The recent hacking of lockbox access codes highlights the potential vulnerability in online business dealings and underscores the need for heightened security to protect our property, livelihoods and identities.
Immediately following the lockbox breaches, FVREB recommended a series of actions to protect against future threat including resetting your email and Sentrilock© account passwords and avoid using the same password for both accounts; checking your email account to see if emails have been forwarded without your knowledge; and ensuring the phone number and email address associated with your Touchbase account is correct (eMemo #4151).
Protect yourself
The lockbox hackers used “phishing” to help breach security measures. Along with password hacking, these are two of the most widely used methods for criminals to gain access to your personal accounts.
Phishing scams
In a phishing scheme, the attacker poses as someone or something they aren’t to trick the recipient into sharing credentials, clicking a malicious link or opening an attachment that infects the user’s system with malware or a virus. An estimated 90% of ransomware attacks originate from phishing attempts. To avoid becoming a victim of phishing scams:
- Be suspicious of any official looking email message or phone call that asks for personal or financial information.
- Before clicking, know which links are safe and which are not by hovering over the link to see where it directs to.
- Be suspicious of emails or text messages sent to you in general. Note where it came from or if there are grammatical errors.
- Malicious links can come from friends who have been infected too, so be careful!
Password creation tips
Passwords are important in keeping hackers out of your data. When creating passwords consider the following:
- Make it long, this is the most critical factor. Choose nothing shorter than 8 characters, but ideally more if possible.
- Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the stronger your password is, and the harder it is for a brute force attack to crack it.
- Avoid common substitutions, password crackers are aware of the usual substitutions. Whether you use LOCKED or L0CK3D, the brute force attacker will crack it just as easily. Random character placement is much more effective than common substitutions.
- Do not use memorable keyboard paths. Much like the advice above not to use sequential letters and numbers, do not use sequential keyboard paths either, like “qwerty”. These are super easy to guess.
Password management
To avoid reusing the same passwords use a password manager. It can help generate new, strong, random, and unique passwords for all your accounts and stores them for you so you don’t have to worry about remembering them all. Password managers are available to download – some for a small fee, but well worth it. Most can be installed on your computer and phone, so you can always have your passwords with you. Two of the best are Keeper Password Manager & Digital Vault and LastPass.
Mobile Devices
We rely on these devices a lot, but they are susceptible to attack, so make sure you at least follow some basic steps:
- Lock your device with a PIN or password.
- Only install apps from trusted sources (Apple AppStore, Google Play).
- Keep the device’s operating system up to date.
- Do not click on links or attachments from unsolicited emails or texts.
- Use Apple’s Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
We’ll have more tips in future issues of NewsReal — in the meantime, resolve to make cybersecurity a top personal and professional priority in 2022.
FVREB IT Team