CLICK CLACK, YOU’VE BEEN HACKED

Think it won’t hap­pen to you? Don’t be so sure. Be­fore you do an­other thing, do the due dili­gence to pre­vent it.

Fairlady - - CONTENTS - By Anna Rich

How it hap­pens – and how not to be a vic­tim

How many emails like this have landed in your in­box?

Hey, Today’s your chance to get ac­cess to some­thing that’s be­yond GREAT. Once it’s up and run­ning, it’s like you’ll get $7,515.01 made from DO­ING NOTH­ING: Look in­side of there and go to get FREE AC­CESS NOW. Best re­gards, Richelle It was com­plete with a link, which we haven’t shared with you be­cause we un­der­stand the com­pul­sion to do ex­actly what we’re not sup­posed to. But we all know to delete this kind of mail, right? Right?!

But that’s just one way a hacker can in­stall a piece of soft­ware on your com­puter. And if the per­versely named ‘Wan­naCry’ world­wide cy­ber­at­tack ear­lier this year is any­thing to go by, we’re not do­ing enough to pre­vent it.

To re­fresh your mem­ory, in midMarch, more than 230 000 com­put­ers run­ning the Mi­crosoft Win­dows op­er­at­ing sys­tem were in­fected. Huge or­gan­i­sa­tions were hit, among them courier service FedEx, Ger­man rail­way com­pany Deutsche Bahn and Spain’s mo­bile network com­pany Tele­fónica. Surely they should have known bet­ter, es­pe­cially as Mi­crosoft had dis­cov­ered the glitch that the Wan­naCry ‘cryp­toworm’ would later ex­ploit, and had re­leased patches. But clearly most folks ig­nored these se­cu­rity up­dates. Then one day, Wan­naCry vic­tims switched on their com­put­ers to find a de­mand for pay­ment in bit­coin to see their files re­stored.

So how is the ran­somware spread? Usu­ally, it comes your way through at­tach­ments sent with un­so­licited emails, or when you click on a link in an email that’s from a bank – or Richelle. Some­times, it’s from a source that sounds pretty con­vinc­ing. It’s even passed on through the ac­ti­va­tion keys for soft­ware such as Adobe Pho­to­shop or Mi­crosoft Of­fice. An­other way the in­fec­tion spreads, for the more tech-savvy among us, is via peer-to-peer (P2P) fil­ing-shar­ing net­works. Yes, that’s you, if you’re down­load­ing books, mu­sic, movies and games us­ing a P2P soft­ware pro­gram to get these free. To give you a sense of how per­va­sive this prac­tice is, here’s a stat from the So­lu­tions Re­search Group: by Jan­uary 2006, 32 mil­lion Amer­i­cans over the age of 12 had down­loaded at least one movie from the in­ter­net, and 80% of them had done this us­ing P2P. Who hasn’t re­ceived down­loaded mu­sic, movies or se­ries from a techie friend, even if they haven’t done it them­selves? Okay, so every­one, then.

De­pend­ing on its pro­gram­ming, ran­somware can turn the text in your files into gob­bledy­gook or lock your screen. Ran­somware is not the only form of cy­ber­crime – if you have a com­puter and an in­ter­net con­nec­tion, you’re vul­ner­a­ble to hack­ers get­ting hold of your per­sonal in­for­ma­tion to com­mit fraud like get­ting credit or run­ning up bills in your name.

But don’t let this be your prob­lem! Back up your files so you have copies. Down­load from trust­wor­thy sources, and avoid us­ing pub­lic WiFi net­works if you can. Up­date the anti-virus soft­ware on your com­puter. Don’t re­spond to mes­sages ask­ing for money, pass­words or to ver­ify per­sonal in­for­ma­tion – of­ten, a sense of ur­gency is a tell­tale sign. Ever had a mail from a bank telling you some­one has tried to ac­cess your ac­count, and to click on

a link as a safety mea­sure? Noth­ing safe about that. Don’t leave your com­puter un­locked and unat­tended. Think twice about what you share on so­cial me­dia; you don’t want hack­ers to get info they can use. Take care off­line too: shred pa­per­work that con­tains your info. Be­ing lazy about se­cur­ing your info plays right into the hack­ers’ hands. Here’s some fur­ther ad­vice:

Cre­ate a strong pass­word

Set­ting up a pass­word that hack­ers can’t breach is key. Yeah, yeah, we’ve heard all the ad­vice on set­ting up a good one. And since you need so many pass­words – for your phone, bank ac­count, email, on­line shop­ping – it’s tempt­ing to de­fault to words or numbers that are easy to re­mem­ber.

