Category: Cyber-Security

Staying Safe Online – May 6, 2020

Password Managers
Password managers work by storing all of your passwords in a database, which is sometimes called a vault. The password manager encrypts the vault’s contents and protects it with a master password that only you know. When you need your passwords, such as to log in to your online bank or email account, you simply type your master password into your password manager to unlock the vault. The password manager will automatically retrieve the correct password and securely log you in to the website. You no longer have to remember your passwords or manually log in to your accounts.
In addition, most password managers include the ability to automatically synchronize across multiple devices. This way, when you update a password on your laptop, those changes are synchronized to all your other devices. Finally, most password managers detect when you’re attempting to create a new online account or update the password for an existing account, and they automatically update the vault for you.
It’s critical that the master password you use to protect the password manager is long and unique. In fact, we recommend you make your master password a passphrase – a long password made up of multiple words or phrases. If your password manager supports two-step verification, use that for your master password as well. Finally, be sure you remember your master passphrase. If you forget it, you will not be able to access any of your other passwords.
There are many password managers to choose from. When trying to find the one that’s best for you, keep the following in mind:
Your password manager should be simple to use. If you find the solution too complex to understand, find a different one that better fits your style and expertise.
The password manager should work on all devices you need to use passwords on. It should also be easy to keep your passwords synchronized across all your devices.
Use only well-known and trusted password managers. Be wary of products that have not been around for a long time or have little or no community feedback. Cybercriminals can create fake password managers to steal your information. Also, be very suspicious of vendors that promote they developed their own encryption solution.
Avoid any password manager that claims to be able to recover your master password for you. This means they know your master password, which exposes you to too much risk.
Make sure whatever solution you choose, the vendor continues to actively update and patch the password manager, and be especially sure you are always using the most recent version.
The password manager should give you the option of storing other sensitive data, such as the answers to your secret security questions, credit card information, and frequent flier numbers.
Consider writing your master passphrase in a sealed envelope and storing it in a locked cabinet, physical safe, or lockbox.
Password managers are a great way to securely store all your passwords and other sensitive data, such as credit card numbers.
However, make sure to use a unique, strong master passphrase and always use the latest version of whichever solution you choose.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – April 8, 2020

Digital spring cleaning
Most of us are so looking forward to spring! The landscape starts to take shape, flowers start to bloom, and, for many, there’s a desire to spring clean. While it might be easy to see the need to purge and tidy up, realizing the need to also digitally declutter isn’t so apparent. Here are some quick tips to get your digital life in order and establish new digital habits:
BACKUPS: We listed this step first because, in the long run, it’s one of the most important and a step you want to take before moving on to the others. No matter how safe or secure you are, at some point, you will most likely need backups to recover your important information. Reasons can include having a hard drive fail, losing a device, and becoming infected with malware such as ransomware. Creating and scheduling automatic backups ensures you can recover your most important information.
DELETE: Delete any unused programs or apps on your mobile devices and computers. Some apps require large amounts of storage, can introduce new vulnerabilities, and may even slow things down. The fewer apps you have, the more secure your system and your information. Many devices show you how long it has been since you’ve used an app – if it has been more than a few months, chances are you don’t need the app!
UPDATE: Update all of the devices and apps you do have, and enable automatic updating whenever possible. This way, your devices and apps stay current, not only ensuring they run faster but making it much harder for anyone to hack into them.
PASSWORDS: Review your passwords. If you are using the same passwords for multiple accounts, change them so each account has a unique password. Can’t remember all your unique passwords? Consider using a password manager. Finally, enable two-factor authentication (2FA) whenever possible, especially for any email or financial accounts.
FINANCIAL ACCOUNTS: Make sure your bank accounts, credit card accounts, and retirement accounts are configured to alert you whenever a transaction is made, especially for large purchases or money transfers. The sooner you spot fraudulent activity, the sooner you can stop it.
BROWSER: Review any and all add-ons or plugins installed in your browser. Review the permission settings; do the plugins really need access to your location, passwords, or contact lists? If you are no longer using certain plugins, or have privacy concerns about them, delete them.
SOCIAL MEDIA: Check out your online presence and own it. Review your privacy settings and delete any photos and videos that are no longer accessed or needed. You can also search for yourself on a search engine and see what information is out there about you. Remember, it’s fine to limit how much information you share, and even with whom you choose to share it with.
DESK: Clean out your desk drawer, wipe any old hard drives and USBs, and perhaps even destroy any sticky notes with too much information. Consider investing in a document shredder if you don’t have one.
EMAIL: Perform an email file purge, delete what you don’t need, and organize what you do. Pay particular attention to any sensitive documents, such as those with your date of birth or Social Security number, and get those out of your inbox!
While this may appear to be a daunting task, rest assured your devices and information will be far more protected. If this seems like a lot to do, consider choosing just a few items, or try to check off one item per day or week. Every little step goes a long way in protecting you.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – March 4, 2020

