Reprint from AMAC on July 26, 2018 By William Perry
Losses due to cybercrime are dramatically increasing. They currently exceed the dollar amount of the illegal drug trade (i.e. one trillion dollars). Computer theft is projected to grow to six trillion dollars by the year 2021. There are a number of reasons why.
First, security was of little concern when the Internet was invented. The quantity and use of interconnected digital devices, also, is dramatically increasing (i.e. smartphones, sensors and digital control devices). Another reason is that law enforcement is unable to protect the Internet from increasingly more targeted, sophisticated and vicious attacks.
Retired Americans are beginning to interact more with the newer technologies and tend to have some discretionary financial resources. Seniors are prime targets of the cybercriminals.
We needn’t be reluctant to take advantage of the digital age’s conveniences. We simply must become aware of the risks we face every time we turn on a computer-driven device.
We have to raise our level of security awareness and take proactive steps to protect our critical information assets. One method would be to adopt and follow the security best practices discussed below:
1) Use complex passwords – For example, use at least eleven characters with one uppercase and lowercase letter and special character on your computer like $ or # – . Change your password frequently. Consider using pass-phrases with special characters. Avoid using words that can be found in the dictionary, your name or any other words that are associated with you or family members.
2) Use multi-factored authentication methods whenever possible – Two or three factored authentication is now emerging. One method is voice identification. Another is to require the entry of a randomly generated number or some type of biometric such as a fingerprint.
3) Regularly update software and install patches – Software companies frequently notify registered customers that a newer and more secure version of their software or vulnerability patch has been released. You should update both operating system software (like Windows™ and application software).
4) Purchase and use malware protection software – Use one that can scan your computer and be easily updated. Survey the marketplace, read reviews, purchase the one that meets your needs.
5) Use a firewall – Use a firewall (either hardware or software) that monitors incoming and outgoing communications on your computer.
6) Limit the amount of information you share on social media – Many malicious users exploit information they gain on social media. Avoid volunteering information.
7) Avoid visiting “questionable” websites – Many cybercriminals deliberately set up websites to attract and trap computer users. Avoid gambling sites and those that offer free tools which frequently contain malware that is downloaded onto your computer
8) Keep from clicking on unknown links and tempting free offers – Unknown links frequently contain malware (such as key loggers) that could be downloaded to unsuspecting users that record every key stroke and ‘phone home’.
9) Set your browser and other applications security settings to the highest possible level – Doing so allows you to customize the security of your interactions on the Internet.
10) Logout or terminate your Internet connection when you have completed your work—Otherwise, you leave the connection open for malicious users to enter your computer and exploit any vulnerabilities.
11) Lock your keyboard when you leave your work area unattended – Otherwise, a passer-by, visitor or third party can have instant access to your system. Locking your computer requires a password be entered to unlock it.
12) Assess the threats that you face and mitigate them – You face unique threats when you bank on-line and log-on to social media sites. Be aware and become sensitive to the threats you face
13) Identify any vulnerabilities you discover and eliminate them – Failing to update to new editions of application software, for example, can leave holes through which cybercriminals can enter your system.
14) Turn off any services you aren’t using – Leaving Bluetooth “on”, for example, can be a significant vulnerability. Another device can connect. Limit the attack surface of your system.
15) Back-up your critical information – You will be attacked by malicious users. It’s only a question of when. Backup your information frequently and consider keeping a copy in a different location.
16) Change the default settings used by your hardware, network and software – Manufacturers often ship products with default passwords. Cybercriminals are aware of what they are and can enter your system if you haven’t made changes.
17) Consider encrypting your data and using a VPN (Virtual Private Network) – Make your stored data and critical communications unreadable by using encryption and making it unreadable without decrypting.
18) Avoid using public “hotspots” or accessing the Internet at hotels – Malicious crackers routinely monitor wireless access points and watch for openings to exploit.
19) Be wary of downloading free software, attached files and information from unknown publishers – Cybercriminals insert malware in software that you are encouraged to “open” or install.
20) Only share media and files with trusted sources – Media that is owned by others (e.g. an external drive or CD) may have viruses and malware on it that can be transferred to your computer by exchanging data.
21) Limit line-of-site visibility of your electronic devices from visitors – Cybercriminals can “shoulder surf” your keyboard and screen or “sniff” your communications.
22) Be vigilant and avoid complacency – Make it a practice to stay up-to-date on cyber security developments.
Summary:
Cyber security is your responsibility. You need to take proactive steps to limit the chance that you become a victim of cybercrime. Learn more about computer security and aggressively adopt best practices.
Additional Computer Security Resources:
Computer-Security-Glossary (www.computer-security-glossary.org website glossary and articles)
“Cybersecurity for Older Americans,” (a .pdf file found at DHS) Search Google
www.OnGuardOnline.gov
Paladin-Information-Assurance.com (website for assuring information assets)
StaySafeOnline.org (a security website for personal and business)
Dr. William G. Perry is a Professor Emeritus of Computer Information Systems in the University of North Carolina system. He is the CEO of Paladin Information Assurance (www.paladin-information-assurance.com) and author of numerous books including How to Secure Your Computer and How to Secure Your Smartphone and Mobile Devices.