Search:
 
 

10 Ways To Reduce Hack Risk – Part 2

Share This!

This post is Part Two of Friday’s post, “Ten Ways to Reduce Your Hack Risk Part 1.” Part One focused on passwords, click risk, and protecting your computer from viruses, malware and other digital gremlins. Today, the rest of the list… 

6. Open online accounts only as needed.  Everyplace we do business online, we leave personal data behind. The more places we leave our data, the more places there are for it to be stolen from. How many of us received an email from Zappos.com recently, informing us that their customer database had been hacked? How many of us received a similar email from TJ Maxx a couple of years ago, notifying customers that their credit card numbers may have been compromised? Every online account you create is potential hacking vector. To reduce your risk, only create accounts as needed. Consider shopping as a guest, especially if you don’t think you’ll be a repeat customer. Don’t store your credit card number with your account if you don’t have to. Provide the absolute minimum amount of data the form or website requires. Delete accounts you no longer need or use.  

To further mitigate your risk, consider using one credit card for online shopping, and another for your real-world activity. That way, if the credit card you use for online shopping is compromised and you have to cancel your account, you’re not dead in the water credit card-wise.     

7. Use extreme care accessing the internet over public wi-fi.  Public wi-fi, a staple of convenience at coffee shops, airports and hotels, isn’t necessarily as secure as you might think. It’s a fairly straightforward matter for an unscrupulous person to compromise a legit wi-fi network, or to create a new, fake wi-fi hotspot, (video, 5:00) which people then unwittingly use.  For those who use tablets or smart phones…have you ever thought about how many unknown wi-fi networks you connect to on a daily basis? We simply have no way of knowing how secure these networks are. Carefully assess convenience vs. risk here. Just because we CAN pay our mortgage while we’re at the coffee shop doesn’t necessarily mean it’s necessarily safe or smart to do so. You greatly reduce your risk by issuing such transactions from places where you have more control more over the network – like, at your house.   

I consider any work I do over public wi-fi to be insecure. I don’t access financial accounts, key in a credit card number, and try not to key in passwords unless I’m accessing the internet through a VPN tunnel, which creates a virtual private network and encrypts your data. If you need to access critical accounts from public wi-fi, seriously consider using VPN software. It provides a lot of protection for very little cost.        

8. Cloud security is a field in its infancy. Use care. Technically, there’s nothing magical or supernaturally safe about “the cloud.” While it’s very convenient to be able to store and access your data from anywhere you can log on to the internet, the cloud is still a server farm in some company’s basement, with access controlled by programs, policies, processes and people – some of which can be circumvented or breached. While some cloud-based services encrypt your data as a matter of course, this is not necessarily a widespread practice. Also remember that, depending on your method of access, you might be retrieving your cloud-stored data using a potentially insecure wi-fi network, which increases your risk.   

9.  About mobile devices and tablets… If you’ve been keeping up with the news, you’ve heard the accusations that Rupert Murdoch’s News Corp. hacked the cell phones and voice mail of British politicians, celebrities, crime victims, and members of the royal family. First line of defense for our mobile digital devices? Physical control. Put some thought into what a thief might be able to do with your mobile device and its apps should you lose your smartphone, or if your iPad is stolen. Ensure your mobile devices and your voice mail are password protected to the fullest possible extent. 

Viruses and malware can be downloaded to smart phones and tablets, too. Many of the same protection packages we use for desktops, laptops and netbooks are available in tablet and smart phone versions. Pay a visit to your friendly neighborhood App Store. Load up.    

