Cybersecurity and You (Pt. 2)

In Part 1 of this series, we discussed some current general internet statistics and how they show us why we, as users, need stronger security practices as well as a better understanding of how best to protect ourselves against the growing number of threats out there.  We also discussed good password management practices and how best to avoid common pitfalls that create weak passwords.

In this segment, I want to discuss some of the common threats that exist out there and how you can best protect yourself from and avoid them.

Problem: Malware
The first thing I want to discuss is Malware. Malware is essentially any malicious program created by some intended to do harm to you, your computer, and/or your data. Many times it is intended to steal your data for identity theft purposes.

The most common types of malware are things that you’ve probably heard of such as viruses or worms.  Other, more malicious forms include things like ransomware.

Ransomware is malicious software that once it infects your computer, it encrypts all of your files keeping you from accessing them. A message will then display on your screen essentially extorting you for money if you want to get your files back. Some people pay and some don’t.  Regardless, the damage is done and some businesses never recover after one of these infections.  You may recall an attack in the new recently about “WannaCry”.  This is one of the most recent and worst examples of this type of attack that we have seen.

Solution: Defense and DON’T OPEN/DON’T CLICK strategy
So how do you prevent these things from happening to you?  To answer that, we have to look at that the most common way that malware infects computers.  Statistics show us that 91% of all these infections come through some sort of PHISHING attack.

What is PHISHING? Well, it is officially defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”  They can also be used to infect your computer via bad file attachments or links to infected websites.

So the simplest solution here is to pay close attention to the emails that you open.  The best rule is DO NOT open ANYTHING that is from someone you do not know or that you are not expecting.  Along with that, if it looks fishy (or PHISHY), delete it.  The biggest thing to pay attention to here is that with a stat like 91% you can see that if you’re going to get an infection of some kind, it will more than likely come via email.

Of course, another important solution is to protect your computer/equipment with anti-virus/anti-malware software or these days referred more to as security protection suites.  Having some sort of protection on your machine like this will also go a long way in preventing or helping to prevent your data from being compromised by these malicious programs.

Problem: Social Engineering
When I speak to audiences, I make sure to talk a little about social engineering.  One of my friends once put in the form of a trick question.  What is the least secure operating system?  The answer is the Human Operating System.  US.  We are the weakest link for malicious parties to exploit.  I define Social Engineering as “hacking the human OS (Operating System)”.

It is basically is the oldest trick in the book.  It’s the con game.  It’s the selling of snake oil.  There are a lot of ways these malicious parties attempt to get your information.  They will do anything from stage fraudulent phone calls posing as a representative of a company with which you do business to PHISHING email campaigns.  That’s right, PHISHING that we just discussed is another form of social engineering.

Regardless of the method, social engineering has one goal, to do you harm in a way that also benefits the person initiating it.  Whether they are attempting to steal your personal data or infect your computer, their ultimate goal is financial gain at your expense.

Solution: Be wary.  When in doubt, don’t give out your information.
The best thing you can do in any situation is to trust your gut.  If something feels wrong, it most likely is. Whether in email, on the phone, or even in person, trust that feeling inside that says, “I really don’t feel right giving any information to this person.”  I’ve been known to ask very pointed questions on that phone that either get good answers or make the person hang up.  The hang ups are obviously people who realize I’m more in tune with their intentions than they expected, so they move on to the next target.  Remember that these people are looking for the easy game, so when they meet resistance, it’s easier for them to just move on.

So, ask questions.  Ask them why they need your full social security number, or why they need you to give them your password.  These types of questions are not ones typically asked by legitimate businesses.  They should already have the data and not need you to provide it, especially if they called you.  Also, watch for lack of professionalism.  Some of these people will get belligerent when you question their need for information.