Social media privacy
Most people would never consider walking into a crowded room and loudly broadcasting to total strangers all the details of their private life – from their health issues to their family and friends’ names, ages, jobs, or school locations. But often these same individuals won’t think twice about posting that same information on social media. The ramifications of sharing too much can have an impact not only on your personal and professional life but also the lives of your family and friends.
Social media is a great place to reconnect, share, and learn. However, just ensuring that your social media privacy settings are strong isn’t the only way to protect yourself. Once you post anything online, you have lost control of it. You need to understand what is being collected and how it is being used. Here are some privacy concerns you should have when using social media:
Privacy Settings: Carefully create and frequently review privacy settings for all of your social media accounts, especially when changes in terms of service and privacy policies take place. Remember that even if you have secured your settings for who can view your postings, all of your information is being collected, mined, and stored on the social media platform servers – perhaps forever.
Privacy Tree: Social media settings can’t protect you from friends, relatives, and co-workers who view your postings and then have the ability to share those postings with their circle of friends and so on.
Family Sharing: Everyone loves to talk about their friends and family. But posting silly birthday cake pictures or health and behavior problems can lead to bullying, especially for those who are younger, and could impact their personal lives.
Information Sharing: If a service is “free,” then you are the product. Investigations have found that what you are doing online may be sold to others.
Location Services: Check-in data can be added to other personal data to create a profile of your life and habits, which can lead to stalking and open you to other harassing events. In addition, be aware of any location information included in any pictures or videos you post.
Artificial Intelligence: AI, social media, and marketing are the perfect combination. Marketers now use information gathered from your habits online to feed you ads focused on your last search or purchase, and thereby continue to learn even more about you.
Digital Death: When a person dies, their online presence becomes more vulnerable to malicious individuals if their accounts aren’t being maintained or eliminated by their survivors. The privacy of an individual is not just about that person alone; it also can impact extended family and friends.
Unintentional Disclosure: The information you post about yourself may reveal much of your personal history, and thus the answers to your online secret security questions.
Privacy is far more than just setting the privacy options in your social media accounts. The more information you share, and the more others share about you, the more information that is collected and used by corporations, governments, and others. One of the best ways to protect yourself is to consider and limit what you share and what others share about you, regardless of the privacy options you use.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – February 5, 2020

