5 Cyber Security Myths you should not believe.

These days almost everything that interacts with the Internet has a lot of misconceptions surrounding it. Cyber security is no exception.

I don’t have anything worth protecting.
Actually all data is valuable to somebody. You know that all those “free” social media apps that you sign up for; (Facebook, Twitter, Tik Tok, Pinterest, Instagram, Snapchat, etc.) aren’t really free. When you sign up you give the company permission to collect data about you. This lets the app build a detailed demographic profile about you. The companies then sell this information to marketers and they make tons of money doing that. So why wouldn’t a hacker want to get in on that gravy train?

I use security software so I am safe.
Actually security software is not the invincible shield that many people think it is. In March 2019 a Russian based hacking collective know as Fxmsp breached the security of three US based antivirus providers. Using a combination of social engineering and brute-force the group was able to gain access to and steel source code and databases. This information is now for sale on the dark web. The names of the breached companies have not been released to the public. However since the hackers can get into those systems how safe do you think you are?

My friends on social media wouldn’t hurt me.
Actually yes they would, maybe not knowingly but the threat is real. What if one of your social media friends or one of their friends has a weak password or falls victim to a clever social engineering scam and is compromised? That opens a path to you. You may suspect a phishing scam when the message is from someone you never heard of but when the message comes from a friendly source you guard may be down. Hackers depend on that and this type of social engineering is one of the most common (and profitable) cyber crimes.

I use complex passwords.
Actually the complexity doesn’t help much these days but longer is better. Consider using a passphrase that you can easily remember. Passwords are “hashed” into a meaningless jumble of characters and stored in a database known as a hash table. The hacker breaks into the system and only steals the hash table. There is no way to “un-hash the encrypted passwords but the hacker can just keep trying combinations until they get a match. With computers that can try millions of combinations per second it may take the hacker several months to discover a large percentage of the passwords. Then they go back to that system and have a field day accessing the users data with the discovered passwords. That is why it is a good idea to change your password from time to time. You may want to use a password manager.

I only go to trusted mainstream sites so I am safe.
Actually you need security software everywhere you go on the web these days. Remember those social media apps that are tracking you. The more cookies you have stuck in your browser the more your every step is being followed.

1. To coin an already overused phrase, the key to security is eternal vigilance. Here are a few steps you can take to help thwart the hackers:
2. Keep your computer(s) current on all updates. Do the same for your phone(s) and tablet(s) as well. In many cases these updates are automatic but check it just to be sure.
3. Check your router. If hackers compromise it then they can redirect all the website traffic to one of their machines and everything on your network is at risk. This is called DNS Hijacking and it has become much more common lately. You can check where your DNS requests with a simple check at http://whoismydns.com/. NOTE: In most cases just power cycling your router will reset it and remove any malicious stuff.
4. Use good security software, just a simple antivirus program doesn’t go far enough.
5. Use a strong password and change it frequently. You may want to use a password manager if you have a lot of passwords to keep track of. Use two factor authentication if possible. You can check the strength of your passwords at sites like https://howsecureismypassword.net.
   For more information on passwords see:
   • Ken’s Korner Newsletter about Default Passwords, March 2020 at http://kdubrovin.com/pub/newsletter/mar2020.html
   • Or Ken’s Korner Newsletter Secure Passwords, September 2017 at http://kdubrovin.com/pub/newsletter/sep2017.html
   • Or Ken’s Korner Newsletter from March 2015 at http://kdubrovin.com/pub/newsletter/mar2015.html#password

And remember — always back it up!