Subscribe to RSS - passphrase

passphrase

Weak passwords and ransomware infections go hand-in-hand

 - 
Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

9 tips to stay cyber safe while traveling

 - 
Wednesday, October 9, 2019

As October presents itself in terms of pumpkin-spiced “everything,” cooler temps, colorful leaves, National Cyber Security Awareness Month (NCSAM) (ICYMI – we are 2019 Champions) and the announcement of SecurityNext’s program, Fall is a whirlwind of excitement! This time of year also reminds me of the extensive travel that takes place to family and friends’ homes for holiday gatherings, industry conferences and other work trips, vacations and the like. And, since the world is so hyper-connected, it is critical and crucial that everyone plans for and takes cybersecurity action when traveling. 

Based on information provided by National Initiative for Cybersecurity Careers and Studies (NICCS), an online resource for cybersecurity training that connects government employees, students, educators and industry with cybersecurity training providers throughout the nation, as well as the Department of Homeland Security, and in honor of our SecurityNext conference, February 9-11, 2020 at the Royal Sonesta in NOLA, and NCSAM, here are some tips to keep yourself, family and friends safe before and during travel:

Before Travel

Update mobile software. Keep the operating system software, web browsers and apps updated will improve your device’s ability to defend against malware. Sign up for and/or turn on automatic updates; set security software to run regular scans; and use anti-virus software.

Back up information. Put contacts, financial data, photos, videos and other mobile data onto another device or external hard drive, or in the cloud. 

Keep devices under lock (and key). Lock your device when you’re not using it; it only takes a few minutes for someone to steal/destroy your data. Set devices to automatically lock after a short time; use strong PINs and passwords. (This is a cool video from HABITU8 for establishing passphrases!) 

Double your login protection. Enable multi-factor authentication (MFA) for email, banking, social media and other services that require logging in. Enable MFA on trusted mobile devices, an authenticator app or a secure token (a small physical device that you can hook onto your key ring, for example.) 

During Travel

No auto-connecting. Disable remote connectivity and Bluetooth to prevent wirelessly connecting automatically to other devices — headphones, automobile infotainment systems, etc. Be choosey when deciding which wireless and Bluetooth networks to connect to. 

Think before connecting. Before connecting to any public wireless hotspot, confirm the network name and exact login procedures with appropriate staff. Your personal hotspot is usually a safer alternative to free Wi-Fi, and only use sites that begin with “https://”.

Play hard to get with strangers. If an email looks “phishy,” do not respond or click on any links or attachments. Use the “junk” or “block” option to no longer receive messages from the sender. 

Never click and tell. Limit the type of information shared on social media and other online places. Keep your full name, address, birthday and vacation plans private, and disable location services. Before posting pictures, make sure there is nothing in it to identify your location such as an address on a building, a street sign, the name of a business, etc. 

Physically guard mobile devices. Never leave devices or components, such as USBs or external hard drives, alone and keep them secured in taxis, at airports, on airplanes and in hotel rooms, lock them up in the commonly provided safe if you don’t want to lug them around with you.