Author: Elgin Green, IT Services Page 1 of 2

Pandemic Security: Coronavirus and Protecting Your Digital Assets

Sticky post

With Christmas and the holidays behind us, we still have the added complication of COVID-19. This fact has not been lost on cybercriminals, the “bad guys” who are always trying to steal your identity by tricking you into giving up some of your personal information. So, now that you may have a little less time pressure on you, let’s take a minute to review some basic online safety measures to keep you as safe as possible while enjoying time with family and friends (probably virtual), and of course, online SHOPPING!

The CDC and your local government have provided medical guidelines for safe interactions during COVID, but we’re talking about cyber health and what you can do to add a layer of safety and confidence to your online interactions.

Who are the “bad guys”?

Just who are these cybercriminals? They can be young or middle aged, mostly male but also female, any nationality, and they could be next door or on the other side of the world. Most do it for money, but some do it just because they can; for fun and bragging rights. The important point is that they are smart and have the tools that make it easy to exploit any of your online accounts or transactions that aren’t well-protected.

What’s at stake?

Being careless or just unaware of proper online safety can allow a cybercriminal, the “bad guy”, to steal your credentials like passwords, social security number, bank account logons, etc. Here are some of the bad things that they can do:

  • Credit card fraud—use your information to make charges on your credit card
  • Ransomware—lock your computer files and extort you for money
  • IoT threats—compromise a router or connected camera
  • Account takeover—use your credentials to make online transactions on your behalf
  • Identity theft—steal your identity and act on your behalf
  • They could even steal the title or deed to your home!

According to Fool.com, 2019 was the worst year in history for identity theft, and 2020 has not been better so far.

Are you a target?

If you have a social security card, you are at risk for identity theft. These bad guys target the young, the old, and everyone in between. It turns out that most of the identity theft occurs within the 20-49 age group, because they have more credit cards and they purchase more online. However, when it comes to fraud reports other than credit cards, most of that occurs in the 60-69 age group. The most likely reason is that people become more trusting as they age.  Check out this chart showing the average fraud loss amount by age.

Fraud loss by Age

Younger adults lose money to fraud more often, but when older people experience a fraud-related financial loss, the median amount is much higher, according to the Federal Trade Commission.  Source:  2020 Identity Theft Statistics | Consumer Affairs

What are the COVID-related things they’re doing?

According to IdentityForce, the most common COVID-19 scams in 2020 include:

  • Fraudulent e-commerce vendors for masks, sanitizers, and test kits
  • Fraudulent investment sites
  • Phishing (email) and vishing (voice calls) through update emails, texts, and voicemails
  • Spoofed government and health organization communications
  • Fake vaccines or “miracle cures”
  • Scam employment posts
  • Phony charity donation offers

What you can do

Keep your antivirus software up to date

If you don’t do anything else, make sure you have an antivirus installed on your computer and keep it up to date. For Microsoft Windows, you should be on version 10, where Microsoft Defender Antivirus (formerly called Windows Defender) is the default and is actually pretty good. And, it’s free and easy to use. If you feel that you need more, there are numerous apps available.

Check your bank account transactions regularly

If you regularly balance your checkbook and check your bank statement, you’re ahead of the game on this point. Often the cybercriminal will steal your credit card information and begin making small purchases from the same places that you do. These small amounts add up over time but may not be caught by your bank or credit card company. If you see transactions that you did not make, call your bank or credit card company immediately!

Password manager—you need one

If your passwords are easy to remember, they’re probably too weak. Basically, short passwords are weak; long passwords are strong. When it comes to passwords, the longer, the better. Also, you should never use the same password twice. If you’re thinking “There’s no way. I can’t remember long passwords!”, you’re right. That’s why you need a password manager. You create one very long difficult pass phrase that you can remember. Then you use that to unlock the password manager, which stores all your other passwords.

For the iPhone and Apple products, use the iCloud Keychain. This is great for Apple products, but unfortunately, it doesn’t easily adapt to a PC.

Here are a few good password managers: RoboForm, Keeper, LastPass, DashLane, Bitwarden, LogMeOnce, etc. Most of these don’t cost much, but they are extremely important for keeping your passwords organized and safe. Most of these can sync your passwords across all your devices, which is a must if, for example, you shop Amazon on your iPhone and your PC.

MFA!

Today, even a good password is not enough! Weak passwords can be guessed; strong passwords could be stolen. The solution is multi-factor authentication (MFA). Simply put, MFA is short code or number that is sent to you in a text or email in addition to your password. For example, you go to your bank website to logon. You enter your username and password. Next, they send you a code that you must enter into a box on their site. This verifies that it was really you who is signing in; the “bad guys” will not have the code even if they had your password.

What we’re doing

At Spectrum, we’ve also felt the impact of the pandemic, and we’re doing our part. We’ve tightened our security stance to protect your data and ours. Here are some of the specific things we’re doing to protect your information:

  • Our “Client Portal” protects you by avoiding sending personal info in email
  • Our “Prospect Portal” similarly protects prospective clients
  • Diligent email filtering, monitoring, and user training
  • MFA where possible
  • Business Continuity and Disaster Recovery testing
  • Masks, social distancing, and hand washing
  • Regular office sanitizing

Together we can make our online experiences safe and profitable in 2021.

