Showing posts with label data breach. Show all posts
Showing posts with label data breach. Show all posts

Tuesday, December 27, 2022

Data Privacy & Data Security In Today's Digital Age


How to Become as "Invisible" as Possible In Today's Cyberage

I have been getting a lot more questions from customers lately with regard to online data privacy and data security.
"How can I keep my online accounts more secure?"
"I would like to surf the internet as anonymously and as privately as possible. How can I do that?
"I found some personal information online, and would like it removed! How do I do that?"

So I decided to write a post covering the basics of online privacy, how to improve your safety and security when online, and how to get personal data removed from the internet (if at all possible).

Limiting Personal Data From Getting Online & How To Use The Internet More Securely/Privately:

  1. Delete all social media accounts, take-down any/all personal/professional sites (blogs, websites, etc), and delete or depersonalize any/all types of online accounts. These sites have been used for years for obtaining personal information, gathering information for social engineering attacks, and even identity theft! 
    • Facebook
    • Twitter
    • LinkedIn
    • Forum Accounts
    • Other Online Accounts (ie) News Sites, Game Sites, Online Stores, etc.
  2. Remove all (or disable) unnecessary apps from your Smartphone, Tablets, eReaders, etc. 
    • Do not install apps that collect any type of personal data, or unnecessarily require you to create an account just to be able to use the app. Also, downloading and installing "THIS AWESOME FREE APP" is the #1 way for a company to easily collect data about you.
  3. Search for any personal information listed on "Data Broker" websites and submit a request for your information to be removed. 
  4. Use a VPN for any and all web surfing; preferably a no-logging VPN like Private Internet Access.
  5. Use a web browser that has your privacy in mind from the get-go. A very popular privacy-oriented web browser that is widely used is the Brave Browser. By default, the Brave Browser blocks website trackers and advertisements. It also has an incognito mode for even further private surfing, private search features, and even some VPN connection features. It's a great program for privacy conscience users.
  6. You can take things a step further and use the Tor Browser and the Tor Network to access and surf the internet. When using the Tor network, you are using a decentralized network that routes traffic through multiple servers (or "nodes") and encrypts the transmitted data each step of the way. It's quite secure and great for anonymity! Sounds amazing, right? Why isn't everyone using it? Well, it can sometimes be a bit difficult to get set up and connected to the Tor Network, and the speed of the network can be quite slow. But if security and privacy are your goals, Tor is the go-to for anonymous, encrypted internet use. This also makes it popular among nefarious people...
  7. To take things even a step further, you can use a USB Thumb Drive-based Linux operating system for privacy-oriented system usage and web/internet usage. Though you would still likely want to use a VPN as well as a secured web browser. But this is a great option to have a "temporary" bubble to use. Tails is a portable Linux OS that is my go-to if I need to use a system that is foreign to me, but I need to securely access online data or securely log in to online accounts. All without leaving a trace behind on the host system! It technically could also be used as a day-to-day OS for those wanting even further their security/privacy.
  8. If you are worried about using public Wifi, the easiest option is to get a Mobile Hotspot plan through your cellphone provider. Most cell phones are capable of creating their own Mobile Hotspot that other devices can then connect to. If that is not an option with your cellphone, then getting a physical Mobile Hotspot from your cellphone provider would be the next best thing. Speeds may not be great! But you will be using your own personal/private network when out on the go.
  9. Create a "generic" email account that has very little personal information associated with it, or even go as far as to use a fake name! If what you are sending via email is secure/critical, you can use an encrypted email service such as ProntoMail. There are also "Burner" email services that are temporary! You could create and use a somewhat personalized email for a job interview or something more official, but it would just not be permanent. I believe that ProntoMail premium is capable of providing this feature at a cost. But there are some free-ish services such as Temp-Mail and GuerrillaMail that you can use as well.
  10. Use an encrypted text messaging/messaging service such as Signal or WhatsApp
  11. Use virtual/burner credit cards for online orders. That way, your actual credit card information can't be intercepted or stolen! Privacy.com is a great example of a free/paid-for provider of this type of product/service.

