Local Cyber Security Pro Protects Us From Hackers

We hear all the time about hacking and hackers these days, but not a whole lot about how to defend ourselves. Luckily, be brought in Jeremy Hoffmann, Cyber Security Program Chair @ DMACC. His background is extensive and he has helped train agents with the NSA, CIA, DOD, DOJ and FBI. We asked him how to protect yourself from hackers.

Hoffmann discussed a lot of various tactics hackers will use to gain access to your personal data. The most prevalent being phishing or spear phishing. Phishing is when a hacker will send you an email that looks completely legitimate in every way. The sender will appear to be from your friend, and they may even use personal info about you, but it's a trap. Clicking on a link they send can be catastrophic unless you know what to look for.

It's always important to hover over any links without clicking to determine if the website it directs to is safe. It's also important to read the web address or URL carefully to make sure it's a legitimate address. The easiest way, however, is to call or text your friend to make sure they sent you something to download.

The one thing he recommended we all do right now, is to turn on Two-factor authentication on any website we use that has the option. Google and Gmail, Facebook and many other sites are examples of companies that use two-factor authentication. This is a great way to protect yourself from hackers.

He also recommends using password services that can help you keep track of your passwords. Services like LastPass help you organize and store all your passwords, allowing you to increase the complexity, but not have to remember all your passwords. All you need to remember is one password to log in to the service. 

Hoffman's information on the subject was so vast, we couldn't possibly fit everything into the time we had with him, so we wanted to make sure WHO Radio listeners were made aware of his best practices and ways to stay safe online. We have posted those below.

Listen to the interview with Jeremy Hoffmann

Top 10 list of things to protect yourself from hackers:

1. Enable 2-factor authentication for all online accounts if available.
2. Do not use Google or Facebook logins to login to other sites.
3. Keep all passwords different and keep a running log of all the sites you have accounts with.
4. Keep all internet connected systems up to date and the firmware (if available) updated as well. This includes, but not limited to: Alexa devices (TVs, speakers, Echos, etc), Apple devices, Google devices, and any lights, cameras, door locks, etc.
5. Check your credit information and freeze all accounts if you don’t need immediate credit. Do this for all family members including young children with SSN ID’s. This will help mitigate the chance of getting identity theft for you and especially your kids. *Note: If you were affected by the Equifax breach, and are considering using LifeLock, please be aware they are owned by Equifax. If you feel you can trust this company, please use their service, if not, there are other options. 
6. Don’t post vacations or outings on social media until after you have returned. This is extremely important for keeping your home secure while you are away and help protect yourself from hackers. 
7. Disable geo-tagging on your devices. (You will need to search how to do this for your specific device.) This will stop putting location tags on your photos and files that you post.
8. Do not fill out online surveys that offer gift cards or drawings or prizes. These are types of phishing scams which will get your personal data and, in most cases, answers to secret questions to recover a forgotten password. Examples of this are: Facebook quizzes that ask you to name a street you grew up on and your pets name and your favorite book to get a funny name jumble, then post in the comments. This means users will post significant data for password recovery questions and the attacker can easily get your password recovered. (This is also why 2-factor authentication is important!)
9. Remove unused accounts. If you have accounts you haven’t used in years, remove them. Attackers can do targeted attacks and gain personal identifying information (PII) about you from old accounts. This includes old rental property accounts, old email accounts, old business sites, past jobs, accounts where you used your business email for an account. (This is why it is key to keeping track of all accounts you create and get in the habit of documenting all sites and user information. Controlling this information will help protect yourself from hackers.)
10. Don’t blindly click on links and sites, hover over the link and verify that it is going to where you think it should go. If it has numbers instead of a site name, don’t click it. Example: If the link says you need to update your Verizon account information because your account has been locked for suspicious activity. Hover over the link and see that it says something like: https://accounts.verizon.com/ and not http://179.128.43.211/Accounts 

This list courtesy of Jeremy Hoffmann, Cyber Security Program Chair at DMACC

Useful weblinks to protect yourself from hackers.:

1. Mailinator is a great site to use throw away mailboxes. You can’t send anything, and the mail is only kept for a short number of days before it is gone from the systems. If you have a site that wants you to enter an email address to get a discount, you can use a mailinator account to verify it is a working email and get the code for the discount without having to give your personal email. It is very easy to do and very easy to check the inbox once you have used the email address. 
2. Have I Been PWNED is an easy way to check if your email address has been leaked as part of a breach and which breach was the cause. 
3. LastPass Password Manager is the most widely used site for password/site list management. There are other sites, just look at where they are based and read reviews on the security.
4. DuckDuckGo is a search engine site where you can look up things on the internet. (Think of Bing or Google.) The main draw to this site is it keeps your browsing private and doesn’t market things to you based on your search history. It is available for almost every browser as a search engine option and they donate money to opensource communities who help build a safer internet. 
5. Sonarwhal is for those who have their own website or ecommerce sites. This is a simple scanner that will take your webpage (or any) and give you feedback on what is vulnerable and what should be fixed to protect yourself from hackers. There are different categories where Critical is a required fix, Warning is something that isn’t critical at the moment, but should be on the fix list, and Errors; these are things that the scanner has issues with getting to work correctly or they could be errors found in your site, a little further digging is required for this alert.  

This list courtesy of Jeremy Hoffmann, Cyber Security Program Chair at DMACC.

Sign Up For Classes on Cyber Security

If you want to learn more about Cyber Security and how to protect yourself from hackers, or you want to take some courses at DMACC and become a pro, please visit their website. They are taking new students for the cyber program starting this fall 2018!