In Case of Emergency, Break Glass

As I’m sitting here writing this article, there’s a major hurricane bearing down on the south-eastern coast of the United States. Earlier this same week, a 5.9 magnitude took place in Virginia, shaking the ground from Georgia to New England. The earthquake wasn’t devastating, and my heart goes out to all those who have been impacted by the coastal storm. The truth is that while these are the events making headlines, there are many disasters that have a chance of occurring at any time. If a lightning strike caused a fire at your office, what would you lose? What if a pipe bursts while you’re away vacationing, what losses would you suffer there?

Some people, especially those who are not comfortable with computers, thumb their noses at the idea of storing pictures, important documents, and other such things digitally. They prefer to retain their physical copy and feel it’s easier to protect it from harm that way. Others enjoy how easy it is to retain digital copies of things, but have no action plan in place in the event of a disaster. For those of you who fit into the first category, you should proceed reading with an open mind. Those who fit into the second, keep reading and you’ll learn how easy it can be to prevent the loss of your information.

If you’ve sworn off the notion of putting things on your computer instead of in your shoebox then let me try to change your mind. First of all, you can do both! You can purchase a device called a scanner, which are often bundled together with a printer and sold as a “multi-function printer”. This will let you scan in your important photographs, documents, articles and so on. You can then store these on your computer while retaining the “hard copy” in your proverbial shoebox. Further, now that you have a copy on your computer, you can find a safer place to keep that box. Take a look around your area for environmentally controlled storage, though it may be costly. If you purchased one of those multi-function printers, you can also print out copies of whatever you back up. This is perfect for when family or friends may wish to see that baby picture of you or a loved one. Now that you have your information on your computer, it’s time to learn how to protect that as well.

You don’t need to have a fire or flood to lose data on your computer. A computer virus can often times make information unreadable, while hardware failure is nearly as common as a computer virus. The truth is that your computer will fail at some point, the only question is how long until it does. The easiest way to protect your information is to use a service that does it for you. Carbonite (www.carbonite.com) is one such service, though there are others if you take a search around. I prefer Carbonite because of how easy it is to use and how affordable it is. All you have to do is install their program and be connected to the Internet. Carbonite will automatically back up your computer to their servers and in the event of a disaster or failure, you can have it all restored. If you don’t want to pay the annual fee to keep your data safe then you can look at services like DropBox or you can simply put your pictures on a service such as Facebook.

Another way you can protect your information is by purchasing a storage device. This can either be an external hard drive, USB flash drive, or a memory card. You can also put information on DVD writable discs if you so choose. To be safe, you may wish to pick two devices to use, such as an external hard drive and a USB flash drive. Put the same information on both and send one to a relative for safe keeping. You can also combine this with the above suggestion, keeping a copy online and a copy on a storage device, since storage media also has a chance of failing.

Regardless of what backup method you choose, you should always retain the information you’re backing up. If you put a file on a USB flash drive and send it away, then delete the file from your computer, you’re still running a risk of losing that file forever. If you work for a company that doesn’t practice data protection, then you may wish to suggest some of the cheaper alternatives and perhaps enact them on your own if policy allows that. Keep in mind that depending on what you do for work, keeping a copy of something you’re working on may be illegal or against company policy. With that said, you could always back up what you’re working on and delete it the moment you are finished.

The last thing to mention is encryption, and this ties in with what I mentioned above. Encryption is a way of locking information so that only someone with the key can see it. Be wary of storing things online without encryption, especially documents that contain personal information. If you chose to store things on a storage device that you plan to keep with you, check to see if the device supports encryption. If that device is lost and found by another individual, they may be given enough information to cause you harm, financially or otherwise.

Good luck, and be safe out there!

Phishing and You

Recently I went on vacation to a nice lake in Rhode Island and I spent that week on and off a small boat with a fishing rod in hand. I found fishing to be relaxing, even though I barely caught anything. The rhythmic action of cast, wait, reel was almost comforting. So what does this have to do with being safe online? Well, today we’re going to talk about a tactic called “phishing” and how you can avoid being caught - hook, line, and sinker.

Phishing is almost an art form with how creative and clever criminals have become. The entire purpose behind fishing is to lure you in to providing important personal details to the criminal. There are some popular ways that criminals phish for information, but they’re all relatively easy to recognize if you know what to look for. On top of that, I can help you by providing some tips to help filter out any and all phishing attempts. Much like a fish in a lake can’t avoid seeing the hook and lure, we can’t avoid seeing these phishing attempts.

