By David P. Willis
“All of that information is there and can be easily stolen by hackers to essentially perform identity theft,” said Emmanuel Schalit, chief executive officer of Dashlane, a password management company. “Email has become such a critical communication component in everything related to identity that this is probably one of the favorite vectors of attack for hackers.”
The news is filled with the aftermath of email hacks. Hackers penetrated the email accounts of John Podesta, Hillary Clinton’s presidential campaign chairman; the Democratic National Committee; and former Secretary of State Colin Powell.
Last month, internet giant Yahoo said information from at least 500 million accounts was stolen in 2014, information that may have included names, addresses, telephone numbers, dates of birth and security questions and answers.
“There’s a reason to worry also because a lot of what is happening people are just helpless against,” said cybersecurity expert Matti Kon, president and chief executive officer of InfoTech Solutions in New York City.
Large corporations, which may have your information on their systems, are being hacked. “It is Yahoo that is being compromised,” Kon said. “It’s the hospitals that are being compromised. You are just falling, as an individual, a victim to that.”
Consumers do have some power. They can protect themselves and make it hard for hackers to wreck havoc in their lives. Press on Your Side talked to various experts for help. And, as October is National Cyber Security Awareness month, here’s what they had to say.
Don’t do this.
Never reuse passwords. “People say if ‘I have one very complicated password, no one is going to be able to guess it and I’m going to be in a much better position than somebody who uses, like many people, ‘password’ or ‘123456’ as my password,” Scalit said. “They are wrong.”
Why? Our data, typically protected by our email address and password credentials, sits in the Internet cloud. Hackers target websites with poor security and once they crack their way in, they’ll find your email address and password, the one you use for all your accounts. “Once hackers have stolen that password, they will use it someplace else,” Scalit said. They could try it on your email account. Once they’re into that, they can use it to reset passwords for other services and websites. “It’s essentially game over,” he said.
Once inside your email account, hackers also can use your address to blast out scam mail, said Tom Bull, owner of Two River Computer in Fair Haven. “The email password needs to be unique,” he said. “Don’t use it any place else except where you get email.”
Modifying an old password is not safe. Hackers have stolen billions of passwords and can use specialized technology to try every possible variation, Scalit said. The result: your password is busted.
Beware of phishing scams. Scammers can send an email that looks like it comes from your bank or another company you do business with warning you of a problem and encouraging you to click on links that will lead you to a fake website. “If it doesn’t make sense to you, don’t click on it,” Bull said.
“These hackers are clever people need to be educated about these sorts of things,” said Jacob Ginsberg, senior director of products at Echoworx, an email encryption company. “You can’t really totally blame someone when they fall prey to a phishing attack or a scam. It’s tough.”
If you get an email about a problem, look up the phone number on a credit card or statement and call the company directly. “Pick up the phone and call,” Ginsberg said.
Use strong, complex passwords. A complex password should have more than six or eight characters. Ginsberg said some believe it should have random letters, numbers and characters, but they are hard to remember and can be easier for machines to crack. “Create a four or five word sentence that you know that you would recognize of words that are nonsense or a little bit silly together,” he said.
Change your email password regularly. Bull has a good idea: change it whenever you have to move the clock backward or forward. Added Ginsberg, “It doesn’t leave you caught out there with old credentials.”
Use a password manager and generator. Some examples are Dashlane, 1Password, LastPass and KeePass. They can create different complex and random passwords for all your websites, and manage them all. If any of your websites get hacked, the damage will be limited to that website alone.
Turn on two-factor authentication. Many services, including Facebook, Twitter and Gmail and Hotmail, have it available. Once you turn it on, a website will require a second bit of information, such as a code sent to your cell phone in a text, to login. Even if a hacker has your password, you have a second layer of protection. Try a website called TurnOn2FA.com for directions on how to use two-factor authentication for many often-used sites. “Absolutely turn it on,” Ginsberg said.