The Target security breach. Stolen user data. Heartbleed. CyberVor. It’s time to ask yourself: how safe am I online?
It’s a worthy question because it seems like even if we do everything right, our sensitive data is still at risk. In this post, we’ll explain the two most fear-inducing recent hacks—Heartbleed and CyberVor—and answer the question that’s on everyone’s minds: how can I stay safe online?
Heartbleed: The Flaw
Let’s go back to early April of this year. Do you remember what you were doing when you heard about Heartbleed? (I do, since I happened to learn about it by checking tech news on one of my go-to sites.) If you’re still confused about it, here’s what happened:
Lots of sites, including online companies and e-commerce sites, used a type of encryption technology known as OpenSSL. (Encryption technology rests on the old lock-and-key idea, with the theory being that only people with the correct digital ‘key’ can read encrypted information.)
Many (but not all) sites that used OpenSSL also used a feature called Heartbeat, which allowed secure links to stay open. This was more efficient than establishing a new secure link each time one was needed.
A weakness was detected in the Heartbeat part of OpenSSL that could allow hackers to read some of the memory in vulnerable sites. This memory could contain user names, passwords, and other sensitive data.
Banks and financial institutions tend to use their own super-secure encryption protocols, so few, if any, were impacted by this flaw.
A patch was quickly released, but as of this writing, not all of the sites using the affected versions of OpenSSL have applied it. (Use this tool from LastPassto check if a site you use is safe.)
CyberVor: The Steal
Now, fast forward to July/August. CyberVor’s huge exploit (Vor meaning thief in Russian, appropriately enough) hits the news immediately before a major cyber-security convention. According to estimates, 1.2 billion unique records have been ripped from 420,000 websites. The story for the CyberVor incident goes like this:
Hackers used a technique known as SQL injection to get databases to basically replicate themselves. (SQL is a very popular database programming language.) This affects companies and websites of all sizes.
However, the group who nabbed all the passwords and credentials apparently is using them to send spam emails to others; as of yet, no financial data seems to be compromised.
In both of these cases—as well as in the Target breach—it wasn't the users who were at fault. In that respect, it was out of their hands. But there is something you can do to stay safer—if not totally safe—online.
Staying Safe is the Same Old Song
There’s really no news to staying safe online. Here’s what it boils down to: choose strong passwords. Change your passwords regularly—every month if you’re extra-cautious or at least every 3 to 6 months for important sites (email, financial, work-related, social media—pretty much anything with your private data or that represents you).
For an extra layer of security, you can use two-factor authentication where it’s available. This sends a code to your smartphone, email, or a specialized app that you must retrieve and type in before you can sign in. (For convenience’s sake, you can designate certain devices, like your home computer, as a trusted place and forego the additional step.)
Finally, never use the same password twice. Otherwise someone who hacks, say, your relatively innocuous online movie account may also get access to your Facebook and Amazon accounts. (Bad, bad idea.) If creating and remembering multiple strong passwords is a problem, you can use free and paid password managers like LastPass, Dashlane, and others to do that for you.
Can we stay safe online? At the moment, it’s tempting to think that we have no say in the matter. But taking these basic security precautions can certainly help limit any damage cyber-criminals might inflict on one or two accounts.
Got computer problems, questions, or concerns? Contact Techsperts Services today and find out how we can help!
Featured image credit: 123rf.com