Have you been Pwned?today 09/23/2018 - Tim Leonard
“Pwn” is an internet slang term which means “to own” or “to dominate”. Your teenage kids most likely know this because it is used extensively in multiplayer video games. If you get “pwned”, you have been defeated in a particularly boastful way. Not surprising, the term has grown favor with hackers who use it to describe a state in which they have taken or stolen the privacy of their victim. It is common for us to read about a new cybersecurity breach almost daily. Millions of records are being stolen in these breaches and it is very difficult for non-technical citizens to keep up with them. In this month’s cybersecurity column, I will give you a few tools to help determine if you have been “pwned” at what steps to take to offset the data loss.
A great resource online to look up data breaches is at idtheftcenter.org. This organization keeps an up to date list of reported hacks. You may be very surprised by the shear amount of data leaks which never make the main stream news. In 2016 alone, there has been 845 reported breaches exposing over 29 million pieces of personal information. If you are so inclined, this link will take you to a full report where you can read the details of each one, some are jaw dropping.
Eighty percent of the events listed in the report occurred in the Business and Medical industries. If you are a business owner or run a medical practice this should concern you. It might be time to start thinking about cybersecurity awareness training for your employees. Several times a week I also check in with cybersecurity blogger and investigative reporter Brian Krebs. He runs the website krebsonsecurity.com. Many times, Mr. Krebs will break a story about a breach days before the main stream media. He was the first to release the story about the 2013 Target card breach which had many financial institutions racing to replace credit and debit cards. Following him on Twitter @briankrebs can give you faster access to potential data compromises.
Proactively monitoring all breaches can be tiring. Luckily some online resources make it easy to see if your information has been compromised. Search these websites on occasion: www.haveibeenpwned.com , www.breachalarm.com and www.pipl.com . If you are listed on these sites I strongly encourage you to change your password. Also, Yahoo Mail had an extremely large leak this year and you should change your password. Email is often used to establish a beach head for other attacks. If hackers can read your email and see what companies are sending you information, it becomes very easy to use the “forgot my password” feature on your other websites to compromise those accounts. Most online email has a feature called multifactor, enabling it helps tremendously. If this election year has taught us anything it should be treat our email as the most sensitive online resource we own.
Most of us must remember a lot of passwords. We all hate them. Every company seems to have a different set of rules and the technology seems outdated by today’s standards. Modern smartphones and apps are moving toward fingerprint scanners but do not underestimate the power of a complex password. Hackers will breach organizations and steal usernames and passwords. The stolen passwords will usually be encrypted. This presents a problem for a hacker so they will use special tools to decrypt the simpler ones. You should always use a mix of upper and lower case letters, numbers and special characters. A very strong password will typically be 15 characters long. You can get to this length by using your regular password twice. For example, 9tYears16!! Is a good password and is easy to remember but becomes a great password by doubling it to 9tYears17!!9tYears17!!.
A password manager like 1Password.com is a great tool to use. It will help you manage your passwords, prevent you from using the same one across multiple sites and be a repository for your family in case something dreadful befalls you.
In closing, I hope this information will help protect you and your loved ones from getting “pwned”.