Using Public Wi-Fi

Most of us will travel and want to use public/free Wi-Fi at some point. Let’s talk about one of the most easy hacks bad guys will use to access your data. You walk into a coffee shop in a hotel or high tourist area and hook up to the local Wi-Fi. What you didn’t know is that a “bad actor” got their first and set up his own Wi-Fi signal. He/She will use a Wi-Fi name that looks legit and since they are sitting probably within feet of you it has the strongest signal. They even setup some “fake” term pages to have you agree to usage rules, just like you expect when you connect to a public Wi-Fi. Now here is the problem. They give you internet access but remember you have told your device that this connection is “trusted”. That means your security is probably not going to stop anything it does. So, unless you are using a VPN they can see every website you go to, every username you type/select, every password you enter, every credit card you use, etc….

How would you protect yourself? First, don’t use public Wi-Fi for financial transactions (i.e., don’t pay for something). Using it for surfing the web, watching a video, etc… is relatively safe. Next, really look at the “I agree” pages that come up. Does it have misspelled words, does the URL look like it is from a different website/company, are the details what you expect, etc….and most importantly, do NOT remember and automatically connect to this connection. Especially in a hotel restaurant, coffee house, or lobby, the bad guy will setup up shop and you “trust and remember his connection”. Then at night he/she will walk through the hotel with their device on, checking to see if anyone left their computer, smartphone, tablet on so it will automatically connect when he/she is in range. Now, when you are sleeping, and he/she can access your device without worrying about you noticing anything is happening.

Use a VPN if you can. A virtually private network (VPN) can best be described as your device (when on the internet) is on a highway system (like a car) and there are entrance/exit ramps all the time that go to specific website locations or addresses. When you use a VPN, it creates a tunnel or wall around your device, so none of those ramps are available except for the one you specifically want to use, nobody can drive up beside you and “see in your windows”, nobody can make eye contact with you because they cannot see in the windshield, etc… Sometimes VPNs will prevent a website from working properly (Ex. if you are watching TV via an app from your cable provider they need to know your physical location to be in compliance with various broadcasting agreements because some content it location specific therefore the VPN blocks with information transfer or provides false information that will prevent the website from functioning).

Have antivirus and a firewall installed and active. This will not prevent the bad guys from seeing your data but will help prevent any “care package” of malware they leave behind from working correctly.

Connect with your cellular connection instead of using free/public Wi-Fi. Your cellular connection has some built-in security features, and your phone technology is hardwired to ensure it can ONLY connect to a legitimate connection via cellular signal. Especially when on international travel this may be prohibitively expensive, so weigh the risk vs. benefits before using your cellular connectivity for data.

Use a password or network key protected Wi-Fi that has encryption when possible. Even if it is used by lots of customers, it should be more secure than something accessible to anybody within physical range that can answer the terms with “I agree”. An example of this would be a bed and breakfast that only gives out the Wi-Fi password to paying clients.

Pay attention to your account/device activity. If you start seeing transactions you didn’t authorize, emails sending you didn’t send, etc… make sure you run a “stinger” to check for a malware BEFORE you start using that same device to change passwords. If the bad actor has access as you start changing account passwords, he is going to know the new ones the same way he accessed the original passwords. Give me or some geek you trust a call if this is happening, and make sure you leave the device OFF until you get it checked out. Do this quickly, not days later when you have “time”. The more time they bad guys have access to your accounts, the more damage they can do.

Wire Fraud — How to NOT be a Victim!

Unfortunately, as cashless transactions have become more popular, wire fraud has too….as well as much more sophisticated. Now days, especially with large transactions like purchasing a home, bad guys will hack your email in order to change the wiring instructions.

Best Practices

  • Only send funds to parties you know.
  • Turn OFF near field communications (NFC) on your cell phone. Only turn it on when you specifically want to use it for making a transaction or transfer data phone-to-phone. Do NOT leave it on, especially when you cannot see the screen. Not only will this help with battery life, but it can help prevent acts in public locations.
  • If this is a large wire transfer, pick up the phone and call them directly (not using information they provided, but what you looked up on your own). Verify the instructions with a human being.
  • If this is a 1st time transaction, send a test amount (not an even $1.00), and call the person directly to see if they received it. Once you have it confirmed, make sure they are added to your contacts so you can “select” them in the future. Keep in mind that if a bad actor compromised your computer, he may have changed the saved contact information in your computer/phone.
  • Have firewall and antivirus applications installed on ALL devices that perform financial transactions — including your cell phone.
  • Question emergency or rushed needs for funds. Make sure your friend or family members really are in trouble before you send.
  • Verify in triplicate ANY international funds request.

Allstate has an excellent resource that can help you understand the reality of wire fraud today. What is Wire Fraud? Examples & How to Prevent Them | Allstate

If you have experienced identity theft and know your data is on the dark web, you need to think about locking down your credit and using services like “Life Lock”.