Long means strong: if there are more char­ac­ters in your pass­word, it’s more dif­fi­cult to hack. Mix up­per- and lower-case let­ters, in­ter­sperse them with nu­mer­als and in­clude spe­cial char­ac­ters. Even though words are easy to re­mem­ber, they also make your pass­word eas­ier to hack. Don’t use per­sonal info like your dog’s or child’s name – you might have shared this on so­cial me­dia. And even if you tick off all the point­ers, that’s not good enough. The lat­est sug­ges­tion is that you come up with a passphrase, which strings ran­dom words and char­ac­ters to­gether. LastPass (we’ll get to them in a mo­ment) sug­gests this sort of thing: my dog fi do’ s birth­day is novem­ber 19 or my va­ca­tion2 paris-was in­cred­i­ble. Our IT guys take this a step fur­ther: say you choose a phrase like My first house ad­dress was num­ber 14 Apple Street. Take the first let­ters and numbers as your pass­word – Mfhawn14AS – then add a spe­cial char­ac­ter like @. So you get Mfha@ wn14AS. Bingo! Just don’t share it!

Also, change your pass­word every few months, and don’t use the same one for all pur­poses. Yes, it’s a tall or­der – but there’s an app for that!

Use a pass­word man­ager

So you use the same pass­word to ac­cess your com­puter or in­box for every other ac­count too – imag­ine if you were hacked; that’s an easy pass for the hacker to have his or her wicked way with your life (or money). ‘Ah, but I change a cou­ple of char­ac­ters from one pass­word to the next,’ you say. Sorry, still weak. En­ter the pass­word man­age­ment apps. As the tagline for the LastPass app goes: ‘Just re­mem­ber your mas­ter pass­word and LastPass does the rest.’ You cre­ate one pass­word that’s long, strong, ‘un­crack­able’. The app then cre­ates a unique pass­word for every ac­count you need. If one ac­count is breached, the others are safe.

Then there are the likes of Keeper (paid app but highly rated by re­view­ers and the most down­loaded) and Pass­word Man­ager Vault (paid app, and highly rated) that al­low lo­gins us­ing fin­ger­print recog­ni­tion (Touch ID). The best rated is Pas­si­ble Pass­word Safe Lock, for use on Apple de­vices, deemed ‘the best pass­word man­age­ment app, hands down’ by

Dai­lyTekk magazine, and win­ner of Apple’s Ed­i­tor’s Choice Award. (And it’s avail­able in Afrikaans, no­gal.) A Keeper re­viewer sums up the ben­e­fits of a pass­word man­ager: ‘I used to write down pass­words and kept them in my wal­let – un­til it was stolen! I up­loaded the Keeper ap­pli­ca­tion and since then my life has been less com­pli­cated.’

Set up two-fac­tor iden­ti­fi­ca­tion

In ad­di­tion to a user­name and pass­word, a code is sent to your cell­phone be­fore you can log into your ac­count. So even if some­one knows your pass­word, they won’t be able to do any­thing with it. You’ve prob­a­bly been us­ing a form of it if you buy on­line, as most banks now re­quire you to key in a one-off pin they send via your phone.

Yes, it’s a bit of a schlep to set up, but it’s not half as much of a schlep as be­ing hacked. Choose from Google Authen­ti­ca­tor, Authy, LastPass Authen­ti­ca­tor – all free.

Here’s a use­ful tip for Face­book too: it has a sys­tem called Lo­gin Ap­provals that func­tions along these lines: go to Set­tings, then Se­cu­rity, then click Edit next to Lo­gin Ap­provals, then En­able.

Play it safe!

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.