Internet Safety Resources For Parents And Kids

ttt-logoTalking with your child about Internet safety can seem overwhelming, but there are some excellent resources available to help.

Remember, protecting your kids online starts with protecting your computer from viruses and malware. Teach your kids to use strong, unique passwords, and to avoid oversharing photos and personal information. Monitor the sites your kids visit and the apps and devices they use. Create family rules concerning online time. Encourage your kids to tell you if they encounter anything that makes them feel uncomfortable, such as cyberbullying or inappropriate content.

Here are some of the tools I use when teaching families and schools about online safety.

Basic Computer Security Tips

Parental Controls

Internet Safety For Kids

Internet Safety For Teens

Cyberbullying

Social Media Safety

Cell Phone Safety

More Internet Safety Information For Parents

 

Ransomware Spreads Across The Globe: How To Protect Your Computer

A ransomware worm is rapidly taking over computers around the world. Here’s what you need to know to protect your computers and networks.

This particular worm, known by several names including WannaCry and WCry, is a type of computer virus called ransomware. Ransomware, as regular Tech Tips readers know, is especially nasty because it hijacks your computer and encrypts your data, then demands a ransom to decrypt it. A worm is a virus that worms its way through computer networks. Therefore, as you can imagine, a ransomware worm has the potential to wreak havoc worldwide. And that’s exactly what WannaCry and its variants are doing.

Your best protection is prevention. While this virus can be removed, the data it encrypts CANNOT be decrypted. Experts typically recommend not paying the ransom, as there is no guarantee you will recover your data even if you do. A current offline backup is the only way to preserve your information in the event of a ransomware attack.

Windows users, update NOW. If you’re on an old version of Windows and can’t update (anything except Win7, Win8.1, and Win10), this is your wake-up call to upgrade to a newer version. Yes, they released an XP patch. No, that doesn’t mean XP is safe. It means they had to patch XP because it’s used so widely in critical environments like hospitals. And that was an unprecedented move, as Microsoft had previously declared that XP would receive no further security updates. That indicates how serious the situation is. Microsoft has more information about supported versions of Windows on their Windows end-of-support page.

And, everyone – BACK UP YOUR DATA. Seriously. Back it up. Right now. Mac users, you too, you’re not immune to ransomware. Everybody BACK UP YOUR DATA ON A SEPARATE NON-NETWORKED DRIVE AND KEEP IT OFFLINE.

RIGHT. NOW. (Here’s my latest Tech Tips article on backups for Windows and Mac.)

Spread the word. Tell everyone: business associates, friends, family, neighbors, random strangers. Send them a link to this article and remind them to back up and update their computers immediately.

If you’ve already been affected by the WannaCry worm, here’s some information that can help.

How To Create Strong Passwords (2017 Edition)

It’s more important than ever to make sure you’re using strong, unique passwords. Passwords are one of your main defenses against computer viruses, account hijacking, and other Internet threats.

Several major sites have experienced security incidents over the last year. Hacks from years ago are still having repercussions in the present because people keep re-using old passwords. Never re-use passwords! Create passphrases that are at least 12 characters long and different on every site. Use two-factor authentication where available. You’ll find more details on this below.

Why You Need Strong, Unique Passwords

Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

Selling account details can be a lucrative business. Don’t let complacency make you a target.

Strong passwords must be:

  • Not in use on any other system
    This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.
  • Changed regularly
    Yes, you have to change your passwords. And yes, they still have to be different everywhere. In fact this is one of the best things you can do to secure your passwords. Use a password management tool if you need help keeping track of everything (see below).
  • 12 characters or longer
    Think passphrase rather than password. The longer and more complex a password is, the less likely it can be cracked. A few sites may not let you use a password as long as 12 characters, so use the longest password you can.
  • A mix of upper- and lowercase letters, numbers, and symbols
    Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.
  • Not common words or proper nouns found in a dictionary
    Here’s a list of the 25 worst passwords, updated for 2016. If your passwords sound like these, change them now.
  • Not the names of your spouse, kids, pets, or other personally identifying information
    Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions. For example, if you have pictures of your dog Fido on Facebook, and you also answer your bank’s security question “What’s your dog’s name?” with “Fido,” guess what? You have just given a hacker potential access to your bank account.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via sites like email, Facebook, Twitter. Use another means like text message, which goes directly to the recipient. Or even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

With a password management tool such as 1PasswordLastPass, or KeePass, all you have to remember is one master password and the software takes care of the rest. You can use the same password management tool on your computer and on your mobile devices.

