The seemingly constant leaks of nude celebrity photos has one potential upside: a heightened awareness of the need to secure personal data.
Whether you take and store those kinds of pictures or not, you could be subject to similar kinds of attacks. Patrick Peterson, the founder and CEO of San Mateo, California-based email security firm Agari, says hackers aren't on to some new, previously unknown vulnerability like Heartbleed, yet they are having historic levels of success.
"In many ways, it's the same old stuff. From the Home Depot breach to the celebrity hacking, the methods are not brand-new, novel things people haven't heard of before," Peterson says. "It's these tried-and-true techniques that rely on fundamental weaknesses, and a lot of companies and people don't have their act together."
Many of the cybercriminals are using phishing attacks, for example, where botnets send thousands of malicious emails that try to get recipients to click on a link or download an attachment, tricking them into downloading data-theft software.
One recent trend in phishing emails, according to Agari's 2014 Q2 edition of the Email TrustIndex report, is coming from travel sites. Peterson says his firm recorded a nearly 800 percent increase from the previous quarter in malicious email purporting to be from travel websites like Expedia, Travelocity, and Orbitz. He says hackers are installing malware like Cryptolocker or Gameover Zeus on victims' machines by sending emails that look like they're from these sites and read, "Here's your itinerary."
So how can you avoid falling victim to phishing or other kinds of attacks? Check out Peterson's top four tips to keep your personal data safe.
The first tip sounds obvious, but password management is still an area where most people are too complacent. "You wouldn't want to use the same key you used for your dorm room 20 years ago to open your home, your bank, your car, and every other place you want to keep secured," Peterson says. "Unfortunately, that's how people use email passwords, and they leave copies of their passwords around everywhere under the sun. You need to realize that password is the digital key to your bank, your information, and your photographs. Make sure you don't have the same password you use for everything." For people who don't want to remember all different passwords, password management software can help, he says.
Pick a safe email provider
No all email providers are created equal. Be sure yours provides proper security. "There's been technology development that stops people from impersonating your ISP, your bank, or your travel site," Peterson says. "You need to make sure your email provider uses technology like DMARC to stop that phishing. The good news is that Google does it, Yahoo does it, Microsoft supports it, AOL supports it, so if you're on one of those, you're on your way to minimizing your risk."
Choose obscure personal questions and answers
When you're creating answers to those personal questions on websites where you've registered in the past, do not use answers people can find on your social media profiles. "Nowadays, if you forget your password or lose it, or type it in wrong too many times, you could have it reset by answering some personal questions. Years ago, those questions were secure, but now a lot of the answers to those questions are on your Facebook account: your birth year, what town you were born in, where you went to high school," Peterson says. "It's not very difficult, especially if you're a celebrity or high-profile, to figure out the answer to those. Now, I could get access to your password by just having access to your Facebook profile. Try to find questions and answers that are not easily attainable and think about what you share on social media as something being useful to criminals, and restrict accordingly."
Think of links like strangers
Links and attachments should be treated like strangers. You wouldn't invite someone you weren't expecting into your home, so don't invite unknown links or attachments into your computer. Email is the most popular mode of hacking, so treat every link with suspicion. Don't click on links--just go to the website or search for the topic in Google. "You need to realize email can be spoofed and you should take the appropriate caution. Say someone came up to you on the street, said their name was Ted Kaczynski, and said they have a package for you and asked if they could place it in your house, you'd say, 'That's OK, sir' and cross the street," Peterson says. "When people get messages that say, 'Urgent! Urgent! FedEx has a package for you and it will be returned,' for some reason since it's on a computer screen they feel like they should open the attachment or click on a link, or fill in their personal information. You need to remember: You should at least take the same precautions you take in the online world as you do in the offline world."