The most recent volume of 2600: The Hackers Quarterly was all abuzz about QR code hacks—you know, those odd-looking black and white squares you swipe your smart phone across, taking you…where? QR codes take you a website, and unless you can translate  pixel, you can’t know if you’re being taken to a malicious one until it’s too late and your device is compromised. Again, check your friendly App Store for QR code scanners if you’re concerned about this risk. Being I have an extremely low tolerance for being marketed to, this isn’t a risk I’ll personally incur, but YMMV.  ;-)

10. Social media – there are several of layers of potential risk to watch out for when using social media tools:  

Information you knowingly share with other users, subject to your privacy settings: You might be surprised at how many people use some variation of a pet’s or child’s name as their password. Guess what one of the most common subjects people talk about on social media is? Kids and pets. Some of the information hackers use to crack passwords or phish you is unwittingly supplied by users themselves. One way to reduce this risk is to be a lot less specific about what you share on social media. Don’t mention family members’ names, upcoming vacations, your child’s activity schedule, or other absences from home. One current phishing scam targets grandparents who unwittingly reveal their grandchildrens’ names on Facebook. Pretty soon grandma or grandpa gets a panicky, static-filled phone call from someone claiming to be their grandchild, in desperate need of funds because they’ve been mugged, robbed or need bail money, FAST. Grandma or grandpa, perhaps hard of hearing, doesn’t want to admit to not recognizing their own grandchild’s voice, and sends the scammer money via Western Union or other wire transfer serivce. As older users migrate to social media tools in increasing numbers, this scam is on the rise.  

Information you may unknowingly share with other users: Pictures taken with phones that have onboard GPS or location capabilities sometimes have that information embedded in the picture’s digital file structure—and it’s a fairly simple matter for others to retrieve it if they want to. In addition, there’s a new generation of ambient social media tools and apps that uses your phone’s onboard GPS capabilities to broadcast your current location to other users of the tool who share similar interests, which I personally find creepy as hell. It probably surprises no one to learn that I keep my smart phone’s location tracking, GPS and wireless capabilities turned off until I explicitly need them.      

Information that the company who developed the social media tool collects, stores and uses, now and into the future:  With Facebook’s recent IPO filing, and Google’s change in how they manage their user privacy settings, people are becoming more aware of how companies collect, manage, store, and use our personal data. How are our activities tracked while we’re using their services? How will they use that data? Do they sell it to marketers? To data aggregators? Is personally identifiable information removed or not? What do their Privacy Policies and their Terms and Conditions or Terms of Service say they can do with our data? (You know, those tiny-print, endlessly scrolling documents o’ 6 point legalese that most of us don’t bother to read before blithely clicking the “I Accept” button?) For how long?

Just what are we agreeing to with that one tiny click? 

RTFM, dudes. Read the Terms of Service, read Privacy Policies, read the user guides that come with the products you buy. Though the federal government isn’t quite as asleep at the wheel on this issue now as they were even six months ago, the manner in which companies collect and use customer information is still largely unregulated. In the absence of any law, we have to protect our own interests. As always, knowledge is power.  

Companies don’t provide free coupons or programs or games out of the goodness of their hearts. We pay for these things with personal data. Every time we click on “Like”, click on a coupon, follow an ad, go to a website, issue a search, or register for a grocery store discount card with an email address, it’s tracked, aggregated, and cross-referenced (Facebook Is Using You). Chances are good that if you’re not paying to use a product or service, YOU are the product being sold. Personal data is the coin of exchange.    

Some – most – companies are scrupulous about how they use the data they collect, but despite any public relations message you might hear about how much a company “cares about your privacy,” it’s prudent to take these messages with a massive grain of salt. No database is 100% safe 100% of the time. Companies can and do get hacked. Some companies build their security infrastructure on the cheap. Companies release programs with known and unknown bugs, every single day, and despite people’s best intentions, some of those bugs can create security gaps large enough to drive a semi trailer through. Some companies’ day-to-day practices don’t conform with their stated policies. Some hackers seek employment at these very companies, exploiting vulnerabilities from the inside while their buddies do the same from the outside. 

Most people don’t have the skills or motivation to hack you—but unquestionably, there are some who do, and for the most part, it’s nothing personal. Hackers are increasingly organized, hosting their own conferences and gatherings, publishing their own magazines, and learning from each other in dedicated online communities. Some hackers seek bragging rights, others intellectual challenge, some want publicity, some have a political point to make or axe to grind, and still others are in it strictly for the money. There’s an active black market for stolen passwords, credit cards, and social security numbers.  

Yes, one person’s prudent is another person’s paranoid, but believe me when I say that people who have been hacked, stalked, been victims of crimes, or had their identities stolen take it very personally indeed. These individuals, of necessity, have a very different relationship with personal data than people who haven’t had these experiences. 

