The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 35 your computer is drafted with thousands of other computers to fight a virtual war against another website. And these guys are just getting started. IMPROVE YOUR RADAR In today's fast-paced world, it is easy to overlook clues that we are being scammed. The sophistication and credibility of attacks continue to improve, making them ever-harder to detect. While the news is full of stories of successful hacks, many people have never been targeted; if they have, they are not aware of it. How do you protect yourself? It is important to understand the general tactics attackers use and the information that should make your warning radar light up. If you are part of your firm's IT or security group, educate your organization to raise general awareness. For example, financial services agents will never ask for account or password information, especially via email. Be concerned if you feel that someone is trying to obtain information that could be used to impersonate you. A poorly constructed email message (e.g., spelling or grammatical errors) from a seemingly credible source indicates that the email is targeting you for harm. HARDEN YOUR ONLINE PERSONA When creating new online accounts, you are often asked to supply answers to questions that only you would know: the color of your first car, the street you grew up on, your high school mascot, etc. These responses are saved in knowledge-based authentication systems and are used to verify your identity to reset a forgotten password or identify you when you call for service. The days when this information was sacrosanct are gone. With social media, personal blogs and other outlets, About the Author Bill Ho is the CEO of Biscom, a security-focused software company. Bill has degrees in computer science from Stanford and Harvard and an MBA from MIT Sloan. He has worked in technology for over 20 years. Contact him at bho@biscom.com. where we publicly expose our innermost secrets, it can be easy for thieves to build a profile that can be used against you. An innocent "throwback Thursday" picture of your car in high school gives a hacker the make and color you might use to answer a security question. Make sure your online persona does not give away your secrets, and set unique responses to security questions. Takeaways • Use complex passwords not based on actual words. Dictionary attacks succeed because people use simple words that can be looked up in the dictionary. Use upper and lowercase letters, numbers and symbols. Do not base passwords on friends, family or pet names — often the first things to be tried. And do not be one of the many who use "password" or "123456," the most commonly used passwords. Change your password frequently — at least every six months. • Use obscure knowledge-based authentication questions and answers. Some people use answers that are not actually true or even relevant. If a security question is about your first car's color, instead of answering truthfully, you might submit "Labrador" as your answer, which is not guessable. • Hover before clicking. Before clicking on hyperlinks in an email message, hover over the link to see where it is redirecting you. Does the website's name look suspicious? Do you know the sender? Did you expect to receive the link from the sender? Sometimes a quick call can verify an email's authenticity. • Think before posting. Personal information posted on public social networks can be used to learn intimate details about your life. • Ask to call them back. If someone calls asking for personal or account details, ask to call the person back. Better yet, call the institution for which the caller claims to work. Do not divulge account numbers, social security numbers or passwords over the phone unless you are sure of the identity of the person on the other end. Hackers are persistent, creative and smart. When a certain type of attack loses its effectiveness, they move on to the next one. Attackers will always find victims, but knowing how they operate and taking precautions can help prevent you from being socially engineered.