Controlling Notifications and Pop-up Ads

Do you ever wonder why the corner of your computer is constantly flashing with “notifications”?

You have control over what will be interrupting your work. Both in Apple and non-Apple world. For purposes of this posting, I will be using non-Apple examples, but their systems work very similarly.

To start, go to the search field on your taskbar and type “Notifications”. You want to select “Notifications and Actions”. On the pop-up menu, review the settings and make sure that only have turned on stuff that you want to know about. As you scroll down you will see a list of applications typically sorted by most recent. Change the order to name and start going through the list. Most likely you will not have enough time to do them all at one time….so pick a specific letter of the alphabet to stop on a do a few every day. Pretty soon you will be through the list. When you are done, I recommend putting it back to recent order.

You have the option of on or off and if you click the right side chevron you can even be more specific. This does NOT disable the application. It only prevents it from popping up in the corner. Typically, I like email and nothing else to pop in the corner.

The 2nd pop-up source is your internet browsers. If you have more than one, start with whichever one you are using the most. You will have to do this task on each one. Each browser is different, but everyone one of them has a setting for notifications and a list of websites that have permission to disturb you. This is a common tool used by various forms of malware. The most common one is a pop-up that says it is from a popular antivirus program, and you need to click on it to respond to a problem. You are actually not opening your antivirus program on your computer but a website that looks like it, and they are getting you to give them permission to install viruses on your computer disguised as help.

If this is happening, I HIGHLY recommend you have a “geek” help walk you through how to remove the permissions, make sure they didn’t install something, and run a stinger to make sure your computer is safe. This is something I can help with and if you want, I will even walk you through the steps so you don’t have to call me each type it happens. Text, email, call or use the “contact me” on the top right of this website to request my assistance.

Laptop/Desktop/Cell Phone Security

The cyber world is a pretty scary place at times. The reality is that in the USA we are considered a high value targets for various political and financial reasons. Bad guys and gals who write viruses, specifically design them to impact applications and hardware found by USA users. Let me explain some basic threats and how to minimize your risk WITHOUT having to stop using technology.

First – Passwords. If your password is so complicated you cannot remember it, you have to use the “forgot password” feature often, you are using the same password for multiple applications/websites, etc… then what you are doing is NOT working. Here are some basic best practices when making a password.

  • Make it at least 8 characters long
  • Do NOT start with a number or special character
  • Have at least one capital letter and one lower case letter
  • Include numbers and a special character (@, #, $, % ,&, !, ?, etc….)
  • Do NOT reuse passwords on multiple websites/applications
  • Do NOT make it so complicated you cannot remember it
  • Do not have your computer/website “auto remember” your passwords UNLESS you only work in a secured environment (i.e. don’t use multiple computers, not connecting at places via public Wi-Fi like Starbucks or an airport, etc…..).
  • Have someplace you write it done (assuming you are not working for a high-end security situation) that is NOT easily lost, is readily accessible when you are using your computer but not under your keyboard, and not in a file call “passwords” or “really important stuff”.

Ok now I know what you are thinking. That there is NO WAY to follow all those rules. That is not true. Give me a call and I promise you using my “password philosophy” concept I promise you can do all of those without hurting your brain. If you want to use a password manager, do not go cheap. There is NOTHING more frustrating than your manager getting hacked and now everything is compromised or if it is not user-friendly.

Firewalls/Antivirus. If you are running a small business or have financial information (i.e. login to your bank or credit card account), you need to have a firewall and antivirus application. Windows, Android, iPhones, and Macs all have some basic security, but you get what you pay for. The free stuff is not as good as even the very inexpensive major players like McAfee and Norton. You need it installed on all your devices, including your cell phone. Give me a call if you want some help figuring out the best solution that will not break the bank.

Backup. Data storage is cheap. If you do not work in an industry that has special security requirements (ex. HIPAA) you need to select a cloud storage option. Window, Apple, and Android all have various solutions that can run in the background and automatically back up your data. I HIGHLY recommend you check them once a month to make sure they are working. There are viruses and various other reasons that the backup stops working, and you don’t realize you have a problem until you require it (i.e., hard drive crash) and the backup has nothing from the last year. I recommend a reminder on the 1st of the month for checking your backup (1 cell phone and 1 or 2 computers can be done in about 5 minutes). Give me a call and I can get one setup and show you how to “check it”. If you need one with extra security requirements, I can help you find that solution too.

Data Best Practices. You need to store your data in a way that makes it easy to dump old stuff you don’t need once a year, find stuff you use daily quickly, and not be so complicated that someone cannot understand your filing system at a glance. Give me a call and I can help you set up your folders and file names in ways that will keep your head from hurting even when you have a lot of files.