the wrong Wi-Fi (Rogue Access Point). Now that you’re connected to it, any information that you transmit over that signal is intercepted, including sensitive information such as your bank accounts password. That person then uses that information themselves or they sell it on the Dark Web for some untraceable Bitcoin. And that’s how you got hacked, while waiting in line for your morning latte.
So how can you prevent this from happening? There’re a few ways:
- Use a VPN (Virtual Private Tunnel). Imagine if you will that your personal information is a train. That train is on the open tracks in the middle of the country, viewable by any onlookers nearby. Everyone can see your train, how many cars it has and which direction it’s traveling. A VPN opens a tunnel in the ground and suddenly your train disappears into obscurity. No one can see your train, which way it’s headed or what its contents are.
A VPN does exactly this, obfuscates your private data by encrypting it so no one can see it, meaning if someone did see the info, it would be complete gibberish. And a good VPN offers multi-device support, so not just your computer/laptop are protected, but your phone is as well. There are multiple providers out there, and two of the best rated ones out there are NordVPN and ExpressVPN. There are a ton of providers out there and you should do your own research.
- Use a Password Manager. A password manager (such as LastPass), will securely store all your passwords, from your bank to your Facebook account. What’s great is that you never have to remember passwords again, because you should be using a different complicated password for every single login you have anyway (ahem). You just must remember one excellent password (no recognizable words with a mix of letters, numbers and symbols at least 14-20 characters long, or longer). When using your password manager, you never have to manually type in the passwords, and you can use it to store extra information as well, such as secure notes, and important documents. And no, the company providing the service can’t see your info either, because it’s completely encrypted front to back. Major companies like LastPass regularly have bounties for millions of dollars for anyone who can hack them. No one has yet been able to. And even if they were able to, they would also only see gibberish.
I hope that this information will help prevent you from getting hacked and your data stolen. In this day and age, we all need to be vigilant in the privacy of our data because the hackers are ruthless in their vigilance.
Written by Shawn Brandow, a Cybersecurity Engineer for Key West and Colorado Springs based FirmaITSS. For more information, visit https://firmaitss.com or call for a free Cybersecurity Analysis of your business at 719-377-6603