The pandemic has many doing more online than they ever have before, whether it’s working, shopping, or socializing. While technology and the internet have created many conveniences for our everyday lives, it’s also created more opportunities for fraud and scams. Tony speaks with Ian Nicholson, Senior Information Security Administrator at Altra Federal Credit Union about how to keep your information, accounts, and finances safe while online.
(Tony) Welcome to the Best Life podcast where we here at Altra Federal Credit Union are always working to help you live your best life. I’m Tony Beyer, Financial Literacy Coordinator at Altra and today we wanted to focus on a very important topic and that is staying safe while staying connected online. For many, this pandemic has changed the way many of us are living, working, even socializing, much of it now online or on mobile devices. Now For more information on how to do that while protecting our accounts, information, and devices, we are joined by Ian Nicholson, our Senior Information Security Administrator and Internet expert. Thanks again for taking a couple moments to be with us Ian!
(Ian) Well, hey Tony, glad to be here talking with you, you know I need a break from work sometimes you know I’m a huge nerd, so anytime I get to talk about computers, that makes me happy.
(Tony) Good to hear. Thank you so much. I know you’re our Internet expert and we want to talk about security and I know it’s probably going to start with passwords, we’re supposed to have a unique password for everything. I’m trying, I make passwords…I can’t remember them all the time. I have variations of a few passwords. I know I should be a lot better. What can we do to try to mix up our passwords and be a little more secure online?
(Ian) Tony, I think that’s a great point. I just want to say, you know, you’re not alone. The average person is really not as secure as they could be, and that’s not any one person’s fault, right? We don’t make it easy to be secure when it comes to computers. I think that computers are the only field where the people involved are less trusting of their industry than the average person on the street. You know, if you talked to an architect, they’ll tell you that building is very unlikely to fall down. An airplane designer is going to tell you that airplanes are just about the safest place you can be. But if you talk to a computer security person…we’re very paranoid about computers, and that’s because it is so easy to make a mistake. When you’re talking about passwords, we used to tell people, oh, change your password every 90 days, you know, make sure that it’s really hard to guess, you know, make it completely random. But the problem is that people can’t remember those passwords.
(Ian) It’s very difficult to remember a 15 character password that’s nothing but random letters, numbers and symbols. So you know, in the past several years, the computer security industry has realized that we screwed up, We made a mistake, we were giving people bad advice and the new advice that we tell people is hey, you should be using a password manager. That is a program on your computer or on your cell phone, it remembers your passwords for you and can generate strong passwords and in most instances can actually type them in for you. For example, I have a password manager on my phone that will generate a 20 character random number, letter, symbol password for me and it can type it into any web page that I needed to, and so I have no idea what any of my passwords are, except for the one password that unlocks my password manager and that’s key. The nice thing about those is that you know I have an iPhone, my password manager unlocks with my fingerprint so I don’t even really have to know that password either. Of course I do. I wrote it down and I stuck it in a locked box somewhere and I won’t tell you where that line is. You know, in case that my family needs to get into my passwords, you know, for whatever reason, and I’m not available, you know they do have that capability, but it’s certainly something that anyone is going to be able to do very easily.
(Tony) Not using the same password for everything duly noted right after this, getting myself a password manager, awesome ’cause like I said I will change my password you know for work you know we have to do that all the time for good reasons, good reasons thank you. You know, usually I have to call our helpdesk by the afternoon because I forgot what I changed it to. So good to know for all the passwords that we all have. Look into a password manager, awesome. Is there anything else as far as logging into accounts that can help keep those more secure? Like your email or Google or you know anything else like that?