IoT (Internet of Things)

“Augmenting the human experience with a connected world”[i]

“Oh! Sorry I didn’t see you sitting there. It’s my morning break here at work, so I was checking a few things at home. Making sure that I locked the front door and checking to see if we had eggs in the fridge. Looks good. And the dog’s behaving.

So, do you remember back in 2019 when IoT was new and security was sketchy? I figured I didn’t have a lot to lose by installing that smart front door lock. After all, it was nice for the door to unlock when I pulled into the driveway, and then have it auto-lock when I left for work. I could even unlock it for my daughter who dropped by unannounced from out of town. Nice.

At that time, some people weren’t comfortable with the level of cybersecurity in IoT, so they stayed away. Others…they did their homework and only went with devices that were designed from the ground up for security. Smart.”

What’s Involved?

IoT (Internet of Things): “the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.” So, many “smart” things are in this category: locks, thermostats, lights, alarms, toys, automobiles, garage doors, sprinklers, IP cameras, refrigerators, or your home DVR. Convenience and utility.

IoT can make your home more secure from burglars by automatically locking your front door when you leave, alert you to someone at your front or back door, make your coffee, turn your lights on and off, etc., etc. What’s not to like, right?

This transformational technology is growing geometrically and is poised for an explosion. IHS Market (a London-based global information provider) predicts that by 2025 there will be 73 billion IoT devices installed[ii]. That’s more than 9 per person on earth! With all these devices connected to the Internet, the bad guys are constantly attempting to gain access in order to steal information and steal your stuff.

Are they secure?

With all these advantages, the question becomes what is the risk of installing a smart device? It turns out that there is a lot NOT to like, IF you are not careful. Alas, most IoT manufacturers have no program for disclosing and reporting security issues. A December 2018 report explains that “90% Of Consumer IoT Vendors Don’t Let Researchers Report Vulnerabilities”[iii]. That could mean that if you are not technically inclined or are not willing to do the homework, you may want to wait until IoT technology is more mature and secure.

Here are some of the issues and possible consequences:

Issue Possible Consequence
No security updates Device could be vulnerable
Weak credentials that can’t be changed Device is vulnerable
A hacked IoT device Allows access to your other accounts on your network, identify theft
Remote (unattended!) enablement of stoves, cookers, microwaves Safety hazard
Self-driving car vulnerabilities Theft, safety concern

“As an example, an IoT thermostat very likely communicates to a cloud server to provide updates and to control the device remotely,” Jett [Justin Jett, director of audit and compliance for Plixer] says. “If the IoT security is robust, but the cloud security is significantly lacking, the entire system is vulnerable.”[iv]

What can you do?

For those who want to enjoy the benefits of current IoT tech, this may be a good time to do a little online research and get a smart lock for your front door or smart LED lights that turn on at sundown and can be controlled from anywhere in the world.

If you decide to take a step into the Internet of Things, remember that your smart device will be part of your local network. So, here’s what you should do.

  • Choose your IoT devices not just based on convenience, but also on security.
    • Smart locks are very convenient, and they are as secure as traditional locks IF well designed and supported.
    • Make sure the manufacturer is actively supporting the device.
    • Keep a “good ol’ fashion” key handy when the keyless remote entry fails.
  • Insist on strong security and check your devices’ configurations.
  • Keep your computer and smart phones updated; they usually share the same network at your home.
  • Install computer virus and malware protection
  • Use multifactor authentication when possible.
  • Don’t use public Wi-Fi without VPN.
  • Only use known devices. E.g., if you don’t know where a USB thumb drive has been, leave it alone.

Here’s an excellent consumer guide for smart home devices, developed by the UK government.

The Future

California has enacted the first law covering IoT and this may drive future federal regulations. “The short IoT bill requires IoT manufactures to equip devices with “reasonable” security measures, appropriate to the function of the devices and to the information they collect or transmit.”[v] The move is toward more security and accountability, which is good for the industry and for consumers…like you.

Spectrum IT

The IT Team at Spectrum works behind the scenes to ensure that your investment and personal information is kept safe and secure. We also strive to make sure that Spectrum’s other teams have access to the information they need, enabling them to make the best timely decisions possible for you.

[i] “The next chapter of IoT is just beginning as we see a shift from digitally enabling the physical to automating and augmenting the human experience with a connected world,” says Carrie MacGillivray, IDC. https://www.idc.com/getdoc.jsp?containerId=US44390618

[ii] IHS Markit, The top transformative technologies to watch this year, 2018 (PDF, 16 pp., no opt-in)

https://www.marketwatch.com/story/7-ways-to-keep-your-smart-home-from-being-hacked-2016-10-17

[iii] https://www.forbes.com/sites/daveywinder/2018/12/13/the-silence-of-the-brands-90-of-consumer-iot-vendors-dont-let-researchers-report-vulnerabilities/#4f60977d9c88

[iv] https://www.scmagazine.com/home/security-news/lightly-secured-cloud-with-a-chance-of-iot-attacks/

[v] https://www.scmagazine.com/home/opinions/californias-new-iot-security-law-is-not-nearly-enough-we-need-a-gdpr-for-iotnow/

Page 1 of 2

Spectrum Financial, Inc 2023