The first tactic we will cover is the e-mail scam. In this attempt, the criminal sends you an e-mail from a seemingly authentic source, asking you to do something or provide some information. Sometimes they want you to reply with information, but more often they ask you to visit a website. The source could seem like a real company, such as Facebook or even your bank, but forging the sender of an e-mail is as easy as typing in a fake name. The red flag for you here is that no company I know of will ever ask you to “re-enter your password” in an e-mail. If there is an issue with your password, they will just send you a random one and ask you to log-in to change it. Further, no bank should ever ask you to provide your account information. They should already have all this information, and most banks or credit card companies will actually call you directly with such sensitive issues.

So how can you further protect yourself from this scam tactic? If you’re somewhat savvy, then you can look at the link that they’re asking you to click. In most mail programs, holding your pointer over the link will show you the real destination in the bottom of the program’s window. The link shown in the e-mail is more than likely fake, so they will not match up. The best solution is to head to the company’s website in question manually: If the e-mail claims to be from Facebook, then type in: “www.facebook.com” in your web browser and head over to the Help section. There will likely be contact information, so you can call or send a message to the company and ask if the e-mail was authentic.

You should NEVER click a link in an e-mail without first making sure that it is real! Keep your eye out for fakes that look similar, such as: “ww.wfacebook.com.co” Just because the link has the company’s name in it doesn’t mean it’s authentic. The company’s web address should look something like “www.facebook.com”. Do you see the difference? If you do happen to click on a link, you should always check your web browser’s address bar at the top and see where it took you. Once again, if you’re suppose to be at a company’s website then their actual web address should be in that address bar. We call these addresses URLs, in case you hear that term. Most modern web browsers are smart enough to discover such phishing attempts, but you should protect yourself by staying alert anyway.

The next tactic we’ll cover is a little more broad and may actually use e-mail as well. I call these  “Too Good To Be True” scams. If a man walked up to your front door today and said that you could get a free car by just doing a few simple things, you’d probably shut the door on him. The problem I’ve found is that online, people are accustomed to hearing about “great Internet deals”, so when they see a scam that says “Get a free Laptop, Click here!” they’re more apt to follow. I’m not saying that all sweepstakes and give-aways online are scams, but you should at least vet out the offer before you provide any information at all. This also includes scams targeting users of popular games, such as FarmVille on Facebook. Offers that claim you can cheat or win free coins or other in-game items by performing a few simple tasks are also attacks.

To protect yourself from these attacks, you should inspect the deal or offer and look for a few key components. Most sweepstakes or give-aways are sponsored by a company, after all someone needs to pay for the prizes right? If you can’t find a link to a sponsor, then take a look at the address bar. Does it appear to point to a reputable company? If not, then it’s not worth trying. Most of those offers want your name, e-mail address, street address, and other information. Even if they don’t use such information in an attack, they will most certainly sell it to the highest bidder, giving you more spam and more headaches later on.

On Facebook and other social sites, the scams often come from people you trust that have actually been compromised. Once again, this is where being alert and observant pay off as you should never download a program from Facebook, nor should you ever go to a web address that doesn’t look authentic. A relative of mine recently sent me a message asking to “check out her webcam!” and provided a link. Now, not only did I know my aunt better and knew she didn’t have some raunchy webcam site, but the link provided in the message just looked strange. When in doubt, reply to your friend or relative and ask if they did indeed send you the link. You could even call them if you have their phone number. If they didn’t, then suggest to them that they have their computer scanned and cleaned.

The third avenue isn’t even online, and has been gaining popularity recently. The scam involves the criminal calling you directly and pretending to be from “cardholder services”, a bank, or other important institution. These are harder to discern, but you can still practice good safety tactics and avoid being had by these con artists. If you answer the phone and someone is on the line asking for your personal information, ask them what company they’re calling from and what exactly it is that they want. If they can’t tell you, then that’s an obvious red flag. If they do tell you, then write it down and tell them you’ll call right back. Look up the company’s real telephone number and call them directly. If there’s something wrong with your account, they will be able to tell you and you’ll be safe in knowing who you’re talking to. If there’s nothing wrong, then you can report the incident to them and help save others from being scammed.

The bottom line is that you shouldn’t trust anything or anyone on the Internet. Your best friend’s account could be compromised, so the e-mail they sent you with “vacation pictures” pointing you to a website that wants your personal information may not be authentic. The only way to really be safe is to check with people directly.

Password Safety

You don’t need to be a techie to understand the importance of a password. We all understand that they are the keys to our online life, but it’s also important to understand good password safety. After all, you wouldn’t leave the keys to your front door of your house hanging from the mailbox. It also wouldn’t be a good idea to put your alarm system’s pin code on a post-it note above the panel. I’m here to give you a few tips to keeping your passwords safe as well as recommend a program that will do it all for you.

For the examples below, I’m going to be using http://howsecureismypassword.net/ to test the strength of each password. This website gives you an idea of how easy a password can be cracked. “Cracked” is a term used to describe a computer guessing a correct password. Before we begin, why not test your current one? Don’t worry - it’s safe as it doesn’t send your password anywhere and it’s not associated with an e-mail address or user name.