Remove Personal Data From the Web

  • Data Removal Request: If you live in a state that has a "Digital Privacy Act" that requires companies to remove personal data if requested to do so, then search for any and all personal information and keep track of where it is all listed. Then reach out to those companies/services directly, and ask them to have your personal information removed or for you to be "opped out". If they do not follow through with your request, and your state DOES have a "Digital Privacy Act" or Law in place, then you can contact the FTC and/or your State Attorney General's office to report that company/service.
    Here’s a List of Data Broker Sites and How to Opt-Out of Them
  • OneRep -As cheap as $9 a month, OneRep is an automated removal service that covers over 150 data broker sites for your provided personal data.
  • DeleteMe - This service is a little more expensive at $10.75 a month, but is also highly rated for being able to remove personal data. Their system is automated as well, but where they are a "step above" is that they have actual employees that will assist with private data removal. Not all data broker services respond well to automated requests. So this is where DeleteMe stands out above the pack! That extra dollar or two could go a long way...
  • Legal Removal Request - If a removal request has gotten you nowhere, and the FTC and/or your State Attorney General is not able to help. There is legal action you could still take! You would need to find an attorney who is familiar with internet law. A lawyer could try to obtain a court order to remove your private data. That court order could then be presented to the website or a search engine (such as Google) and your data will either be removed from the website, or the URL containing the data will be omitted and blocked from search results.
  • Dark Web data is nearly impossible to have removed. It's the wild west of the internet, and the folks that use the Dark Web for nefarious things simply do whatever they want. Even if you were able to find and contact a dark web site that has your personal data/info, that alone could make you a target for further attacks and exploitation. You can't change your address obviously. But you can change your email, and phone number(s).
  • Government sites are exempt from these data removal requests as some information is public domain/public record.

Securing Your Online Accounts

In this day in age, just having a password is not enough to keep your online accounts secure, and hackers out of your accounts. Even if you do everything in your power to keep your login information secure, data breaches happen to big companies all the time! So even with your due diligence, your data can still be leaked and exposed in a data breach, data/network attack, etc.

But there are a few ways you can fight this!
  1. Use 2-Factor Authentication
  2. Use a USB Security Key
First off, it is HIGHLY recommended that you set up and use 2-Factor Authentication on all online accounts that you can. If you don't know what 2-Factor Authentication (or 2FA) is, you may actually already be familiar with this security technology. You know when you log in to your online banking on a new or different device. The bank will likely give you a call or send a text message with a code to confirm you are who you say you are. That is 2-Factor Authentication! Since 2FA has been around for a while now, calling/texting your phone with a code can be compromised. To take things a step further, you can download and use an Authenticator App on your smartphone, to generate account access codes whenever you may need them!

Both Google and Microsoft have their own Authenticator Apps. Surprisingly enough, Google (as of this post) doesn't let you back up your associated accounts and security keys. You can transfer them, however! But if you lose your phone, break your phone, or get a new phone (and forget to transfer your Authenticator data), you could get locked out of your very own accounts! So I tend to find myself recommending Microsoft's Authenticator App for creating, storing, and accessing 2FA security codes. Microsoft's Authenticator App has a backup feature and you can easily backup, transfer, and restore all of your 2FA account information if needed. This can be a lifesaver...

Now, if you want to take your account security to the NEXT level, you could purchase and use a hardware-based USB security key. A USB security key is a device that works on the same principal functions as 2FA. But instead of getting a phone call or text message with a security code, or having to use an authenticator app. You would physically plug in a USB device to gain access to your associated online accounts! So in order for you, or anyone else, to be able to get into an account that is associated with your USB Security Key. The USB Security Key would be physically plugged into the device needing account access, and then you would have to touch the USB Security Key with one of your fingers for account access to be granted. This would make it nearly impossible for anyone to exploit the phone call/text message codes, try to fake an authenticator app code, etc. The USB Security Key would have to be directly plugged into the device, and then touched for access to be granted to an associated account. Yubikey is the maker of the security keys that I have used personally, and I highly recommend their products! They make different models that have different interface types, including NFC, USB-A, USB-C, and Apple's Lightning connector.

