How Secure is Your Internet of Everything?
What comes first to mind when you think about security? Your family? Your home? Your business? Your vehicle? Your email account? What about your credit cards or bank account? And growing most recently — your fitness tracker containing health data?
Technology has progressed so rapidly in the past 10 years that most of us don’t give much thought any more to how vulnerable our personal data really is. How exposed is your Internet of Everything and what can you do to quickly reduce your risks?
This is your credit card fraud department calling…
Has this ever happened to you? “This is Capital One fraud detection calling. Am I speaking to the card holder? Please verify your name and home address. Do you have possession of your card? Good. Did you use your card to make a purchase for $99.00 at a clothing retailer in southern California? Did you make a purchase at a shoe store 20 minutes later for…” and on the phone call goes.
Your heart sinks, you immediately feel violated. “Wow!” you say. “How could someone get my card number? I shred all of my private information!” And of course you have really secure passwords on all your accounts, right? Or do you?
Fraud is costing you, even if you haven’t been directly hacked yet
There have been numerous widely publicized security breaches in the United States in recent years: Target, eBay, Home Depot — and then there was that huge hack into Sony Pictures. Add these all up and over 100 million Americans have been impacted in some way by these violations.
According to a study by LexisNexis, merchants spend $3.08 for every $1.00 in fraud – that’s a 33% increase over the prior year. Guess who pays for that? Yep, you and I, in the form of higher prices and fees.
Take control of your personal data security
Here’s a quick Top 10 list for what you need to do right away to reduce your likelihood of becoming a victim of fraud at your home or work:
- Use random word strings, and change your online passwords frequently.
Most security breaches occur because people either leave the default password or use something that is easily learned about them. Always avoid using children’s or pet’s names, birth year or year of graduation. Conventional wisdom for years had suggested we use a string of characters that combines UPPER CASE, lower case, numbers and special characters (-_!#$%^&*+~?). But the current best practice is to use long strings of random words. The more random the choice of words, the better (not five words that make a logical sentence, because bots can attempt those incredibly rapidly) — in fact there are “diceware” tools that will help you generate memorable word strings using completely random words. And each new word you add exponentially increases the difficulty of hacking the passphrase, so experts recommend seven words or more.
- Use a password locker app instead of those sticky notes.
Have you ever walked by someone’s desk and seen that little yellow sticky note on the lower part of the monitor? OK, point made. There are numerous apps out there for computer, mobile and tablet use. When you implement this “Top 10” you will definitely need a password locker. I personally have over 100 different passwords. Many people find LastPass to be a good solution. Of course your password for the locker has to be super secure, random and memorized.
- Always use different passwords for each account.
What’s worse than having your credit card account hacked? Having your bank account, email, Facebook and other accounts hacked as well because they all use the same password.
- Change your security answers.
Some accounts have password recovery features that use security questions. You’ve seen them: “What is your mother’s maiden name?” “What was the make of your first car?” “What is the name of your favorite pet?” A quick look at your Facebook page could easily reveal many of these. It’s most secure to put a bogus answer in these. For instance, if your favorite pet is “Lassie” put something totally unrelated such as “Water” and be sure to record these in your password locker so you can recall them later.
- Use virtual credit cards online.
If your credit card company supports it, use their special on-line, one-time use card numbers.
- Change your Wi-Fi login.
Your Wi-Fi came with a default password from the manufacturer. It’s probably a really complicated, really long combination of alpha-numeric characters that no one could ever possible guess – right? But did you shred the box it came in because that usually has a label with all the particulars printed on it? What if an unscrupulous neighbor or someone in your apartment building picked it out your recycle bin? Are you sure the cable installer didn’t take a quick cell phone pic before they delivered it?
- Change your Internet router admin password.
Most routers come with a default admin user ID and password. Often it’s as simple as “Admin” and “Password.” Really! And there’s even a website dedicated to helping you find yours. This is great if you’re locked out – but not great if someone’s trying to hack into your home network.
- Enable your cell phone auto screen lock and remote “kill switch.”
You’ll never lose your most trusted and treasured personal digital assistant – or will you? According to Consumer Reports, 3.1 million cell phones were lost or stolen in the U.S. in 2013. That’s almost 6 phones every minute, round the clock, every day – just in the U.S. At least if you do lose it, you can prevent unauthorized access to all of your data with the lock screen. And I hope it goes without saying – prevent a “double whammy” and keep your phone automatically backed up to your service providers cloud backup site or to the Seagate Personal Cloud.
And to include a couple of storage related recommendations:
- Change your home or business NAS remote access password.
It’s a really wonderful productivity boost to be able to access your files anywhere, anytime worldwide. Your entire family can play your full digital library, view photos and back up multiple devices. Sales people can access marketing literature, most recent pricing and even enter orders from remote. But you really don’t want a hacker getting into your private data like they did with Sony Pictures.
- Protect your data “at rest.”
Seagate IronWolf drives for NAS, SkyHawk drives for security and surveillance systems, and Enterprise hard drives, as well as some Seagate laptop and desktop drives are available with Self-Encrypting Drive (SED) technology. SED uses an industry standard encryption management algorithm to protect data – even if the drive or the device it’s installed in is lost or stolen. For those who want to know all the particulars, here is an in-depth FAQ paper about drive security.
Hiding in plain sight
It’s been said “those who fail to learn from history are doomed to repeat it.” Past data breaches have shown that most often it’s the “human factor” that is the weakest link in any security system. Prevent your data from “hiding in plain sight” by taking action now to protect it. Implement this Top 10 today and save yourself the inconvenience, interruption and expense of a personal or business data security violation.