The first step in keeping your password safe is to create a good password. The trick is to create a password that cannot be guessed easily and you need to remember that it will likely be a computer doing the guessing. Hackers use whole dictionaries to help crack passwords, so using a common word is the same as pinning your password to your forehead. I recommend taking two words that mean something to you and splitting them in half, then using the two halves to create a new word. I happen to like pizza and beer, so I might split those in half and come up with pizbe, or bezza. This alone won’t make a strong password, but you’re eliminating one avenue of attack. According to the tool I’m using, either suggested password would take less than a minute to crack.

Before I go into making a stronger password I want to stress avoiding the use of personal information in your password. People are often tempted to use things like a social security number or a phone number when creating a password, but you may be inadvertently giving a criminal more information about you. If a website is hacked and your password discovered, a clever criminal may be able to figure out exactly what that number means. Keep in mind that the last four of your social security number is all you often need to verify your identity.

To make our password stronger, we’re going to want to add some numbers to make it harder to crack. In this example, I’m going to use the numbers 8 and 24. Pizzas often come in cuts of 8 slices, and beer comes in cases of 24, so both numbers would be easy enough for me to remember. That means a password could be ‘piz8be24’, or I could do be24piz8. While these are stronger, they still only take about 3 hours to crack. Three hours isn’t a lot of time, but it’s far better than under a second. We’re going to want to do better by making our password case-sensitive and adding special characters. A character is either a letter, number, or symbol such as #, $, or !.

A case-sensitive password is one that has both upper and lowercase letters. Most websites actually treat these letters differently, so ‘a’ and ‘A’ aren’t the same. This is why you should always make sure your ‘CAPSLOCK’ key is off when you’re creating or entering a password. Going with our example, I’m going to change one letter to uppercase: ‘be24Piz8’. This improves our password, going from a cracking time of 3 hours to 10 days. If the website allows it, we can also use special characters to make our password even stronger. For instance, if you flip the lowercase ‘i’ upside-down, it looks like an exclamation point ‘!’. That slight change would give us ‘be24P!z8’ and bring the time-to-crack up to 46 days!

The last thing we can do to make our password super-secure is to make it as long as possible. For a good password, 8 characters should be your very minimum with an upper range of 12 to 16. The longer you make your password, the harder it will be to crack. If I stretch this password out to ‘be24erP!z8za’, our lovely tool tells me that it would take 4 million years to crack! All I did was put numbers in the middle of words I know, and change one letter to a special character.

Now that you know how to create a super-strong password, let’s talk about the second step in password safety: keeping things separate! You can’t trust that any website out there will keep your password safely locked up and away from would-be criminals. When you create a password, you’re basically making a key and giving a copy to the website. If you used the same password for every website, then all a hacker would have to do is break into one website and they’d be able to get into every other website where you use the same password. The easiest way to get around all this is to use different passwords everywhere you go.

I know what you’re thinking: “How am I going to remember all those passwords?” The simple solution is to actually keep a few different passwords and alternate where you use them. As a rule of thumb, you should never re-use your e-mail or bank account passwords. These should be unique and as strong as you can make them. For all other websites, you can take the password you have and rearrange it. For example, I could use ‘be24erP!z8za’ for one, and ‘p!z8zaBe24er’ for another. Most websites give you at least three chances to enter the right password, so if you keep three different passwords to alternate, you’ll get in with at least one. If you still can’t remember, you can often reset your password using your e-mail address. This is why your e-mail account MUST ALWAYS have a unique password that is strong and never re-used!

Speaking of unique passwords and protecting your e-mail or bank accounts, one good practice you should get into is changing your passwords regularly. At the very least, you should change your e-mail and bank passwords at a decent interval, like when you need to change the clocks or replace the battery in your smoke alarm.

As promised earlier, I wanted to recommend a program that will help you keep all your passwords safe and secure. This program has been vetted by some top security analysts, and while I could go on for hours about all the technology in it, I’ll simply say that it’s very secure and works very well. The program is called LastPass and is available from http://lastpass.com. This program is like a bank vault for all your passwords, and it fits right into your favorite web browser. What this program can do is generate a password for you, one that is nearly impossible to crack, and save it in a safe place so you don’t have to try and remember it. It can also generate a different password for each site you visit, saving each one separately. It remembers which password goes to which site, so you can easily fill it in when needed. The only password you need to remember is the one to your LastPass account, which should be as strong and secure as you can make it.

I hope to write a tutorial for using LastPass in a future article, but for now you may want to read up on it here: http://helpdesk.lastpass.com/

Disclaimer: Do NOT use the passwords suggested in this article. They are examples to show you the finer points of password creation.