I know this has been a bit of a long post, but I wanted to get you as much information for your own protection as possible.  Be cautious and protect yourself the best you can.  Equip yourself with knowledge and tools to keep you, your business, and your family safe from these ever-increasing dangers online.  As aways, we at Cyber Watchtower are here if you need us.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Cyber Watchtower Turns ONE!

Here at Cyber Watchtower, we are excited to be celebrating a full year of protecting our customers with our suite of cybersecurity services.

One year ago, we set out with a goal to provide a comprehensive collection of full-service cybersecurity protection options for individuals, families, and companies.  We are a team made up of people who not only understand cybersecurity but we also see the overwhelming need for everyone to have some level of protection and education when it comes staying safe online.  Our services focus on total online security and range from password management to cyberbullying protection.

We started by researching and testing product after product in order to figure out what was out there that would provide the best protection and monitoring for our potential customers.

Several months later we began engaging a small group of individuals to test the services that we had chosen.  This WONDERFUL group of people has really helped to shape our services as we’ve gone through some changes, growth, bumps, and bruises.  I cannot thank these, our test users, enough for all they have done for us.  THANK YOU! THANK YOU!

Starting at the beginning of 2017 we went full bore into service mode and now have a steadily growing client base.  We are constantly working to improve and expand our services to make sure that we keep all of existing and future clients protected from the dangers online.

Today our current services are:

  • Password Management
  • Social Media Monitoring
  • Web Presence Monitoring
  • Web Filtering
  • Device Management
For a full description of all of our services visit our Services page.

If you are one of our current customers, thank you for your business and we promise that we will continue to provide you the best support and protection possible.  If you are not out customer, we truly hope you are doing your best to stay safe online, but we’d love the opportunity to help you ensure that you and your family or business are staying as safe as possible.

As we here at Cyber Watchtower love to say . . .
Stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Who are you?

Even after all I have seen I am still amazed at how oblivious and trusting people can be.  Don’t get me wrong, I very much appreciate people trusting me, especially when it works in my favor.

Recently I was back in my home town which is a rather small place.  I need to set up a new PO Box for myself so I went to the local Post Office and filled out the application.  It is a relatively easy process but does require two forms of ID, one with a picture and one without.  I used my driver’s license and my car insurance.  The person working the counter did not know me but did know my mother.  I mentioned that and all of a sudden, I did not need to actually show my forms of ID.  I did list them on the application, but the person behind the counter did not even look at them.

I’m not complaining and I understand how small towns work.  I lived in one for a very long time.  I was still very shocked that my IDs were not even given a quick glance.

You may be asking, “Why is the Cyber Security guy blogging about this?”  The reason is simple.  Regardless of all that we do to protect ourselves online, people still miss the ever so simple, low-tech things that malicious people do to steal identities and get away with a crime.  Opening a PO Box in someone else’s name is one of the first things someone can do to establish a new and/or fake identity.

In this case, I know that the person at the Post Office was trying to be helpful and speed things along for my sake.  I know that it was done out of kindness and not apathy or anything like that.  What is disconcerting is the complacency that rampant in our society regardless of everything in the news.

My advice to those of you who work in any field where it may be part of your job to verify ID is to please do so.  I’m begging you from the perspective of a security professional, a consumer, and just a member of society.  Don’t make it easy for the bad guys to steal someone else’s identity.

My advice to everyone is to be careful.  Always be on the lookout for these types of situations.  I’m the kind of person who is thankful for the clerk at the department store who actually looks at my ID, then looks at me, then verifies the ID matches the credit card I am trying to use.  Why? Simple! I appreciate someone looking out for my wellbeing especially when it doesn’t take long to do.

So the next time you call customer support to someplace and they ask you questions to verify your identity, don’t get frustrated.  Be glad they have such procedures in place for your protection.  Also, if you are reading this and you are like me, spread the word to your friends and family.  Let’s all work together to help take the easy things away from those criminals and other malicious people out there who don’t care about our well being.

As always, stay connected but stay protected.

Austin Bynum
Chief Watchman
Cyber Watchtower