(Ian) That’s a great question. And yes, you know, even if you are using a unique password for every single account that you have, which again you should and you should be storing in the password manager, sometimes those passwords can get compromised. You know maybe you get phished and you type that password into a phishing page and if the only thing you’ve got protecting that account is your password, you’re in trouble there. So what I also recommend is that wherever possible, people set up multi-factor authentication, which is also called two-factor authentication, and what that is, you know we talk about factors, there’s really three factors. There’s something you know, which is what the password is. There’s something that you have, which is usually something like your cell phone or sometimes a thumb drive, and then there’s something that you are, which is where biometric authentication comes in. Generally, when you set up multi-factor authentication or two-factor authentication, you’re going to be getting a code. A short, usually six digit numeric code sent to your cell phone via text message. There are also apps that can generate those codes as well, and really it depends on what the website or account in question is doing. World of Warcraft, for example. For those you know, for people that remember that that was a really.
(Tony) Wow (World of Warcraft)
(Ian) You know, I’m not going to lie and say that I did not have an account I was involved in that when I was back in high school.
(Tony)It was one of the most popular things like in the world wasn’t it? I mean, yeah, you’re definitely not alone.
(Ian)It was huge. Yeah, I remember the advertisements on TV for it, which just blew my mind. There was a huge problem of people stealing World of Warcraft accounts and so the company that made World of Warcraft said OK, we’re going to implement multifactor authentication, and there was an app on your phone and it would generate this short one time password and when you logged in to your account with your username and your password, it would also prompt you for this second password. The only way you could get that second password was if you were holding on to your phone, and so that functioned as a second factor, so to speak. You know generally these days, like I said, they get sent to you via text message, but you know, for big sites like Google, Facebook, Instagram, Snapchat, they will also allow you to use an application to generate that on your phone, and that’s a little more secure. But in any case, even if you’re getting those one-time password sent to you on your phone, that’s still way better than not having them at all.
(Tony) Makes sense. Who knew keeping your stuff secure was so complicated, but that’s I’m so glad we’ve got an expert to like you, and again, we’re talking to Ian Nicholson, he is the Senior Information Security Administrator for Altra Federal Credit Union. So happy to have you here and again, I know you’re busy, but I get on my phone probably monthly, I know my personal computer all the time, it wants me to install updates, it’s kind of a pain, how important is keeping your technology up to date?
(Ian) You know unfortunately, it’s not as easy as people would like. I am guilty of that as well. Sometimes I get prompted to update my phone when I’m right in the middle of, you know, messaging someone or or looking something up online and I just say whatever remind me later. You know, that’s I I’m not gonna pretend perfect there but the last I heard 70 to 80% of all the people that got hacked got hacked because they were not up to date on their software and if they had been up to date they would not have been hacked. So it is so important for people to update their systems. Personally, I was talking about my phone. I went into the settings for iOS and I told it alright, update automatically if I’m asleep and it’s 3:00 AM just go ahead and run that update. Odds are I’m not even going to notice and I do that with my computers too, and you know, sometimes it’s a little frustrating, but it’s much less frustrating than getting hacked, I’ll tell you that. The other thing to keep in mind about software updates is that you do want to update as much as possible. I’ve seen a lot of people who are still running Windows 7, which is no longer getting updates, or maybe they’re running Windows 8 which is still getting updates from Microsoft, but there are a lot of things that make Windows 10 really, really good that Windows 8 just isn’t gonna get, so I encourage everyone I know to upgrade to Windows 10 as soon as they can.
(Tony) Now I was going to say if you’re rocking Windows XP, you probably want to update that…I imagine, right?
(Ian) That is absolutely correct. I if you if you have Windows XP plugged into the Internet, congratulations, you have already been hacked. I can pretty much say that for certain with certainty.
(Tony) So after this, not only am I doing the password manager, I’m updating all my stuff, excellent! I saw a story not too long ago talking about the FBI’s Internet Crimes Complaint Center I-C-3, they have received the same amount of complaints in 2020 six months into the year as they did in all of 2019, so phishing and things like that are definitely way up on the rise. What are some things that people can do to protect themselves from phishing scams and things going on online there?