Digital Inheritance
Have you ever thought about the uncomfortable question, “What happens to our digital presence when we die or become incapacitated?” Many of us have or know we should have a will and checklists of what loved ones need to know in the event of our passing. But what about all of our digital data and online accounts? Should we consider some type of digital will? Should we create a “digital inheritance” plan?
Think about your digital presence. Bank and retirement accounts, home mortgages, family photos and videos, smart home accounts, email, and social media are just some of the many examples that make up our digital footprint. In the event of your death or the death of a close family member, family and loved ones may need prompt access to those accounts or data. In addition, legacy data and online accounts left behind could become vulnerable over time to hackers, thus placing family and friends at risk.
Creating a Plan. It is a good idea to discuss your desires with your trusted family or friends, like other end-of-life details. In addition to having these conversations, take inventory and document your digital assets and online accounts. If you do not provide access to your accounts after you die, it can be very difficult for family members to access or close them. For example, would you want your family members to be locked out of all those years of family photos and videos you have stored online?
One idea is to document your online presences in a password manager. This is a program that securely stores all your logins and passwords, credit cards, and other sensitive information. It’s designed to make creating, storing, and accessing passwords and security questions vastly simpler. In many ways, this is a powerful tool to catalog your digital presence. With many password managers you can even configure them to share all or certain passwords with other trusted family members. If you are uncomfortable with that, document access to your password manager and seal that in an envelope; then have that sealed envelope opened after your passing by an executor or trusted family member. This way, they will have access to your password manager and be able to access your accounts and information stored in there.
In addition, some sites provide the option to identify legacy or trusted contacts. Facebook, for example, allows participants to determine in advance if they would like their account deleted or memorialized after passing. Memorializing creates a space that’s only visible to existing friends, where memories can be shared. Finally, you may want to consider dealing with a lawyer or estate planner who specializes in digital inheritance.
Inheriting Digital Assets. You may find yourself in the situation where you have to recover or access the online accounts of a recently deceased friend or family member. We recommend you first coordinate with a lawyer and other family members before taking action. Other family members could quickly become upset if they see you taking action without consulting them first. Then start with identifying any passwords you can find. Did the family member write them down or store them anywhere? If that is not an option, can you access any computers or mobile devices they used and are still logged into? If not, you most likely will have to reach out to each site for access to the deceased member’s account. This often includes having to provide both a death certificate and proof you are directly related to the family member. In some cases, you will not be able to access the account or data stored in the account but only delete it. Every site handles these situations differently, which can be a time-consuming process.
In today’s digital world, we should not only consider physical assets but also digital assets in our future estate planning.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – January 1, 2020

Messaging/smishing attacks
One of the most common ways cyber attackers attempt to trick or fool people is by scamming you in email attacks (often called phishing) or try to trick you with phone calls. However, as technology continues to advance bad guys are always trying new methods, to include tricking you with messaging technologies such as text messaging, iMessage/Facetime, WhatsApp, Slack or Skype. Here are some simple steps to protect yourself and spot/stop these common attacks.
What are messaging attacks? Messaging attacks (sometimes called Smishing, a play on the word Phishing) are when cyber attackers use SMS, texting or messaging technologies to reach out to you and try to trick you into taking an action you should not take. Perhaps they want to fool you into clicking on a malicious link, or get you to call a phone number so they can get your banking information.
Just like in traditional phishing email attacks, bad guys often play on your emotions to act. However, what makes messaging attacks so dangerous is that they often feel far more informal or personal than email, making it more likely you may fall victim.
In addition, with messaging attacks there is less information and fewer clues for you to pick up on that something is wrong or suspicious. When you receive a message that seems odd or suspicious, start by asking yourself does this message make sense, why am I receiving it? Here are some of the most common clues of an attack:
A tremendous sense of urgency, when someone is attempting to rush you into taking an action.
Is this message asking for personal information, passwords or other sensitive information they should not have access to?
Does the message sound too good to be true? No, you did not win the lottery, especially one you never entered.
A message that appears to come from a co-worker or friend’s account or phone number, but the wording does not sound like them. Their account may have been compromised and taken over by an attacker, or the attacker is pretending to be them, tricking you into taking action.
If you get a message that makes you have a strong reaction, wait a moment and give yourself a chance to calm yourself and think it through before you respond. For example, if you get a text message from your bank saying there is a problem with your bank account or credit card, contact your bank or credit card company directly by phone. Bear in mind that most government agencies, such as tax or law enforcement agencies, won’t contact you via text message.
When it comes to messaging attacks, you are your own best defense.


Forgot Password?

Join Us