At our first Lunch & Learn for 2023, on Thursday, February 9th, our own tech guru, Chris Schleter, shared information and tips on how to stay safe when using technology. He began with computer safety then turned to scams that use our smartphones.
Here are some of the key items he explained:
- There is no way to be 100% safe online and we are each responsible for keeping ourselves safe. There are ways to reduce the risks: using strong passwords, enabling two-factor authentication if it is available, keeping our software up to date, using trusted anti-virus software, being careful what you share online (especially on social media) and regularly backing up our data to the cloud or offline storage.
- PASSWORDS: Passwords are probably the least effective security measure available. You should never use the same password on different sites and change your passwords often. Use a password manager to help you manage your passwords. Use strong passwords: at least 12 characters in length, use numbers and upper case letters and lower case letters and special characters (called a complex password). Phrases make good passwords but be sure to include something other than just letters.
- Strong passwords are extremely hard to hack. A 12 character password using only lower case letters can be hacked in about 25 seconds. A complex 12 character password would take about 34,000 YEARS to hack. An 18 character complex password would take about 7 QUADRILLION YEARS (longer than the expected lifespan of the universe) to hack. The longer and more complex the password the better.
- OTHER MEANS OF AUTHENTICATION are biometrics, an online authenticator app and two-factor authentication. Biometrics are most useful on mobile devices and usually use facial scans or fingerprints. Online authenticators are used by some websites and apps (notably Adobe and Microsoft Teams). With two-factor authentication when you log in to a website or app, a code is texted or emailed to you and you enter the code to gain access. If two-factor authentication is available on an app or website you should turn it on.
- FRAUD AND SCAMS: The most prevalent forms of fraud are phishing, trojans and ransomware. Phishing occurs when you receive an email or text that ask for personal information like passwords and credit card numbers. To stay safe from phishing is to verify that the sender is legitimate (does the email address listed match the sender - Microsoft will never send an email from gmail.com) and ensure that the links provided in the message make sense (an email from Microsoft is not likely to have a link from bitly.com).
- Another form of fraud is a trojan where a link in the message installs malicious code on your device. This code could be a key logger that records every key you press or tap or a virus that will infect your device. The same precautions need to be exercised.
- The final item is ransomware. Ransomware is a form of trojan but when you click on the link it installs software that encrypts your hard drive. In order to get the "key" to unencrypt the drive you are told to pay a ransom, usually with Bitcoin, which is untraceable. The main protection from ransomware is to back up your data regularly. If you get infected with ransomware you can reset your device to factory settings, reinstall the apps you had on the device then restore your data from the backup. It is painful to have to do this but is sure to restore your device to working order.
- With any of these, if you have doubts about the message, either contact the sender if it is someone you know and ask if the message is legitimate or just delete the message.
- SPAM: All email providers provide some form of spam filtering. You should turn it on. Spam filters are not perfect - some will get through and some legitimate messages will be classed as spam. Check your spam or junk folder regularly to be sure legitimate messages have not been moved there by the filter.
- TEXT AND TELEPHONE SCAMS: Generally a form of phishing where you receive a text or phone call and are asked to purchase something (usually gift cards) and send the numbers and PINs to the sender. Again, contact the sender if you have doubts about the authenticity of the request or just ignore the message. DO NOT respond to the message if you have not verified it. This just confirms to the scammer that your phone number is valid and you will get more of these. The IRS, Medicare and Social Security will NEVER call or text you. You should automatically delete these messages or don't answer the calls.
- PUBLIC WI-FI AND VPNS: If you do not have to enter a password (not using a web browser) in order to connect to the network, the network is not secure and you should not do anything that might send sensitive information to the Internet. For insecure networks, consider using a Virtual Private Network (VPN) which encrypts all of your traffic making it much harder for a hacker to use. Some websites do not allow you to connect if you are using a VPN but for most sites this is a good solution. There are free and paid VPNs but the free ones generally are not as secure. Paid VPNs cost about $4-$6 a month.