October is National Cyber Security Awareness Month. That may sound sort of silly, but if you use the internet at all, you are aware of the countless ways in which bad actors are trying to steal your information on a daily basis. Last week, I shared a blog post with the 10 most common passwords from 2016 and advised you to change yours if they matched up. Whether it’s your social security number, your credit card info, or just your passwords, hackers are always finding new ways to trick users into giving up valuable information.
Joe Martin has worked in cyber security for over 35 years. He spent 27 years at IBM, a few years as a Chief Security Officer for a medical records company, and the last few years at a technology consulting firm. He’s also my dad. Over the years, he has helped churches, schools, and other organizations improve their cyber security and educated them on how to protect themselves online.
Because its National Cyber Security Awareness Month, I thought it’d be fun to have a conversation with my dad about protecting ourselves online. We do not (yet) have a LifeWay Social podcast, but I recorded our conversation to be a sort of “audio blog post.” Below is the audio and below that are some of the highlights from our conversation. I hope this is helpful for you.
Questions, Answers, and Notable Quotables
What are some of the most common, everyday ways peoples’ email or social media accounts can be hacked?
- Most of us, as individuals, we are not high profile targets. Some of the organizations we represent may be higher profile, but for the most part, when our information is compromised, it’s because we’re collateral damage when someone else gets hacked.
- Historically, the biggest problem with our online credentials (user IDs, emails, and passwords) is that our passwords are too simple.
- Websites requiring us to create complex passwords helped fix the simple password problem some, but now we have a different problem: we can’t remember our passwords, so we write them down or otherwise store them insecurely.
- We shoot ourselves in the foot when we use the same password on multiple sites.
- Because passwords have become harder to crack, bad actors have just started asking us through “phishing” emails that look like legitimate emails from sites we know but are actually bogus and intended to take our information.
Can you give any suspicious signs that should signal us to think an email we have received is an attempt to steal our information?
- Typos, bad syntax, and other signs that the person emailing you may not speak English as a first language, despite supposedly being a part of a business or other organization.
- Emails designed in such a way that they want you to click a user-friendly link and type in some information at another site. These links may look legitimate but actually have odd URLs if you look closely.
- Emails you receive from a source that seems legitimate (a bank, a well-known website, etc.), but whose content seems odd—a bank telling you your account has been closed when you didn’t even have an account at that bank in the first place.
- In times of tragedy or disaster, emails that solicit donations or other requests for funds in an attempt to play on your emotions and steal your information.
- Leading up to Christmas, emails saying your credit card was declined or your package couldn’t be shipped.
With the understanding that there is no sure-fire way to prevent ourselves from being hacked, are there any practical steps we can take to protect ourselves?
- Have passwords that aren’t simple but are easy to remember.
- Use password managers like Dashlane, Keeper, or other services that allow you to keep your passwords in a virtual “vault” that you can open with one master password.
- If a site like Amazon emails you to tell you something is wrong with your account and gives you a handy link in the email, hop into another browser window and log into your account yourself to check the issue. This protects you in case you think the email is fishy (phishy?) and the link may be bad.
If (or when) we realize that one of our accounts online has been compromised, whether that be our social media, email or otherwise, what are the steps we need to take to fight back?
- Change your password on the account that has been compromised and on every account that shares that password.
- Follow the instructions of the site on which your account has been compromised and contact them if you can.