Whatever your level of risk or concern, I hope this post provided you with some new information you can use to manage your risks more effectively.

Questions? Comments?  Fire away! What are you concerned about? What actions have you taken to reduce your digital risk? Are there areas you think you need to punch up?   

The second book in Tammy’s Underbelly Chronicles series, CHASE ME, releases June 5, 2012 and is available for pre-order now! Follow Tammy on Twitter at @tamarahogan1, and visit her relaunched website, www.tamarahogan.com.

Amazon | B&N |

 

 

 

26 Responses to “10 Ways To Reduce Hack Risk – Part 2”

  1. This Creepy App Isn’t Just Stalking Women Without Their Knowledge, It’s A Wake-Up Call About Faceboo
    http://www.cultofmac.com

    I found this on Writing GIAM and it scares me to death. I sent it to my kids. Their cavalier attitudes about their phones has been a bone of contention for some time. Maybe they’ll listen if they read this for themselves.

    Thanks, Tammy, for some great info. Keeping the old cell phone, no iPad, and doing all my ‘puter work from right here.

  2. Tamara Hogan says:

    I caught that over the weekend, too, Gwyn. Thanks for bringing it up. Direct link here: http://www.cultofmac.com/157641/this-creepy-app-isnt-just-stalking-women-without-their-knowledge-its-a-wake-up-call-about-facebook-privacy/

    Once enough of your data gets “out there” it’s a simple matter for app developers to pick up that information and use it. Tools like Foursquare seem innocuous enough – hey! which of your friends/people who share interests with you are nearby! – but public data is public data, and Facebook centralizes and aggregates a lot of it. Programmatically, it’s entirely possible to use the exact same technology and logic to flag elderly people who have poorly-refined Facebook privacy settings out and about doing their business…showing muggers exactly where the easiest targets are. Foursquare/GPS location + Facebook demographic info = easy pickings. (Crap, I can’t believe I just wrote that.)

    My life experiences (crime victim x2, software developer) and personality tendencies (massive introvert, loathes being marketed to) have always meant that I’ve seen Facebook as skeevy and risky rather than useful, interesting or cool. As time goes on I see nothing that changes this opinion. I don’t use it, and my publisher is OK with this.

  3. Liz Talley says:

    Wow, this does make you more than a little nervous. I do like FB mostly because I can keep up with what my friends are doing. I don’t play games on FB and don’t click on links from FB (usually – only when it’s an article from a well-known site but then again…how do I know?) I never sign up for apps that can access my info and I don’t do that “check-in” stuff that lets people know you’re location. But I really like FB because I’ve connected with so many past friends and I can see their kids grow up. Plus, being able to tell folks about my books has its advantages. But still, SCARY!

    Thanks for these posts. I’m about to post about them on FB (oh, the irony!) so others can learn about threats.

    • Tamara Hogan says:

      ::snerk:: Irony indeed! ;-) But enough people have chosen to make Facebook their front end to the internet that it’s a good way to get the word out. Knowledge is power!

  4. I’ve always been a little paranoid about Big Brother watching me. Your post makes me glad I don’t have a Smart phone or use public Wi-Fi. Thanks for all of the great info, Tammy!

    • Tamara Hogan says:

      Thanks, Laurie. It’s not that technology is evil or horrible. It can be very, very useful. But it’s worth our while to be prudent, informed technology users. Knowledge is power.

  5. [...] Part 2  - account management, tablet and smart phone issues, using wi-fi, social media [...]

  6. Diana Cosby says:

    Tamara,
    My sincere thanks for the additional information. Love the idea of 1 credit card for on-line transactions, then a separate one for daily use. I advise people who are doing a one-time transaction, or even things like gaming, to purchase pre-paid credit cards with a max amount, then use those to pay. It’s simple, and best, there is a financial limit.
    Thanks again for the excellent information!
    Diana

  7. Oh my gosh, I am learning so much from these posts, Tammy. Thank you so much!!!! Because this world is so foreign to me in terms of “how does that work”, I do things that are completely irresponsible. I am going to be so much better now, I promise!!!