Unfortunately any company can be breached by hackers and password management firms are no exception, as was demonstrated by a recent LastPass breach. In other words, passwords stored in management tools can be swept up in data breaches just like any other kind of data.

The good news is that most password managers encrypt your data, so even if hackers get hold of it, they will hopefully be hard-pressed to recover your actual passwords. That being said, you need to safeguard your master password with more vigilance than any other password you use. Please do NOT re-use your master password anywhere else! And be sure to keep another copy of your passwords somewhere safe in case you lose access to your password management tool.

Two-factor authentication

Two-factor authentication (2FA) uses a password plus another unique identifier, like a passcode messaged to your phone. This is much safer than a password alone because the second identifier is constantly changing, making it much harder to break into an account. If a site offers 2FA, you should consider using it.

However, 2FA does not make a weak password safe. Your best bet is 2FA plus an excellent password. As with a password manager’s master password, you need to make absolutely sure you have copies of your 2FA backup codes, because that’s what’s going to get you into your account if you have trouble.

Password harvesting scams

Password harvesters are everywhere. For example, you might get a spam email saying you need to update your account. This message contains links to a page that looks like the real login, but it’s really just a fake designed to steal your credentials. Similarly, password-harvesting scams can be distributed via Facebook, Twitter, and other social media sites. When in doubt, type the address for the site into your Web browser manually rather than clicking on a link.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

 

Why You Need To Delete Your Old Accounts

ttt-logoMost people let old accounts languish. But abandoned accounts are filled with information that can be used to send spam, spread malvertising, and commit cybercrimes.

For example, I frequently get email messages from people I know, but haven’t talked to in a while. Invariably the email subject is blank or says nothing but, “Re:”. Sometimes the email includes a suspicious attachment. And I sigh and delete the message, because I know these unused accounts have been hijacked from their unsuspecting owners and are now controlled by hackers.

But hijacked accounts go beyond mere annoyance. They are often used to hack other, juicier targets, making it more difficult for such electronic attacks to be traced back to the perpetrator. They can also be used in online financial scams, such as the “I’m stuck overseas and need you to wire me money” scam. Such scams appear far more realistic when they come from a seemingly-legitimate source like a friend’s email address rather than some random account, and many people fall for the trick.

Hijacked accounts can also be used to hijack other accounts like Facebook, Twitter, or even your bank account, if it’s been linked to them. It’s like a stepping stone to the rest of your stuff.

For these reasons, you should always delete old accounts if you are no longer using them. If you’re concerned that someone will take your old username, I recommend maintaining your old accounts by logging into them every few months and using strong passwords that have not been used on any other site.

You will need your username and password for the account you wish to delete. If you don’t have it, you typically need to follow the site’s procedures to recover a forgotten password before you can continue the deletion or deactivation process. Don’t forget to remove the deleted address from other accounts if it’s been linked to them, such as an old email address linked to your Facebook account.

You should note, however, that just because a site claims your account has been deleted, it may not necessarily have been. Many sites retain old accounts in case you want to reactivate them later. Also, your data may not be deleted even if you request it. Over the years any information you’ve stored online has doubtless been copied to untold backups and mirror servers. In reality, once your data is on the Internet, it’s out there forever. But at least by deactivating or deleting your accounts, you can help keep them (and the data they contain) from being used for nefarious purposes.

Here’s how to delete or deactivate your accounts on a variety of popular sites, old and new.

 

How To Create Strong Passwords (2016 Edition)

Computer SecurityTime once again for my updated guidelines on creating passwords. The short version: use passphrases that are at least 12 characters long and different on every site, plus two-factor authentication where possible. And for pity’s sake, stop using weak passwords!

