The Latest Big Hack

hackThe last two years have been two of the biggest in terms of “big name” hacks.  The Target credit card scandal and the Sony Pictures scandal have been two of the biggest headlines of the past couple of years.  Thousands upon thousands of people had their information stolen and compromised.  I was one of those people who had a credit card number stolen in the Target breach, but it wasn’t until months later that a criminal used my card number.  Thankfully AMEX is very good about fraud protection and we were able to stop the card before too much damage had been done.  I wasn’t liable (thankfully) for the almost $700 worth of charges that the criminal had racked up in about 30 minutes.

The latest hack on a government network is also very dire looking.  The Office Of Personnel Management (OPM) has said that over 22 million records have been stolen, and that “Everyone who works or has worked for the federal government as an employee or contractor should take immediate action to protect themselves.”

What was stolen?  Here’s the list, also from that Trend Micro blog post:

  • Social Security Numbers
  • Residency and educational history
  • Employment history
  • Information about immediate family, other personal and business acquaintances
  • Health, criminal and financial history
  • Usernames and passwords applicants used to complete background investigation forms

That’s a lot of information, and quite enough for hackers to set up accounts under people’s names and exploit the heck out of them.  It’s an incredibly damaging breach and 22 million people is a LOT.

Thankfully credit card issuers are employing chip technology, but how does that prevent someone from opening up a card account under their name in the first place?

All in all it’s a dire situation, and I encourage everyone, no matter if your information was compromised, to start up some sort of identity theft insurance.

Also recommended is protecting your own personal computer.  Hackers are getting more and more sophisticated and have been able to make off with a lot of personal information through spyware and malware.

Did you know that keysniffers are one of the biggest culprits in malware today, and that your antivirus software may not detect them?  That’s why I have personally installed Spyhunter 4 and run it on an auto scan every week in order to ensure that my PC is free of unwanted malware.  You can download it here from my favorite website, We Hate Malware.

Overall, it’s very important to keep an eye on your personal accounts.  Check your credit card statements weekly, and install phone apps so that you can receive fraud threat alerts.  The reason we were able to stop the thief with my credit card information so quickly was that a fraud alert popped up on my phone and I was able to call AMEX and have them cancel the account.  It probably also helped my case when it came time to have AMEX cover those charges.

You could also go off the grid entirely, but that seems almost impossible to do these days.  So just stay on top of the news and ensure that you’re careful about your data.

 

Protecting Against Ransomware

ransomware (2)

A lot of companies are taking notice of ransomware these days, and it’s a very important consideration. Several blackmail hackers have held companies for ransom with a variety of methods.  However, prevention is the better way of dealing with ransomware – before it becomes an issue!  The key is to educate your employees and ensure that you have all the safeguards in place.

I especially like this quote from an article I recently read:

 SHIELDS UP

People should not have to make the choice to pay a ransom to save their data. Antivirus programs can only do so much, as email phishing schemes become more sophisticated. The biggest chink in our defense is what security officials call “social engineering”: that is, people. We will never be able to prevent every employee in our network environment from clicking on suspicious links in emails. Malware is like a vampire: It has to be invited in. Given enough time, someone in our organization will make this mistake. It is human to do so; it can’t be avoided.

In my library, our IT guys have put safeguards in place so that we cannot install the simplest Java upgrade without their password. Annoying, yes. But that may be what saves our network from the employee question, “Should I click on this?”

On the other hand, there is some ransomware that can be caught or downloaded by clicking on advertising that leads to pages that execute exploits for vulnerabilities in outdated browser plug-ins such as Java, Silverlight, or Flash Player. It is wise to keep these adjuvant programs up-to-date, even if we have to ask for a password to do so.

In general, computer users should make sure that all their software, particularly their antivirus software, is up-to-date. We should all continue to click carefully and avoid opening links in email from people we don’t know or companies that we aren’t doing business with.

Turn on the pop-up blocker in your web browser.

Finally, we need to make sure to do that most difficult of tasks: Back up important files on a drive not connected to our computer all the time. Alternatively, we can back up into a cloud storage service that keeps an archive or a history of the versions of our files, such as Microsoft OneDrive (one drive.live.com).

These are all just common-sense suggestions for effective PC health on the internet. While often running counter to our everyday habits, if we can integrate these steps into our computer use, we will be able to keep the bad guys out while letting the right data in.

 

McDermott, Irene E. “Ransomware: tales from the cryptolocker.” Online Searcher May-June 2015: 35+.