Surviving the Wild West: Must-Do Cybersecurity Tips

Allworth Co-CEO Scott Hanson shares a few easy ways you can better protect your personal information (and money!) from criminals.

 

You probably know someone who’s been scammed out of money or had their social media hacked.

And, if by some miracle you don’t personally know anyone, you’ve surely read about the scourge of recent security and data breaches ranging from Equifax, to Twitter, to Washington state's unemployment system (more than $700 million lost via that program alone).

Incredibly, just in the first eight months of 2019, there were more than 7.9 million separate mass data record exposures (a 33% increase over the previous year), which have resulted in untold billions of dollars lost to fraud.1

Private individuals, corporations, small businesses, social media, the military, state and federal governments: The electronic world has become the Wild West, and everyone is in the line of fire.

What follows are 3 key aspects of cybersecurity and what you can do to help protect yourself from crime.

Yes, you should regularly change your password

Changing your passwords is a hassle, but please do it.

When a massive, third-party security breach occurs at a company you do business with (and they happen to have your Social Security number or one of your passwords), it’s just a matter of time before the criminals set their super computers to work probing your life so they can steal from you.

The reasons you should not only change your passwords regularly, but use different passwords for each account, include:

  • It keeps multiple accounts from being hacked
  • It halts the ongoing syphoning of an account (some hackers electronically steal just dollars or cents each week from millions of accounts at a time)
  • It stops the possibility of breaches stemming from information picked up from a long lost or forgotten computer, iPad, or cell phone
  • It keeps what are called “keystroke” loggers at bay. (One of the first forms of cybercrime, software can be attached to a computer that records every keystroke. Ever enter a password on a public computer at a library or Internet café?)

Trade in your passwords for 'passphrases'

According to at least one international cybersecurity company (Trustwave), the best way to protect yourself from hackers isn’t to come up with clever passwords, it’s to use longer passwords called “passphrases.”

If a sophisticated hacking operation sets its computers to figure out your password(s), they eventually will. What keeps you safest longest, however, isn’t the cleverness of the password - it’s the length.

Trustwave completed a study using two $5,000 computers with the goal of figuring out more than 600,000 private passwords. Get this: Within five minutes, more than 300,000 of the passwords were hacked. And within 30 days? 92% of the accounts were breached. (Meaning just 8% were never figured out.)

So, what was it about those 8% of passwords that kept the computers at bay?

Contrary to what we’ve long been told, the passwords that used upper-and-lower case letters, along with numbers and special characters, were no more difficult to crack than if your password was “Tom Brady.” The security firm found that the main difference in the amount of time it takes to hack a password is length.

It took the computers under four days to crack almost every password that was eight characters in length, even when the “gold standard” combination of numbers, upper-and-lower case letters, and special characters was used.

But the security company calculated that if someone uses a password (passphrase) that is, say, 28 letters in length, on average, it would take their $5,000 computers over 17 years to crack.

But who can remember a passphrase that is 28 letters long?

You can. Because it doesn’t have to be complicated.

While nothing is foolproof—and I’m not guaranteeing you won’t be hacked if you use a passphrase—an example of an extremely difficult 28-character passphrase to crack would be something as simple as: “Our house is third from the corner.” (Ourhouseisthirdfromthecorner.) 

Social media is the major criminal portal

Concerns about cybersecurity are justifiably driving people away from social media.

Just a few days ago, the Twitter accounts of Barack Obama, Bill Gates and Elon Musk were hacked. Why should this matter? Because, first, the hackers, tweeting as Bill Gates (and others), told followers that they would double any Bitcoin donations that they made to a fake account.

Another threat that social media poses occurs when you click on a link provided by someone famous, or by a friend (who’s been hacked), and that link allows the hacker to take over your computer, glean your personal information (often without you even knowing), and throw your life into chaos.

Besides the obvious risk to your finances, if you store personal information, such as photos, on your computer or phone, you risk embarrassment or even blackmail in the event you get hacked.

Social media is a key entry point for hackers. And when not properly secured, there’s simply too much personal information (your email address, mother’s maiden name, or your phone number) available, which is all these computers need to eventually access either your private or financial life.

So, for starters, what can you do to help keep yourself safe from hacks?

First (and this is but a partial list), update your antivirus software. Even if you make a mistake and click on a bad link and it allows some “super virus” in, it’s likely that you’ll know you’ve been attacked.  

Second, enact two-step verification on every platform (social media, financial, personal, etc.) that you use. (My two-step verification preference is to have the business entity send a five-digit code to my phone that must be entered before I can access my accounts.)

Third, double check your social media access to make certain that your phone number and email address are not available to the general public.

In closing, being part of the digital world means you are vulnerable. And protecting yourself takes time and vigilance. But as I tell my children, an ounce of prevention is worth a pound of cure. Taking the time to button down your cyberworld now and then could save you a lot of time, energy and frustration later on.

 

1 https://www.npr.org/2020/05/22/860682218/washington-state-hit-hard-by-unemployment-fraud

2 https://www.infosecurity-magazine.com/news/longer-password-harder-to-crack/#:~:text=Mixing%20upper%20and%20lower%20case,to%20new%20research%20from%20Trustwave.&text=%E2%80%9CWe%20recovered%20more%20than%20half,just%20the%20first%20few%20minutes.