(Ian) The best thing that anyone can do to keep themselves safe is trust their gut. If an email doesn’t seem right, there’s a reason, that’s your subconscious saying “hey, something is up.” I tell people all the time, if you get if you get an email saying “hey, you’ve won the won the lottery” or “hey, I’m your long lost great uncle and I’ve got money for you” or “hey, here’s a job you can work 3 hours a day and make $50,000 a year,” that’s probably not true, unfortunately. I would say the other thing to watch out for is if you get an email saying “hey, click this link to do something,” really be careful about clicking a link. If I got an email from Google or Facebook saying hey, I need you to click this link and log in to do something, I’m not going to click that link. What I’m going to do is I’m going to go to that website first and then log in because that way I know that I’m logging into the correct webpage, and that’s actually where a good password manager comes in because my password manager it will tell me if I’m at the right page. It will refuse to autofill in a password if I go to a website that looks like Google but isn’t, so that’s a great way to ensure that you’re only logging into sites that you that you know trust. Another scam that I’ve seen a lot is email that people have received that says: “hey, I’ve hacked into your computer and I took control of your webcam and I saw all sorts of salacious activity. You need to pay me hundreds of dollars or all share that with your entire social circle.” I’m very cautious…I never say that anything is 100% anything, but I can pretty much guarantee you that no, they have not taken control of your webcam. You know that is a very common scam because people are so likely to pay, but if somebody emails you and says I’m going to publish this embarrassing information about you to your social circle, just delete it. If you’re really concerned what you can do is you can take the first several sentences of that email and punch it into Google and I can almost guarantee you that the very first hit is going to be a news article about that exact phishing email. That’s something that I have people ask me about, probably monthly, it’s very common.
(Tony) Good to know. Good to know. Yeah, maybe don’t do salacious things in front of your webcam either, but anyway, good to know.
(Ian) I should add that if you are concerned, and this is something I do, is I have a little plastic gizmo that I mounted over my webcam and it has a little slide on it that I can slide to cover my webcam if I want to. It gives me a lot of comfort. You know, I’ve never had to use it fortunately, but just knowing it’s there is nice and it’s about anywhere between $0.50 and two or three bucks, so it’s a really good return on your investment there just for your peace of mind.
(Tony) Absolutely excellent, and again, we’re talking to Ian Nicholson, he’s the Senior Information Security Administrator for Altra. I know you gotta get going, just one more question, you’ve answered so many so far, [there’s] so much to know about this topic. Is there anything that’s kind of blown your mind or really surprised you about information security or about the Internet that you’ve learned in your role or your experience with information security?
(Ian) That’s a really interesting question. If I had to pick just one thing, I would think it would be how much of the underlying infrastructure of the internet is handled by people who just feel like it’s the right thing to do. People who are out there writing the computer programs that our internet traffic depends on to get from point A to point B and they’re doing it because they like to do it, there’s not really a profit motive there. That’s called open source software and it just it really makes me optimistic about the future of humanity that there are people out there who just want to make something to make the world a better place.
(Tony) I love it that we’re ending on a positive note talking about all these things that can happen to you, and all these people trying to get in your systems, your emails, your accounts, your…all these things, but there are good people out there and there is good in the world and we need to hear that a little bit more, especially in a time right now. Thank you so much Ian, you shared a lot of great information! Again is anything you want to add here at the end, but thank you so much for your time and your expertise!
(Ian) Tony, it’s been a pleasure talking to you, have a great and healthy rest of your day.
(Tony) I appreciate it, you too Ian, thank you so so much!
Again, that was Ian Nicholson, Senior Information Security Administrator here at Altra with some great tips and advice on how to protect yourself and your money online.
That’s going to do it for the podcast, thank you so much for taking a moment to listen to the Best Life Podcast presented by Altra Federal Credit Union. We’d love to hear your thoughts, feedback, and especially questions that we can answer on future podcasts. You could send those to me at [email protected]. You can subscribe to the Best Life Podcast pretty much wherever podcasts can be found so that you never miss an episode. We appreciate you taking a moment to learn more on how you can live your best life. Have a great day, be well, and will talk to you next time.