The Target holiday season breach took the internet by storm in the first weeks of the new year. With as many (or more, depending on reports) than 70 million users affected, consumers across the country seemed to collectively wonder: what, if anything, can be done to protect my account security?
Recently, NetStandard CTO John Leek spoke to Fox 4’s Katie Ferrell on how consumers—and business owners—can mitigate the risk of breaches, hacks, malware and other cringe-worthy side effects of cyberspace. If you missed his original interview, here are a few of the highlights:
Ransomware is a class of malware that restricts access to a computer system and demands a ransom paid to the creator of the malware in order for the restriction(s) to be removed. The most common culprit of late is CryptoLocker. “Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion), which prevents user access to data,” says Leek. “Some may simply lock the system and display messages intended to coax the user into paying. In some instances, the ransomer has claimed the user violated a law and must pay a fine.” In June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013—more than double the number it had obtained in the first quarter of 2012.
On Protecting Personal Information
John Leek offers the following advice for protecting your personal information:
- Use long and complex passwords when accessing websites that contain personal information. “Note that it doesn’t have to be hard,” Leek says. “For instance, Iwatchfox4new$at6 would be both complex and safe.”
- When you sign into sites containing personal information, ensure that access is via “https” rather than “http.” Often, https sites will show a lock in the browser’s information window, like this:
- Install and maintain current antivirus software on your computer, phone and tablet.
- Encrypt drives, phones and other devices to protect shared data stored there.
- Ensure your desktops, laptops, tablets and/or phones are patched and current with the latest updates—this includes any browsers you may be using.
- Don’t open any unsolicited emails, even if they sound official.
- If you do open an unsolicited email, don’t click on any links in the email. Clicking can cause you to install keyloggers, Trojans or other malware on your machine.
- Do not fill out forms in emails or email personal information to anyone. Email is NOT secure.
- Monitor your accounts often to ensure there is no unusual activity. There are also services that can monitor your identity.
- Report phishing emails to the entity being spoofed and to email@example.com. You can also report phishing emails to the FBI or FTC anti-phishing task force.
On Securing Mobile Devices
“Encryption stores your phone’s data in a scrambled form,” says Leek. “When you power on your phone or tablet, you’ll have to enter the encryption PIN or password, which would be the same as your phone’s lockscreen PIN or password. Your phone or tablet uses your PIN or password to decrypt your data, making it understandable. If someone doesn’t know your PIN or password, they can’t access your data.” To encrypt your mobile devices, Leek recommends the following steps: iPhone: Click on the “Settings” icon, then click General>Passcode Lock>Require Passcode. Set passcode to “Immediately.” “Even a simple passcode with a four-digit key will significantly decrease the likelihood of someone taking your phone and stealing your private information,” says Leek. “The iPhone will automatically encrypt important data.” Android: Click Settings>Security>Encrypt Tablet or Encrypt Phone. A pattern lock is important to ensure access is limited to your phone. Android will completely encrypt the media used in the tablet to prevent stealing data.
If You’re Already Infected
If your PC or laptop is infected, this antivirus website can help: http://housecall.trendmicro.com If you believe you might have malware on your machine, you can find help at www.malwarebytes.org. “It’s important to use reputable software providers, as there are a lot of desktop emails that advertise that they ‘optimize’ your PC’s performance,” Leek says. “But please don’t click on these emails, as many of them are just more malware.” Reputable sites include: McAfee Trend Micro Symantec AVG