With scams rampant, the internet can be a dangerous place, but it need not be if we all take the proper precautions.
Earlier this month, Pierson Clair, a digital forensic examiner and technical security expert, spoke to businesswomen at a Key Private Bank luncheon on how to protect personal and business information from cyber threats.
Clair, a faculty member at the Viterbi School of Engineering at the University of Southern California, said online threats are changing every day. People need to slow down and look skeptically at emails and phone calls when they seek personal information.
The source may be fake, but the threats are real.
“The joy of the internet being a connected world also means you need to be a little more judicious about what you click on,” Clair said. “… It all comes down to, when you get an email, when you get a phone call, take a step back and say ‘Is this actually what I think it is? Or is this somebody trying to take advantage of me.’ ”
Q: How paranoid do people need to be these days?
A: The world of the internet is an unfriendly place. Nobody is going to look out for their own best interest other than themselves. And if you are clicking on every email you get, chances are you no longer have control of your computer because it’s some not-so-nice person somewhere else around the world who now actually controls your computer. That may mean that they have access to your financial resources. They may have access to your email. They can become you.
Q: What is the most common mistake a small-business owner makes around cybersecurity?
A: So many breaches now are a result of people either doing something or they didn’t do something. They didn’t do something was, we didn’t run the updates. We didn’t move to a newer operating system which has additional security features. We didn’t enhance our network security. And these all form what we refer to as layers of security. The more important the asset is that you’re protecting, the more layers of security and the better security surrounding the data should be. People like to trust people, and unfortunately in our connected world, there are many people out there that are less than trustworthy. Really what it boils down to is an additional validation or verification process for not just businesses but also anybody. It’s picking up the phone and calling them and saying “Hey, this seems a little strange.” People appreciate that extra touch, “Thanks for making sure” or “No, I didn’t send that email.”
Q: People are told to not use the same password on multiple sites, so we start to keep our passwords in a list or a vault for reference. How do you think people should be storing their passwords so they don’t use the same one everywhere and so it’s going to be the most secure?
A: For any account that controls some part of your identity, whether that’s financial accounts or a bank or brokerage account, whether that’s any of your email accounts, social media, any type of cloud file storage or backups, and your household or business utilities. Those all need to use unique and complex passwords. There are many different commercial password management tools which will create a secure and encrypted container inside of your computer, or inside of your phone, whereby you use that fingerprint and/or PIN to get in and then to decrypt that password management container.
Q: How or where should you store passwords for a loved one if something happens to you?
A: For so many people, social media and their online emails become their online identities. So whether you share that master password to your password manager or you write that master password down and put it (in a safe place). I’ve worked particular cases where things like that happened, this person passed away and unfortunately passwords had not been shared and so laptops, hard drives were all totally irretrievable because they were well-encrypted and there were no passwords shared.
Q: How do you explain to kids, who think they know about everything, what they should share and not share?
A: The challenge really becomes, nothing is ever deleted. Whether that’s on your computer, whether that’s on Facebook, whether that’s on Instagram. Even if it says it’s deleted, it’s probably still recoverable. Whether that’s recoverable off a computer by a digital forensic examiner, or recovered out of Facebook or Instagram or any of those services by some court process. It becomes this very big challenge of creating a secure environment and not sending pictures. Not sending texts. Not sending things that might get you into trouble later. It’s a very interesting parenting conundrum. Before the internet, if you did something less than intelligent, chances are it wouldn’t be Googleable 20 years later.
Q: If there are three things people should start doing today, what do you think they should be?
A: One: slow down. So many people get caught up in clicking on emails, clicking on links, because they are just moving too quickly. Two: Practicing good cybersecurity hygiene, is not only for you, it’s also for everybody who’s around you. For those people you communicate with on a daily basis, whether they are friends, family, customers and so by protecting yourself, you are protecting all of the people who are important to you. Three: Choosing good passwords, strong passwords and unique passwords. And I’m going to give you No. 4: When your computer says “run an update,” when Microsoft or Apple says inside the operating system says “security updates are available,” run them. Because those are there to protect you. The inverse of that is when your web browser pops up with an advertisement that says “your computer has been hacked” or “your computer is infected” that is purely an ad that has nothing to do with your computer’s security. There is this continuing challenge of “if some updates are good and some things that say they are updates are bad, what do I do?” It goes back to being vigilant. Slowing down. Reading carefully and making sure that what you are clicking on is what you think you’re clicking on.
Don’t become a victim
Avoid becoming a victim of online scams with a few tips:
Use two-factor authentication. That means logging into accounts with a password, and another method, such as a code that your phone generates.
Use a password manager. We should not use the same password for all of our accounts. Programs like LastPass, 1Password and KeePass can help you keep your passwords safe and can automatically generate unique passwords for you. You only have to remember one password to access that account.
Run operating system software updates. Those updates are in place to prevent hackers from taking advantage of vulnerabilities in software code.