Business

WHAT'S YOUR RISK

Nine things you're doing that open the door to hackers
Jeanne Davant
1.11.23
News  /  Business

Rodney Gullatte Jr., president of Firma IT Solutions

Forrest Senti recently got a text from his wife’s grandmother asking him if a website she was interested in was real. 

Senti, vice president for programs and operations at the National Cybersecurity Center, checked it out and found that the site, which was offering products at extremely low prices, was a fake.

“They were going to scam her” by promising a generator for $30 that should have been $1,000, he says. 

Senti used the occasion as a teaching moment, telling his wife’s grandmother to look for SSL security certification, indicated by HTTPS at the beginning of the URL and a padlock icon in the address bar. He also advised her to use well-known, verified payment processing systems like Shop Pay, Amazon Pay, Stripe or PayPal.

“I educate my mother all the time, too,” he says.

Fake websites are just one way that scammers can separate you from your money, and the first line of defense is knowledge, Senti says.

Cybercrime is increasing every year, and cyber criminals are getting more sophisticated. While businesses where hackers can grab lots of money or data are most likely to be attacked, “it’s not just a big corporate thing — anyone can be targeted,” says Mike Crandall, CEO of cyber risk management firm Digital Beachhead.

Hackers can sneak into your home computer through phishing and can also access your home network through smart devices including TVs, refrigerators, cameras — even Google Home and Amazon Alexa. Once there, they can get hold of confidential data like your tax returns, banking information and email.

Crandall suggests that parents have conversations with their kids about security and develop family guidelines to limit risk.

Everyone on your network should be aware of actions that can open the door to hackers, says Rodney Gullatte Jr., CEO of Firma IT Solutions and Services.

“Be aware of the environment you’re living in,” he says. “If you’ve got Alexa in your house, if you have an iPhone on your person, if you’re wearing an Apple watch, they’re always listening, even when you turn them off.”

What not to do

It’s thoughtless or habitual actions that get home device users into trouble, along with failure to take basic cybersecurity measures. Here are some of the most common:

  • Using the same passwords across online accounts. Passwords should be unique, and you should turn on two-factor authentication whenever you have that option, Gullatte says. Senti suggests that passwords should be 10-14 characters long and strongly recommends that people use a password manager like LastPass, 1Password or Dashlane. “LastPass itself doesn’t have access to your passwords,” Senti says. “So even if LastPass were to be compromised — which it has been, hackers couldn’t get to that information because of the way it’s stored.”
  • Not changing the default passwords on devices like your Ring camera, or not updating firmware that contains security protections for your smart refrigerator. Some devices are set to do updates automatically, but others, like smart TVs, are not — they require you to go into your settings and enable auto updates. Gullatte suggests that people check all their connected devices for auto update settings.
  • Hopping on social media fads like posts that invite you to download an app that alters selfie photos. Gullatte came across an app that makes your face look like a sketch. “It was owned by Russians, and there’s an option for them to have access to your entire camera roll,” he says. “Don’t do that to yourself.”
  • Sending money to people you don’t know. “Somebody reading this article is caught up in a relationship with somebody that they’ve never met,” Gullatte says. “It seems real. As adults, we have hearts, and hackers don’t care — they’ll go after your heart, and they will exploit that to further their agenda and make money.”
  • Responding to phishing emails. Most people think they’ll never fall victim to spam emails, “but they’ve gotten a lot better than the prince in Africa who’s trying to send you $10 million,” Crandall says. Look closely at domain names, he recommends; hackers may have purchased a domain name that appears familiar at a glance but has one letter changed. Also, check for links and attachments. “I would never click an attachment from someone I don’t know or I’m not expecting,” he says. With links, “always go to the source. Never click the link in the email.” If you’re suspicious about a link in an email, “you can change it to plain text,” he says. That will show you the actual source URL.
  • Making purchases directly from social media posts. “If you see a product you like, open up a browser and find it on the website directly,” Crandall says. “The social media sites are not responsible for protecting their advertising. It could be a faulty site; it could be a poached purse, not a Coach purse.”
  • Not reading terms of agreement. Most of the time, you’re agreeing to data sharing or gathering — but you may be consenting to active listening by your device. You should be aware of what your device is doing and how your data is being used, Crandall says.
  • Not going with trusted devices — cameras, speakers and other devices sold by established vendors. Research has shown that cheap knockoffs like security cameras made in foreign countries may have the ability to reach out into your network, access other devices and gather information, Senti says. “It’s rare, but it happens,” he says.
  • Performing confidential transactions on open networks at your local coffee shop or bar. “Using unsecured Wi-Fi is a big deal,” Senti says. “You don’t know how your data is being used. You don’t know where your data is being stored. Most people have hotspots available on their phones. I tell people to use hotspots when they’re outside of their home.”

How to protect yourself

  • Separate home and business accounts. Keep home and business emails separate and don’t forward business emails to your home computer. “If the company you’re working for is asking you to use your own computer to do work for them, you need to decline that,” Gullatte says. “That exposes your company data to breaches that don’t need to happen, and in essence, your computer becomes their property in a legal situation. The safest thing to do is to create separate networks for business activities and home use, Senti says. “Your internet service provider could help you with that. The alternative would be to make sure their employer has a VPN [Virtual Private Network] that can remove some of the risk,” he says.
  • Use a backup system. “Carbonite.com is great,” Gullatte says. “You just install it, pay your annual fee and just let it run, and your computer won’t lose any data. I’ve had people lose all their pictures of their 4-year-old child that died when their hard drive crashed.”
  • Install antivirus protection, patches and security updates — not just on your laptop, but on all your connected devices. “Anything that has an IP address is a target,” Crandall says. “Hackers are going after the easy targets, which is your Alexa, your Google Home and your Nest thermostat.”
  • Download a home scanner like Bitdefender, a software program that reveals all the devices on your home network and alerts you to vulnerabilities. While Bitdefender offers antivirus and device protection for Windows, macOS, iOS and Android, it currently offers scanning only for Windows devices, Crandall said. Nmap is a free, open-source network scanner that runs on all operating systems, but it’s a little more technical than Bitdefender, he says. “The Xfinity app for your Wi-Fi can show you all your connected devices as well,” he says. Other Wi-Fi service providers may offer similar monitoring services; it’s worth asking about, he says.

Talk to your kids

Above all, have that talk with your kids. 

“There’s nothing private once you go digital,” Crandall says. “That’s the mindset I try to put my kids in; you may not be concerned [about what’s posted] now, but what if you want to run for office? Do you want that out there? The world is watching.”

“Hackers know kids are easy targets to be exploited,” Gullatte says. “We have to be vigilant to save our children.”

Parents need to talk with kids about posting provocative photos online, too. 

“That’s how people get caught up in human trafficking, and it’s real right now,” Gullatte says. “Keeping kids off their phones isn’t the answer. Teach them how to be responsible.”

Senti suggests parents research digital citizenship.

“Cyber bullying is a big concern for teens,” he says. “I would teach kids about cyber bullying and older people trying to interact with kids, respecting yourself and others and not using profanity.” 

He also recommends talking about digital safety — not using your real name or age, not telling people where you live or giving away personal information.

Crandall says he tells people that there’s no such thing as 100 percent cybersecurity.

“In the world we live in today, my whole house is listening to me,” Crandall says. “We have to balance risk with reward, as we do with everything else in life. What does your Alexa do for you? If what she does for you outweighs the risk that she can bring, then that’s the risk that you accept.”

Jeanne Davant

If so, we'd love for you to share it with your friends and followers! Sharing this article can help spread valuable information and spark important conversations. Simply click a share button below!