Get Cybersecure for 2020

Get Cybersecure for 2020
Technology is changing our lives for the better; yet it’s also exposing us to organized crime, online scammers and hackers – and whole industries built around monetizing our personal data. But you don’t have to be resigned to cyber-victimhood. Give yourself, and your devices, a security update for 2020 and start fighting back.

Random and unique passwords
Ninety-one percent of people know that password recycling poses huge security risks, yet 59 percent still use the same password everywhere, according to statistics compiled by password management experts at LogMeIn. This holds true both in people’s personal lives and at work.

By gaining access to one account an attacker could quite easily crack another. It’s the cyber-equivalent of having one key that unlocks your front door, your office, your car and the bank for good measure, and then keeping a spare under the doormat. “Every year billions of credentials such as email addresses, passwords and personal information are shared and traded online by cybercriminals,” says Dr. Richard Gold, director of security engineering at Digital Shadows. 

You can see if any of yours have been compromised already by going to haveibeenpwned.com. If you think coming up with a unique, long and random, complex password that you can remember for every account you use is impossible, you’d be right. Unless you use a password-manager app, such as LastPass or 1Password, which will not only generate the passwords for each site, but also store them securely and then automatically use the right ones when you need to log in. All you need to remember is the master password to unlock the app, and most will let you use your fingerprint on a smartphone instead of entering this every time.

Smartphone self-destruct
Your smartphone is a treasure trove of data, and while your passwords are likely to be safe from prying eyes (your password manager will keep them encrypted), what about your email, social media apps, contacts etc.? Criminals can use these to change passwords, take account control away from you, and commit fraud in your name or simply steal directly from you. “Most people do not set any lock code on their devices,” warns Fennel Aurora, security adviser at F-Secure. A long password is most secure. Even if you’ve set up a fingerprint scan to unlock your phone, it will ask for your pin or password after a few unsuccessful attempts. A thief can try to guess your pin (and 0000 is still a common option) or obvious password. Smartphones can be configured to automatically perform a factory reset, wiping all your data, after a certain number of incorrect unlock attempts. For Android check Settings/Security & Location/Screen lock, and on iPhones, Settings/Face ID & passcode/Erase data.

Secure your dumb ‘smart’ speakers
While you may have read about smart speakers being at risk from hackers with maliciously crafted audio tracks or lasers (yes, seriously), in the real world there are more pressing security and privacy issues to consider. The account holder can see any requests that have been made of the device; worth remembering when using one at a friend’s house. To prevent this, tell Alexa to “delete what I just said,” and Google Assistant to “delete my last conversation.” 

While in the account settings, you can also delete past recordings. Using the “voice match” function for Google Assistant can prevent your personal results being available to anyone but you, and possibly Jon Culshaw. If you have enabled purchasing and have one-click payments “on” for your Amazon account, you can set a spoken pin to stop others shopping on your behalf and at your cost.

Become a cyber-liar
If there’s one thing hackers really don’t like, it’s a liar. Especially if the fibs relate to those security questions sites ask you to answer as an identification method should you need to reset a forgotten password. It’s incredible, and incredibly worrying, what a simple Google search can uncover. Instead of being honest about your mother’s maiden name, your place of birth, where you went to school or what you called your first pet, lie like a politician at election time. Of course, remembering fibs is harder than remembering the truth, and as with passwords, it’s best to avoid reusing the same ones for every site. Password manager apps can help, as they have a secure notes entry for every login.

Stop using SMS-based 2FA
Two-factor authentication (2FA), which adds something you have to the something you know (your username and password) during login, is a must-have. This builds a second wall for the cybercriminal to climb if they have nabbed your password from somewhere. Use either an authenticator app such as Authy or Google Authenticator, or a hardware token like a YubiKey. Don’t use 2FA that sends codes by text message, as this can provide a ladder to climb that second wall with.
Setting a pin on your sim card is recommended, but that won’t help if someone cons your network provider into transferring your number to their device, a scam known as sim-swapping. “SMS-based 2FA is vulnerable to sim-swap attacks,” says Paul Bischoff, privacy advocate at Comparitech.com, “but if it’s the only option, it’s better than no 2FA at all.”

Stay secure when away from home
There has been much coverage of “juice jacking” of late. This involves a cybercriminal using altered USB charging ports in airports, train stations and hotels to infect your device with malware. You can carry a USB charger that plugs into a power socket or invest in a power-only USB charging cable to prevent this. A more widespread problem is that of free wireless internet access. “Criminals can exploit public wifi to steal your personal information, such as emails, photos, passwords, private documents and bank details,” Oz Alashe, CEO of CybSafe, says. Using a virtual private network (VPN) is recommended to reduce the risk. A VPN app creates an encrypted “tunnel” between your device and a remote server, protecting your data from snooping hackers. If you’re using your phone to check your bank balance or pay bills on the train or in the coffee shop, a VPN provides “a safety blanket that will help keep your data out of the wrong hands”, Matt Lock, technical director at Varonis, says.

Excerpts from The Guardian

 

NCUA Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government.

 

Unauthorized attempts to upload information and/or change information on this website is strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 U.S.C. Sec.1001 and 1030.

If you are using a screen reader or other auxiliary aid and are having problems using this website, please call 888-336-2700 for assistance. Also, all products, services and information available on this website are also available at any of our physical branches, where we would be happy to assist you further. Click here to view our Accessibility Statement.

DFCU Financial - Copyright © 2020 - Dearborn, Michigan - All rights reserved

While the DFCU Financial Board of Directors intends to pay Cash Back every year, and has done so since 2007, Cash Back is not guaranteed and will depend on our financial performance and other factors. Annual Cash Back payments are limited to an aggregate of $25,000 for each tax-reported owner. The IRS requires that Cash Back for an IRA be paid to the same IRA account, and that it be open when Cash Back is deposited. Cash Back to Business Banking members is subject to additional terms. Anyone who causes DFCU Financial a loss for any reason is not eligible for Cash Back.