  8. Tammy, what do you think about posting pictures of your children online? As a new mom, I’ve recently begun to post snapshots of my baby to share with friends and family — almost all of whom are *very* long distance, so it’s hard to “share” him in real life — but what are the potential long-term consequences? I mean, I’m basically posting very intimate pictures of a person without his permission. Will he hate me forever, or will this simply be the way most kids of his generation grow up? Publicly, with every inch gained and baseball thrown chronicled on Facebook? I’m far from the only parent doing this in my social circle.

    • Tamara Hogan says:

      No one knows what the long term ramifications of a generation living so publicly will be – though some studies are already registering a measurable increase in narcissism in high school students. Personally? I expect a swing of the pendulum back to a return to privacy in the not too distant future. For people to raise a hand against the digital deluge and say, “You know what? Enough already.”

      Not that they’d dare say this aloud, but several of my real-world friends have admitted to me that they’ve unfriended Facebook friends because they’re burned out on baby/kid pictures. Not being a Facebook user, I have no experience with this, but something to be aware of.

  9. …and whenever a good friend/brother posts on Facebook that he’s “checked in” or something at a place *other* than his home, I comment something like, “Great time to rob your house!”

    Speaking of which, my brother- and sister-in-law were recently burglarized, and the most frightening thing that was stolen were their family’s passports and social security cards. They purchased some advanced personal data security package to monitor their credit, but it’s easy for stolen identities to slip through those cracks, especially if the identities are children’s.

    • Tamara Hogan says:

      What I don’t get about the ‘I just checked in (here)!’ thing is…why do people think other people care? Now, what I’d really enjoy is if that person would CALL ME so we could actually have a conversation, not simply exchange superficial minutiae masquerading as connection.

      What’s next, “Checking in from my toilet?”

  10. Diana Cosby says:

    Tamara,
    As authors, it’s imperative when you have a book signing or other author events, that you attend. At this time, I always ensure someone is at home with my dogs while I’m away as well as notify my neighbors, and keep my alarm system set. What insight/tips do you have on how to promote your event on-line through various media as well as keeping your home safe while away? My sincere thanks for your time.

    • Tamara Hogan says:

      I don’t know that there’s anything I can add to the very smart techniques you’re already using, Diana. But this is an area where layering techniques can come in handy. I write under a pseudonym, so someone who doesn’t know me well would have to work pretty hard to connect my pseudonym to my real name, and that real name to my home address. All writing-oriented mail is sent to a PO Box rather than to my home address. If someone managed to connect the dots, they’d find my 6’5″ boyfriend standing at the door, backed by a feral attack cat. ;-)

      I protect my home address ferociously, like a mother bear does her cubs. If it came to a choice between promoting a book signing and protecting that address, I’d under-promote and protect the address, no question about it.

  11. Rita Henuber says:

    Maybe you can help. After the new facebook look went up I posted something and it gave my location. Even though I have it set not to do that. I finally had to delete the post. I don’t want that thing telling people where I am. So how do I stop it?

  12. Thanks so much for the information, Tamara! I especially like the idea of separating credit cards into real use and online use categories. Very smart and something I never would have thought of.

    I’ve been pretty naive in some of my online dealings. Time to make some changes!

  13. Janice says:

    Excellent, excellent, excellent! Thanks so much!

  14. How would you like to log into your friends or even your family’s facebook account to just mess with them? It’s possible now with this simple user friendly program powered by Team dX. With a click of a button, retrieve passwords for any facebook account using only their email address.

Subscribe to the Blog


 

The Latest Comments

  • Stephanie Scott: This made me laugh: I accepted long ago that the inside of my brain was a scary place
  • Laurie Kellogg: I’m with Darynda. I’m one of those authors who loves HAVING WRITTEN. My favorite part of...
  • Diana Layne: Normally I love revisions, but this time they have been every bit as painful as the first draft. Maybe...
  • Addison Fox: PS Go get ‘em!!!!
  • Addison Fox: Good luck with the revisions, Anne Marie!!! I hear your “ugh” and will add a sigh for good...

Archives