For my non-poetic day job, I recently had the fortunate enough opportunity to attend a “Cyber Security” seminar from my “Cyber Security” insurance brokers. While I didn’t have enough time to stay for the panel presentations of insurance brokers and lawyers, what I was really interested in hearing was the presentation by Michael Bazzell of Computer Crime Info.
During the highly entertaining, 90 minute presentation, Mr. Bazzell open up my eyes of my own digital security. Surely I was thinking company is pretty well protected with our systems, two-factor authentication (I’ll talk about that more here in a second) and secure wireless networks (for both the company and our guests), but what about my personal data? Many of the items that Michael discussed, I had been before aware, but the live-hacking demonstrations (in a controlled environment) was really where I began to question my own personal practices.
In fact, even as I type this post, I am no longer on the xfinity Free Wi-Fi, instead I am hotspotting to my iPhone, which is now a secure connection since I am using cellular service, versus the open internet. It was amazing to watch on Norse, live-attacks on computer systems around the World as well as the types of targets being attacked and the origins of the attacks. So if you think that your systems are vulnerable, guess what. They are not. Just take a look at the screen shot below, which I just took a few minutes ago.
As we moved into the heart of Michael’s presentation, there were great tips for the following 7 items to better digital protect yourself; however, we should all expect that at some point, we’ll all be hacked or digitally compromised:
- Strong passwords: The longer the better and if you can use special characters, you will be doing great. Don’t use the same password for all types of accounts. Perhaps change email versus financial accounts, etc.
- Good security questions: Make up answers to your security questions that only you would know where answers about you can’t be found on social networking sites, public birth certificate databases, etc.
- Secure computers: Eliminate the need to go on free WiFi hotspots, instead try to use a personal hotspot for your phone. Only connect on secure WiFi networks.
- Two-factor authentication: Google and Twitter, as well as a myriad of sites, allow you to log-in to your account, but then you will get a text to your phone to input to get you into your account. Might take an extra 10 seconds total, but the only way for the bad guys to get into your account is if they know your password and they have your phone.
- Improved email habits: Avoid the email phishing scams, by hovering over links to make sure they actually appear legitimate; however, be warned there are sites that allow you to send an email from anyone in the world (even though it isn’t them). We watched a scary example of how someone could be duped easily.
- Defensive behavior: Assume that anyone that is asking for you to give any personal information in an electronic form is not who they say they are. If you take this approach, you can potentially be a bit safer.
- Guarded social network profiles: One of the easiest way for the cyber criminals to “socially engineer” your questions, family members, schools where you attended, kids nicknames, etc. Don’t tie your social networking accounts to your work email, instead create a dump email account on Gmail or another service.
After the presentation ended, I already began to change many of my digital security habits and digitally protect myself. I would highly urge you to take a look at the website, Have I been pwned? to you if you have already been compromised in any of the database hacks of emails. I know when I checked my personal account, I was a victim of the Adobe hack. Perhaps you have been too, check it out, I’d urge you.
About The Presenter: Michael Bazzell spent 18 years as a government computer crime investigator. During the majority of that time, he was assigned to the FBI’s Cyber Crimes Task Force where he focused on “Hackers” and various computer crime investigations. As an active investigator for multiple organizations, he has been involved in numerous high-tech criminal investigations including online child solicitation, child abduction, kidnapping, cold-case homicide, terrorist threats, and high level computer intrusions. He has trained thousands of individuals employed by state and federal agencies, as well as the private sector, in the use of his investigative techniques. He has also taught several college courses including Ethical Hacking, Computer Forensics, and Computer Crime Investigation.
His previous books, “Open Source Intelligence Techniques” and “Hiding from the Internet”, have been top sellers in both the United States and Europe. They are used by several government agencies as training manuals for intelligence gathering and securing personal information.