Many people say to me, “I don’t need a secure password. I don’t have anything sensitive on my computer, so I don’t care if a hacker gets in.” You, my friends, are a hacker’s dream. Because it’s not necessarily your personal information they want, although they’ll happily steal your credit card info if they can. No, what they really want is control of your computer, your email address, your Facebook page… anything and everything that will let them do their dirty work from behind a smokescreen.

Strong passwords must be:

  • Not in use on any other system
    This is perhaps the biggest no-no in the password rulebook. When hackers nab passwords, they try the same account/password combinations on popular sites like Google, Facebook, Twitter. If you’re using the same password you just let them in. Do not ever, ever, ever use the same password anywhere. Before you despair, keep reading. There are tools to make it easier.
  • Changed regularly
    Yes, you have to change your passwords. And yes, they still have to be different everywhere. In fact this is one of the best things you can do to secure your passwords. Use a password management tool if you need help keeping track of everything (see below).
  • 12 characters or longer
    Think passphrase rather than password. The longer and more complex a password is, the less likely it can be cracked.
  • A mix of upper- and lowercase letters, numbers, and symbols
    Some systems won’t allow you to use a range of characters in your password, in which case I suggest you reconsider using that site. Do you really trust someone who isn’t going to allow you to secure your account properly? Makes you wonder how secure everything else on the site is.
  • Not common words or proper nouns found in a dictionary
    Here’s a list of the 25 worst passwords of 2015. If your passwords sound like these, change them now.
  • Not the names of your spouse, kids, pets, or other personally identifying information
    Don’t create passwords out of information that can be gleaned about you, and don’t share information that can be used to guess security questions. For example, if you have pictures of your dog Fido on Facebook, and you also answer your bank’s security question “What’s your dog’s name?” with “Fido,” guess what? You have just given a hacker potential access to your bank account.

Examples of good and bad passwords

Good passwords (but don’t use these!)

AP@ssw0rdIJustMADE!UP!4U
Here’sAnOtHeR1FOR$You

Bad passwords

password
password1
password!
123456
<blank>
mypassword
spouse’s name
pet’s name

Password Don’ts…

  • Don’t rotate between the same two or three passwords. It’s just as bad as using the same password everywhere.
  • Don’t send passwords via sites like email, Facebook, Twitter. Use another means like text message, which goes directly to the recipient. Or even better, a phone call.
  • Don’t stick passwords on Post-It notes. Whether it’s under the keyboard or on a bulletin board, it’s exposed. Be like Gandalf: Keep it secret, keep it safe.
  • Don’t share passwords and accounts. This is especially prevalent in small businesses. Don’t create one account then share the password; create multiple accounts for each person who needs access. More time consuming? Sure. More secure? You bet.

Tools to manage your secure passwords

With a password management tool such as 1PasswordLastPass, or KeePass, all you have to remember is one master password and the software takes care of the rest. You can use the same password management tool on your computer and on your mobile devices.

But there’s a catch. Unfortunately any company can be breached by hackers and password management firms are no exception, as was demonstrated by a recent LastPass breach. In other words, passwords stored in management tools can be swept up in data breaches just like any other kind of data.

The good news is that most password managers encrypt your data, so even if hackers get hold of it, they will hopefully be hard-pressed to recover your actual passwords. That being said, you need to safeguard your master password with more vigilance than any other password you use. Please do NOT re-use your master password anywhere else! And be sure to keep another copy of your passwords somewhere safe in case you lose access to your password management tool.

Two-factor authentication

Two-factor authentication (2FA) uses a password plus another unique identifier, like a passcode messaged to your phone. This is much safer than a password alone because the second identifier is constantly changing, making it much harder to break into an account. If a site offers 2FA, you should consider using it.

However, 2FA does not make a weak password safe. Your best bet is 2FA plus an excellent password. As with a password manager’s master password, you need to make absolutely sure you have copies of your 2FA backup codes, because that’s what’s going to get you into your account if you have trouble.