The one downside to using a USB Security Key, however, is that you have to physically have the key with you in order to gain access to your accounts. If you lose your key, or it gets stolen, then whoever has possession of your key will then have access to all of your associated accounts. Yubikey does however allow you to disable a USB Security key in the event that something like that happens, however!
So if you do decide to start using a USB Security key for your online accounts, it's important to keep that key in a safe place, and have an alternative way of accessing accounts in case your key is ever lost, stolen, or damaged.
Some folks (myself included) purchased a second USB Security key that is all set up and ready to go but is kept stored in a safe place, just in case anything happens to the primary USB Security key.
You could also use an Authenticator app in addition to your USB Security key. An authentication app would serve as an alternate way of accessing your accounts if ever needed.

The bottom line is this: If you decide to use a USB Security key for your online accounts, just make sure you keep it stored someplace safe and secure. Also, have alternative/redundant account access in place. That way, if you lose or damage your USB Security key, you can still get into your accounts!

With the implementation of even a few of these tips, you can greatly improve your online privacy and security!

Jon Pienkowski
Owner/Operator
Pacific Northwest Computers
www.linktr.ee/pnwcomputers
360.624.7379

Wednesday, November 2, 2022

Had a Data Breach or Experienced a Computer/Network Hack or Attack?! Here's What To Do!

What To Do If You Have a Data Breach or Experience a Computer/Network Hack or Attack!

Despite your efforts to control access, track assets and create secure procedures for your network, online accounts, and computer systems. Data breaches, Server Attacks, Network Attacks, Account Hi-Jacks, you name it! It can happen, and it does happen. Knowing what to do if you suspect or actually have a problem can make the difference between a minor inconvenience, and a disaster that interrupts your ability to do business! The following steps can help you recover after a breach or hacking incident. The faster you can recover, the sooner you can get back to business!

  1. Stop the Breach/Stop the Attack:
    Isolate any devices or systems that have been identified as being a part of the breach and/or attack. If the hacker has used an email or account to access your systems, close them down to prevent further damage. If a specific computer is infecting other systems on the network, disconnect its network connections and get it offline. Ultimately, the faster you can restrict access to the systems, computers, and or accounts that have been affected, the less damage a hacker can do.

  2. Examine the Damage:
    You’ll need to determine the extent of the damage and which systems,  accounts, or users are suspected of being compromised, and which systems are confirmed secure. When you know what has actually been accessed, and what/who has been attacked, you will be better equipped to deal with the overall situation.

  3. Restore your Systems:
    Once the threat has been addressed, you can restore your systems, network, etc so you can continue your normal day-to-day work. If you have a DRaaS or BaaS system in place, your provider will be able to help you recover any lost, stolen, or deleted data quickly. If you don't have any backup systems in place for your critical data, try to work with your in-house IT team to attempt data recovery, and get things back up and running as fast as possible. If you realize you are in over your head, engage with an IT solutions company like Pacific Northwest Computers to help remedy security issues and implement data protection plans for the future.

  4. Perform an Audit:
    Determine how your systems, online accounts, email accounts, etc were accessed. Go over your response to stopping the breach, and the effect the attack/response had on your business. Once you know the answers to those questions, you can make better decisions on how to move forward and be better prepared for the future.

  5. Learn From Your Mistakes:
    After the initial shock has passed and your system is back on track, work with your IT team and or an outside IT company such as Pacific Northwest Computers, and establish a plan to prevent further issues, as well as set up any further needed "safety nets" to limit downtime, enable a quicker response, and prevent any data loss as well as have a system to get data back as quickly as possible. This will lower your risk of further attack as well as better prepare yourself if another attack was to occur. That alone is worth the peace of mind!

    For example, If your attacker got in via your email or by exploiting a poorly chosen password, retrain employees to better protect your network. If the attacker used a lost or stolen device, you may need to address inventory tracking. If data was stolen, held for ransom, etc. you have a backup plan for all of your important and critical data! Plus much more.

As always, if you need help with anything, just give us a call, send us a text, or send us an email!!

Pacific NW Computers
360.624.7379
503.583.2380
www.pnwcomputers.com
www.linktr.ee/pnwcomputers.com