“It’s password protected,” he said.
What he meant was, “Nobody can get to it except me.”
Little did he know how wrong he was.
The password protection that comes with many programs (Excel and Office programs, QuickBooks, zip files, etc.) is pretty good at keeping you from ever getting your data again if you forget your password. But it isn’t going to keep someone else from getting your data if they really want it and they know how to do that kind of thing.
Using the password-protection feature to keep your data safe with most common programs is very much like locking your door and then leaving the key under the doormat while you are on vacation.
Also, don’t rely on the claim that the data are encrypted. The same thing applies. That encryption isn’t usually very good. There are strong encryption solutions out there. However, keeping data safe with them requires following all the rules and most people don’t know what all the rules are or how to follow them.
If you need an encryption solution, become informed from knowledgeable sources and learn how to implement it properly.
Don’t rely on the password-protection feature in your programs to keep your data safe.
Yesterday we talked about theft of laptops, cell phones, etc.
Perhaps you aren’t worried because you can always “Wipe” the device remotely, if it is ever stolen.
Feel pretty confident? You shouldn’t.
Sometimes the remote wipe fails.
I can make sure it fails. Good thing I’m not a thief. But I’m not the only one that can figure that out.
The lesson? Use the technology, but don’t rely on it.
Data theft can occur in the old-fashioned way, through the theft of your computer, or tablet, or phone. Not only are you inconvenienced and have to pay for a new one, all your data are now in the hands of someone else. And one of the reasons these devices are stolen in the first place is for the data they contain.
You can probably think of some common-sense measures to protect your equipment. But, despite that, thousands of laptops are stolen every day. Millions of phones are stolen each year. More phones may be lost than stolen. All those lost phone owners probably would have said they were careful with their phones.
I expect people are more careful with their laptops than with their phones. Yet the thefts occur. Sometimes the owner wasn’t being as careful as they could have. Sometimes, the thief steals it right out of their hands.
Learn how to protect your electronic equipment. Don’t forget those flash drives (a.k.a. USB drives, thumb drives, memory sticks). And keep an especially close watch on your laptop when you are away from home with it.
We like to hear from our friends. Hackers know that. So, they come to us disguised to look like our friends. Via e-mail.
I’ve been seeing an increase recently in e-mails that appear to be from someone I know, but that are actually from someone else. That someone else probably gained access to their address book, since they are sending out e-mails to lots of people that friend knows, pretending to be them.
They are not as thorough with their disguise in this latest variation as they could be, and that makes discovering their deception easier. But, it is still easy to be fooled, if you are not cautious.
Be alert to anything that doesn’t look right. Look carefully at the sender’s address. That may help you with this variation of deceptive e-mail. Unfortunately, next year’s variation may not be so easy to spot. Even the current ones can catch you by surprise. And they are catching a lot of people by surprise.
The biggest lesson?
Just because it says it comes from your friend, doesn’t mean it does.
Be alert to anything that doesn’t look quite right.
Yesterday, I wrote about the new chip cards and the fact that, while providing some protection against fraud when used with the PIN, they will not stop credit card fraud.
Today, I wanted to follow up with some practical tips you can use to limit your risks related to credit card fraud.
1. Check your account balances regularly. Report any errors immediately.
2. Have more than one card. Keep an extra card as a spare. Don’t use the extra card, except perhaps on rare occasion to keep it active. If the credit card you normally use at the retail store gets blocked because there was a breach at one of the stores where you use it, you have another card available to use.
This is especially important if you are traveling. Imagine you are in another state and about to pay for your hotel bill, or a meal. Your card is declined. You discover that there was a breach at one of the stores you use it at back home. They are sending you a new card which you will receive within 10 days. But, what do you do now? You are stranded.
If you have another card available, the situation just got a lot easier. You may have been able to work something out with the bank to pay that bill. But it would be a lot of trouble, and if you still had a couple days before you returned home, you still have a lot of additional transactions to deal with.
