By Steve Tepper, CFP®, MBA
The WannaCry ransomware attack last month affected individuals and businesses in more than 150 countries and infected more than 230,000 computers. It illustrated yet again the need for everyone using any device connected to the internet to employ best security practices at all times.
Ransomware occurs when malicious software is installed on a computer, encrypting your files and then flashing a message demanding payment so you can regain access to those files. Ransomware can be problematic for a number of reasons. First of all, in many instances, including the WannaCry attack, there is no guarantee that the hacker will un-encrypt your files even if you do pony up the ransom. Second, payment of ransom will encourage hackers to attempt more ransomware attacks.
SonicWall, an industry leader in cybersecurity hardware, reported there were 638 million attempted ransomware attacks in 2016, a 167-fold increase over 2015.
Here at Northstar, we strive to keep up with the latest information and releases to protect our clients’ information as well as proprietary business data, and we are committed to helping our clients do the same.
A recent article on WealthManagement.com highlighted best practices for the financial services industry, but many of them have universal application. Here are a few highlights:
Keep your updates up-to-date. Don’t you hate all those pop-ups and system messages on your computer telling you to run this and update that? Well, stop hating and start updating, especially anything marked “critical.” In March, two months before the WannaCry attack, Microsoft released a “critical” patch. Guess what all of the 230,000 infected computers had in common? None of them installed the patch.
Manage your device. All your devices need the latest antivirus protection. In addition, you should have the ability to erase or disable a phone or tablet if it is lost or stolen. Aside from the annoyance of giving someone access to your contact list and that secret selfie folder (hey, I’m not judging), you’ve probably got your bank account login cached in memory, so you definitely want to keep a thief from getting their hands on that.
A remote wipe can be done on an Apple device by making sure you have Find My iPhone installed on your phone (before you lose it, of course!). Then you can wipe or disable the phone (and maybe even find it) by using the same app on another iOS device or by visiting www.icloud.com/find.
For Android devices, the app is called Lost Android, and while there is a feature that would allow you to “push” the app onto your phone even after you lose it, that’s not a best practice. Install the app now, then accept administrator functions, which will allow you to go to the site www.AndroidLost.com to lock, wipe, or locate the phone if it is lost or stolen.
Encrypt your data. If you have received confidential information from us, you know what we do to protect that information. Rather than sending it as an attachment, we direct you to a secure site to download it (www.sendinc.com). It’s a bit of a hassle, but it is a critical component to our cybersecurity program. Additionally, if we want you to send something confidential back, we direct you on how to securely email us using Sendinc. That is a best practice for you to follow anytime you need to send confidential information electronically.
Use passwords, and make them long and complex. The most common passwords in 2016 were “123456,” “qwerty,” and “111111.” In fact, if you use any password with just letters or numbers, characters that are sequential on the keyboard, or are just six characters long, sophisticated hackers can get past your password security in just a few seconds.
Here are a few standards for password creation:
- Use as many characters as allowed;
- Use upper and lower case letters, numbers, and special characters if allowed; and,
- Don’t use the same password for all of your logins. If a hacker figures out one of your passwords, he will probably try that same password and user ID combination on hundreds or thousands of other common websites, including every banking and brokerage site.
My rule of thumb for passwords is “If you can remember it, it’s not good enough.” Yes, that means you need a password file to write down all your passwords.
Don’t back down on backups. They can be a pain, but having a comprehensive recent backup can be a lifesaver if you fall victim to an encryption virus like ransomware.
By comprehensive, I mean more than just copying your “My Documents” folder to an external drive. You need a complete system image and your system registry so that you can completely restore all files, programs, and settings in the event you have to reset your device back to its original day-you-bought-it settings.
Be careful on social media. The information you put out on social media can be used by hackers to impersonate you to your friends and to figure out the answers to personal security questions. Did you ever post your wedding pictures? A page from your high school yearbook? A pic of your pooch doing something adorable? A shot of you and the family at the game, all dressed in matching team apparel? You’ve just answered some of the most common security questions: What is your best friend’s name (your best man or maid of honor), where did you go to school, what’s your favorite pet’s name, and what’s your favorite sports team?
Good cybersecurity practices can be a pain, but they are necessary components to safe computing in the 21st century. Get comfortable with them because they are with us to stay and will likely get even more complex and cumbersome as hackers become more and more sophisticated.
Source: 10 Cybersecurity Best Practices by Fred Kauber, WealthManagement.com, May 26, 2017