Welcome to your October Savvy Cybersecurity newsletter. September is the back-to-school month and it looks like cybercriminals gone back to class to learn some new scams. Read on to learn more about those and what you can do next month for National Cybersecurity Awareness Month as well as:
- How employees are the biggest cybersecurity threat
- Why Yahoo might owe you $100
- How to better secure your fitness apps
- And much more
Three things to do during National Cybersecurity Awareness Month
Did you know that October is National Cybersecurity Awareness month? The observance became official four years ago under the National Cyber Security Alliance. The goal of the month is to ensure that we all have the resources we need to become safer online. We want to be sure that you have the ability to improve your cybersecurity in at least one way next month. So, in this newsletter, we want to go over three different actions you can take in the next five weeks to become more cyber-secure.
1.Freeze your credit files
If you have been putting off freezing your credit files, you are officially out of excuses. As of September 21, credit freezes are free in all 50 states. A credit freeze is the best way to stop hackers from opening new lines of credit in your name because it locks your files with a PIN. New credit can only be approved when the PIN is temporarily lifted from your account.
In order to be secure, you must freeze your credit at all three of the big credit bureaus—Equifax, Experian, and TransUnion. This can be done online or over the phone. Previously, the cost to freeze your credit ranged from $0 to $10 depending on your state of residence. A new federal law has made the process free. Click here to start the process of freezing your credit.
2.Download a password manager
If you are still reusing the same password at various sites, break the habit by investing in a password manager. A password manager is a software program that stores all of your usernames and passwords for various websites in a secure vault. These passwords are protected with one master password—the only password you need to remember.
Password managers are very safe and offer you a way to have hundreds of unique without having to memorize any of them but one. Most of them can be synced on various devices so you can carry your passwords everywhere you go. Some popular password managers are Dashlane, LastPass, and 1Password.
3.Back up your files
One of the best ways to protect yourself against a ransomware attack is by backing up your files. Ransomware is a type of phishing attack that contains a fraudulent attachment or link. If opened or clicked, the malware encrypts all the files on the machine and locks it so the victim cannot access anything. The attacker demands a Bitcoin ransom to get the files back.
To avoid paying the ransom (which may or may not work), keep regular backups of your files. We recommend following the rule of three. Your files should be in three places: your device, a cloud service (such as Dropbox, OneDrive, or iCloud), and an external storage drive such as an external hard drive. That way if you do fall victim, you can have the malware removed from your machine and re-download everything from one of your backups.
Nearly half of all companies are exposed to cybersecurity threats due to exposure of employees’ login information according to the 2018 Insider Threat Report. Another study by Shred-It found that over 40% of businesses believe human error led to documents being exposed. Employees are often the cause of cybersecurity incidents. So what actions can you take to stop this? Check out this list to see the top employee habits that need to be stopped to improve cybersecurity.
Your state DMV may be selling your personal information to businesses and private investigators according to a report done by Motherboard. Many of these states have made millions of dollars from the data sale. Many security experts express concern over the sale of this data as it increases the risk of data exposure if these companies are breached.
Over 50 tech-company CEOs have sent an open letter to Congress asking for a federal law on data privacy. This request comes after many states have been writing laws. Individual state laws make it difficult for companies to comply and many CEOs believes contributes to the current data privacy mess.
Have you uploaded your resume to Monster? You may have gotten your data exposed instead of a job. A web server hosting resumes and cover letters uploaded to Monster between 2014 and 2017 was found online. Most resumes included private information such as phone numbers, addresses, and email addresses. It is unsure how many documents were exposed at this time. Monster did not notify affected users saying that companies that bought the data are responsible for alerting users.
U.S. government IT contractor suffers data breach affecting over 20 federal agencies. A hacker allegedly was able to access the company’s server and has advertised access to the data. The company, Miracle Systems says the data accessed was outdated but has yet to be confirmed. The breach has already cost Miracle Systems $500,000 to $1 million.
Radio conglomerate Entercom Communications has been hit with a ransomware attack resulting in crashed computers and no email access. The hackers have demanded $500,000 from the company in exchange for its data. Entercom owns over 200 radio stations throughout the country. Entercom says it will not pay the ransom.
Less than one-third of employees report receiving cybersecurity training annually. Yet, employees are often the cause of business cybersecurity incidents. One key to protecting your business is training employees regularly. The study done by Chubbs found that most employees could not define the most common cybersecurity threats.
If you were a victim of the massive Yahoo data breach, you can now apply for a $100 cash payment.The breach, which occurred between 2012 and 2016, affected 194 million people. You can choose from two years of credit monitoring or $100 (which is not guaranteed). You can apply for your settlement here.
Nearly 170 million people have had their medical information exposed in data breaches over the past 10 years. The study was published in the Annals of Internal Medicine journal. Most of these breaches exposed information such as names, emails, and phone numbers. In nearly 1,000 cases patients had their social security number or driver’s license numbers exposed.
Two years after the Equifax breach, consumers are still struggling with basic cybersecurity actions. A study done by CompareCards found that four in 10 people with a debit or credit card have provided their Social Security number online in the past month. And while 95% report taking some action to protect themselves, very few have done more than one.
College students are often the target of hackers who are trying to gain access to the school’s network. Share this list with any college students you know to help them protect their digital life and understand why cybersecurity is so important. It covers actions like using a VPN and guarding your email against phishing.
Your fitness app helps you track your steps but it may also be sharing your data with the company.The Verge studied popular fitness apps to see exactly where your data is going. In general, if your app is connected to Facebook or Google, you are sharing data with those companies. You can limit that adtracking through Settings on your phone. Read more to see how your app handles your data.
Over 200 million Facebook users’ phone numbers discovered online. The numbers were included in a database found online that contained the user’s Facebook ID and their phone number. Phone numbers are valuable to hackers because it can help them complete several scams such as SIM swap fraud or bypass two-factor authentication.
Adobe: Adobe released two important updates for Flash Player this month. If you still need Flash, you should update immediately. If not, delete the program–Adobe will stop supporting the software at the end of 2020.
Microsoft: Microsoft released security patches for over 80 different issues this month. Two of the issues have already been exploited in the public and affect all Windows versions. Your device should prompt you to update automatically but you can read more about the updates here.