Have you been pwned?
Probably. But you’re also in good company, according to panelists on a WWJ Leaders & Innovators discussion on cybersecurity, held Thursday morning at Lawrence Technological University.
Using the hacker term for “owned,” panelists recommended checking one’s email at a website, haveibeenpwned.com, to see whether personal information had been breached in a corporate or institutional data leak.
The bad news—some form of just about everybody’s personal information has been leaked. But panelists said there are steps you can take to fix the problem, including simply creating new email accounts. They also recommended regularly changing passwords and using random “pass phrases”—catchy phrases that are easy for users to remember, but hard for others to guess.
“I know it’s a pain, I know it’s a hassle, but I’m a huge fan of creating specific, individual email addresses for specific functions—an address for banking, and other addresses for other areas of your life,” said David Derigiotis, corporate vice president at Burns & Wilcox. “Absolutely, do that.” Derigiotis also advised against using one’s name in any email address.
Panelists also recommended writing down passwords and keeping that notebook in a secure location. The panel, moderated by WWJ Business Editor Murray Feldman, also advised creating a digital estate plan for after their passing. Feldman said WWJ would air a segment on digital estate plans soon.
On the corporate side, ransomware is the No. 1 concern. That’s where a hacker gains access to an organization’s database, generally through email, encrypts that data, and then demands ransom to decrypt it.
“There are three options in ransomware,” said Colin M. Battersby, a data privacy and cybersecurity attorney with the Detroit office of the business advisory law firm McDonald Hopkins. “You can start over without your data, which is almost never an option. The other is to restore from your latest backup. The third is to pay the ransom. If you don’t have backup, and you can’t go on without your data, then you’re paying the ransom.”
Most ransomware attacks fly under the radar because the crooks demand relatively modest ransom. But now, victims are beginning to balk at paying higher ransom demands.
“Ransomware is keeping IT professionals up at night,” said Brad Gramlin, director of enterprise sales at Comcast Business. “The idea of all their data being locked up or compromised, the PR nightmare when they tell their customers they have compromised their most valuable information.”
Added Gramlin: “For a small or medium (sized) business, don’t be afraid to outsource some things. For a company with under 100 employees, I don’t expect a full IT department that’s up on the latest security.”
Biometric data such as fingerprints and retina scans are in some cases replacing passwords. But Battersby he said he worries “how your biometric data will be protected by the sites that collect it, because that’s something you can’t change. You can’t change your retina scan, you can’t change your fingerprint.”
Panelists also fretted about the security of children online. Said Derigiotis: “It makes me cringe when kids use their real names on gamer sites.”
Panelists also said those concerned about privacy should opt out of having their data collected on aggregation sites such as Spokeo and Cyber Background Checks.
They also recommended a website called virustotal.com, where users can post a link and find out if it is a vector for viruses to get into their systems.
They also offered several defenses against phishing, the use of fake emails to collect personal information. For example, if someone pays bills online and one of their accounts advises them of a new bank account number, call the business and check it out.
The WWJ-LTU Leaders and Innovators series continues at 8 a.m. Thursday, Nov. 14, with a program on managing credit and finances in the new year.