Password harvesting scams

Password harvesters are everywhere. For example, you might get a spam email saying you need to update your account. This message contains links to a page that looks like the real login, but it’s really just a fake designed to steal your credentials. Similarly, password-harvesting scams can be distributed via Facebook, Twitter, and other social media sites. When in doubt, type the address for the site into your Web browser manually rather than clicking on a link.

Why not take this opportunity to change your passwords? It’s the best thing you can do to protect yourself against identity theft and cybercrime.

[Originally posted in 2010 as How To Create Secure Passwords. This version has been updated with the latest advice on secure passwords.]

Security Basics For Mac Users

appleIf you’re not protecting your Mac from Internet threats, your computer can easily be overcome by viruses and malware. But running antivirus isn’t enough. Mac users also need to be just as aware of scams, fake apps, and other Internet dangers as their Windows counterparts. Here are some resources to get you started.

If you’d like to know more about Mac security, stay tuned to Tech Tips via Facebook, Twitter, and RSS, or subscribe by email.

Mac Antivirus Programs

Mac Security Help

Tech Tips – Recommended Advice For Mac Users

Cryptolocker: Why Modern Computer Viruses Are More Dangerous Than Ever

crypt-messageToday’s computer viruses go beyond mere annoyance. How does holding your data for ransom sound? What about spying on you through your webcam, tracking your physical location, recording every keystroke you make? Welcome to the modern generation of computer threats, where infection means real-world consequences.

The latest virus making the rounds is Cryptolocker, a textbook example of all the truly nasty ways in which a modern computer virus can ruin your day. Cryptolocker encrypts your data with a one-way algorithm which mathematically cannot be reversed. If you don’t pay the ransom within the timeframe, the only key to your data is gone, kaput, goodbye.

You can’t restore your data by removing Cryptolocker, because removing the virus doesn’t decrypt the data. No tech support person in the world can decrypt it for you because it’s simply not possible without the key. Even police departments have paid the ransom, even as they recommend that consumers not do so.

Here are some resources on Cryptolocker so you can keep it from digging its sharp claws into your computer.

Cryptolocker started its initial spread via email attachments, which are fairly easy to avoid. But now it’s morphing into variants that can be transmitted via USB drive, and luring victims with fake software activation codes. Although it’s a Windows virus, like all viruses it can be transmitted via Macs and mobile devices. Following in the steps of other viruses, soon Cryptolocker will evolve into spreading via social media sites.

And this is just the start.

There are other viruses out there that can activate webcams – and yes, they can bypass the green light that tells you the webcam is on. They can listen through microphones. They can track your location via your mobile device. They can listen in on your conversations on social media.

Now, more than ever, it’s vital to protect yourself from computer viruses. Here are some Tech Tips resources to help:

Have you run into Cryptolocker or other similarly destructive viruses? Share in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

How To Protect Your Privacy On Social Media Sites Like Facebook And Twitter

socialmediaWhen was the last time you checked the privacy settings on your social media accounts? Once? Twice? Never? If you don’t check periodically, you run the risk of having your account hijacked by hackers.

Related article: Strong passwords key to social media privacy by Triona Guidry (The Northwest Herald)

What do you mean by “social media”?

Sites primarily used as a means of mass communication: Facebook, Twitter, LinkedIn, Pinterest, Instagram, Tumblr… You could also think of them as virtual communities, each with different rules and tendencies.

Why should I bother securing my social media accounts?

Because having your account hijacked stinks. At best, it’s inconvenient to reset your passwords and notify your friends. At worst, it results in data loss, identity theft, and financial ruin.

But aren’t these sites private?

Nope. They have privacy settings, most of which aren’t on by default. But anyone can sign up on these sites, and anyone can pretend to be anyone else on them. They’re designed to share information, not keep it private. Which is why the idea of people sharing their entire life stories and that of their kids gives me the screaming heebie-jeebies. Social media sites aren’t private photo albums and diaries. They’re publicly-accessible news sites (and data aggregators for advertisers).

