Cybersecurity

Sites will often use common security questions to recover a user’s account if the password is forgotten. These questions are problematic because the Internet has made public record searches simple and the answers are usually easy to guess. In a study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user’s answer to the question “What is your favorite food?” (Pizza) If you're required to answer security questions, some security experts suggest making up a lie and jotting down your fake answers on paper or in the Notes section of your phone. (Q. "Where were you born?" A. Kentucky Fried Chicken. Q. "What was your first pet’s name?" A. Peach.)

You might think that entering and storing personal data for easier access to online sites is convenient, but generally speaking, it's not a great idea. Breach after breach proves as much. Many sites require entering an email address to register or gain access to full features, but it can also be fodder for spam. If you are visiting a site that doesn’t seem credible or trustworthy but requires entering your email, consider creating a disposable email address.

Whether you make it an end of the year or a New Year’s resolution, backing up your data is always a good idea. Ransomware -- malicious software that hackers have used to scramble your data until you pay a ransom -- is a common scourge these days. Stay one step ahead of cybercriminals by regularly backing up your data. Wirecutter has a great guide on cloud back ups and hardware backups here.

Marriott has reported that they will begin alerting the 500 million customers believed to have been affected by a breach of its Starwood hotels database. If you stayed at a Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements or Luxury Collection hotel in the last four years, you may have been affected. So how should you be protecting your information online?

• Passwords – Regardless of what company is involved in a breach, it’s always a safe bet to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites, and do not use your Social Security number as a username or a password. Think about using a password manager. Wirecutter, a New York Times company, provides a helpful explanation of why password managers are so essential. They also maintain an updated guide to what it considers to be the best password managers.
• Don’t Click - Attacks are often spread through malicious email attachments and links — a practice known as phishing. So make a rule of not clicking on anything when you do not know where it will take you, even if it appears to come from someone you know.
• Be Vigilant with Your Credit Card- Never allow a retailer or merchant to store your credit card information unnecessarily. If it is offered, use PayPal or Apple Pay for online transactions. Both are safer than most online payment methods.

Because cybercriminals' activities have become increasingly sophisticated, one expert writing in Insurance Business America says that cybercrimes, and especially financial scams, have risen sharply in 2018. "Criminals are no longer just getting the email credentials of a person in a company, they are now monitoring their email and communication style in order to send a phishing email that is hard to detect as being fraudulent," says Jeremy Barnett of NAS Insurance, suggesting that companies put steps in place to prevent phishing scams. While you would think that the increase in cybersecurity issues would make people more vigilant about scams, many businesses and individuals have the feeling that it will never happen to them.

According to The Hill, Apple CEO Tim Cook says he believes regulations in the tech industry are inevitable, after previously stating his support for stricter laws in October. "I'm a big believer in the free market, but we have to admit when the free market is not working. And it hasn't worked here," Cook said. In October Apple began allowing customers to download copies of all the data it holds on them.  Want to find out what data Apple is keeping on you and how to delete it or manage it? Try this article on the Cnet site as a guide.

According to Cybersecurity Ventures, there will be up to 3.5 million job openings in cybersecurity by 2021, but experts say there is a serious shortage of those trained to fill those spots. Furthermore, only 20% of cybersecurity workers currently are women, which can limit perspective when it comes to solving cyberthreats. "The wider variety of people and experience we have defending our networks, the better our chances of success," says Priscilla Moriuchi, director of strategic threat development at Recorded Future according to Forbes. Got a daughter interested in this field? Take a look at the tips for women entering cybersecurity in the article.

At the 26^th annual DEFCON convention, the kids hacking division received a great deal of attention when an 11 year-old girl was able to successfully hack into a replica of the Florida Secretary of State’s website. BuzzFeed News reports that it took her only 10 minutes to hack the site and change the results of the 2016 presidential vote. The Secretary of State said changing the website does not represent switching actual votes, but experts say the hack reveals security flaws in the system. This could make an interesting topic of discussion if you have a young “hacker in training” at your house.

“Cyberattacks against the US are on the rise and have reached a critical point,” said Director of National Intelligence Dan Coats recently. Coats identified China, Iran, North Korea and Russia as the biggest threats, saying that they target federal agencies, state and local governments, businesses and even schools every day.