3. Have a low limit on your card. That way, if someone steals your credit card number, the amount they can charge to your card is limited to a low value. Since the banks are transferring responsibility to merchants with the new chip cards, if the merchants don’t meet all the necessary requirements of compliance, it may be harder or take longer to get your money back. By having a lower limit on your card, the amount that can be charged is lower and the amount that you have at risk is limited.
The new credit cards with the chip in them are being proclaimed as the solution to our credit card worries. But, just as we discussed over the last two days, the reality doesn’t match the claims.
These new cards will provide more protection from fraud when presented at a store and used in the chip-reading terminal if the customer enters their PIN.
However, fraud will still occur, even when using the chip.
In addition, these cards can still be used by the old “swipe” method. That defeats the security of the chip-and-PIN technology.
The data on the magnetic strip that is still on these cards can still be stolen just as it has been in the past. While it is harder to counterfeit the chip, it is not impossible. But one doesn’t even need to counterfeit the chip to use your stolen data. It could be put on an old-style card. But, what about phone orders or using your stolen data online? The chip doesn’t protect you against that.
The new cards put the cardholder at risk in a way that didn’t occur with the old cards. The banks may no longer protect you if fraud occurs. You may be able to get your money back from the merchant, but that may be harder to do than it used to be with the banks.
Banks and other sites like to ask you “security questions” to verify your identity when you log in. You must provide the same answer as you did when you registered your account or when you last updated your security questions. That’s supposed to verify that the person attempting to log in is really you.
As we discussed yesterday, the security solutions often relied upon to protect us often fail to do their job. That is the case with these security questions. They may keep out an amateur. But a skilled account cracker can probably still get in. And, if you don’t remember your answers, you might not be able to get into your account yourself.
There are ways to improve upon the way these questions work, to make them more effective. We talk about that in today’s extended tip.
The most important part of today’s “tip” is that ALL solutions have flaws.
We should not trust solutions to keep us safe. They can be effective as part of the solution. But if we rely on them and then believe we are now safe, we’re wrong.
Apply Good Solutions, But Remain Vigilant!
We are told to follow certain rules, to do certain things. If we do those things, it will keep us secure.
Did anybody check to see if those rules really make sense?
Are they actually working?
Often the rules are a good starting place. But we assume that, if we follow them, everything is good.
But it isn’t always so.
Today’s post is about getting us to ask questions:
Are the steps we are taking working?
Should we be doing more?
Should we be doing something else instead?
There are a lot of good ideas out there. And a lot of them are worth paying attention to.
But someone needs to make sure we are not just DOING THINGS, but that we are doing THE RIGHT THINGS.
What about your Social Security Number. How safe is that? Is it being kept safe? By You? By Others? Maybe we need to rethink how we use it.
The Internet is great. But, just like in a big city full of wonderful things to do, there are people who will take advantage of you. They will turn your innate curiosity, your desire to be helpful, and other good traits against you.
They prey on your fear and cause you to worry.
All this is intended to manipulate you. If they are successful, they get your money, information, and anything else they can.
They are good. Are you able to withstand them?
Phishing is the attempt to trick you into taking an action that will give the attacker access to your information or resources.
This used to be done by sending out a mass e-mail to as many people as possible. Some people would end up opening it. Today, that kind of thing still happens. You’ve probably received e-mails that say your bank account, or your e-mail, has been suspended due to a problem with the account. Or perhaps it is about a problem with a FedEx delivery. You are instructed to click on a button or link to resolve the problem. If you do, the bad guy has “hooked” you.
But a great deal of today’s phishing is much more sophisticated The person sending the e-mail has done their research and sends a very specifically-crafted and well-targeted e-mail to just one or to a very few people. It is so well done that it looks legitimate and is appropriate to the circumstances in the recipient’s life or work. The recipient may never suspect that it is malicious and that it can compromise their computer. Or, they may discover it, too late, after the “dastly deed” has been done.
Even a well-informed and cautious person can find it difficult to determine whether these well-designed phishing attempts are legitimate e-mails or are actually phishing attempts. But the first step toward not becoming a victim is to be aware of how sophisticated some of them are. That awareness might just give you the chance to question and then attempt to validate the e-mail before becoming “hooked.”