Why do hackers want to hijack me?

In short: money. Cybercrime is a multi-billion dollar global industry. With economies tanking and people out of work, the idea of making tons of cash through Internet scams is hard to resist. Through commandeering your account, cybercriminals sell everything from Internet pharmaceuticals to fake antivirus programs to Twitter followers using your hijacked identity. It’s the go-to crime of the 21st Century.

Should everyone protect their social media accounts?

Yes. Absolutely. There’s no excuse not to.

How can I protect my social media accounts?

Use strong passwords that are unique on every site

Double-check your privacy settings

Report fake followers and inappropriate content

Verify links before sharing

Do you have questions about securing your social media account? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

A Parent’s Guide To Protecting Your Kids Online

kidsIt’s hard to protect kids online, because parents and educators often have a hard time finding resources that can help them understand the latest risks and recommendations. I’ve gathered a variety of information in one place so you can learn about antivirus, parental controls, and protecting your kids while using mobile devices and video games.

Kids’ computers are among the most vulnerable to security threats. That’s not to say your kids are doing anything wrong. On the contrary, they’re the victims. Not only do virus-writers like to booby-trap kids with malicious web sites, they also like to infiltrate legitimate ones. Kids are also at much at risk of identity theft as any Internet user. More so, because cyberbullying has become such a deadly and devastating menace.

These are resources every parent needs to know about how computer viruses and Internet threats work. If you have questions, please feel free to comment. You can also subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

Antivirus And Security

Mobile Devices

Video Games

Cyberbullying And Harassment

 

How To Avoid Keyloggers, Ransomware, And Rootkits

keyThe most advanced threats to your computer – keyloggers, ransomware, and rootkits – are also the most insidious. The best way to deal with them is to avoid them entirely.

Keyloggers come in hardware form, but are usually software viruses that secretly record everything you type. Ransomware holds your computer and its data hostage until you pay. Rootkits allow hackers to remote-control your computer, and are often used to introduce other types of malware.

Related article: Advanced Threats Target Your Computer (The Northwest Herald)

So why should you fear these threats?

  • They bypass your security.
  • They steal your money and your identity.
  • They force your computer to infect still more computers.
  • They turn your computer into a spam-generating cog in the hackers’ profit-driven machine.

In the tech industry we say you’re rooted or pwned (like owned with a p – “powned”). In other words, the hackers own you. They own your accounts, your passwords, your address, your finances… your life.

Related Tech Tips article: What To Do If You Get A Computer Virus

Fake Antivirus Software
In particular, watch out for fake software scams. I’ve spoken of these before. Fake antivirus software tricks you into installing it, then bypasses your protections and invites its malware friends in to play. It’s devilishly hard to get rid of, as anyone who’s been infected can tell you. Usually you’re looking at a reinstall. And the darn stuff actually makes you pay to be infected! Talk about a scam.

This is why you don’t want to do a web search for “Windows antivirus” and start clicking on random links – many of them are poisoned results that lead you straight to the lookalike fakes.

Related Tech Tips articles: Is Your Security Software Real Or Rogue?How To Spot Bad Web Links

Rootkits And Remote Admin
Concerning rootkits – those backdoor programs that allow hackers remote control of your computer – I’d like to point out that these are not the same as the built-in remote admin tools on your computer. A rootkit, by its nature, is designed to be stealthy. Remote admin programs are supposed to be used to maintain computers for legitimate purposes (say, if you are performing tech support on machines in a remote office). But it can also be exploited just like a rootkit if a hacker convinces you to turn it on. Check out this article on telephone tech support scams for an example.

Related articles: Tech Support Phone Scams Hit HomeHow To Kill Computer Keyloggers

Drive Imagers
Fortunately, you can make it easier to recover your computer if you do have to reinstall it – by imaging the drive while it’s still clean. This, combined with regular backups of your everyday data, will let you restore your computer quickly.

Windows Drive Imagers

Mac Drive Imagers

Have you encountered keyloggers, ransomware, or rootkits? Share in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net