Chapter 2 Personal Security

This week’s chapter was about personal security. The chapter started out with a discussion about passwords. Passwords are subject to a variety of attacks. Most of us have multiple passwords for a variety of online accounts ranging from email, social networking sites, financial sites, work, etc. It is difficult to remember and keep up with the growing list let alone trying to make them strong and safe to use. I know what makes a strong password but I am guilty of not following all of the recommendations to make them stronger and more secure. One of the projects assigned this week to our class was to test three different passwords using three different online password testing services. Generally my passwords are strong but they could and should be made stronger by adding a variety of symbols. Another assigned project involved speaking with three of my friends about their passwords and to try and convince them to make them stronger. All three agreed with me but were reluctant to mess with what works for them. At least one of my friends regularly changes her password to her email every month. This is a result of her account being hacked into and used maliciously by the attacker. However by changing her password so frequently is in fact one of the ways to keep her email account safe. None of my friends were interested in using a password management tool for the reason that they do not trust them. I have to agree with this since it seems risky to keep your passwords online … if an attacker can hack into the United States Government’s website, then how on earth can I trust a password management tool to keep my passwords guarded and safe? 

I learned about Social Engineering attacks which doesn’t rely on technology but instead relies on gathering information for an attack by manipulation and psychological approaches. Examples would be asking for small bits of information from several people about one person…not too much to draw attention or suspicion. Using flattery to ‘soften’ up the person to gain their confidence in order to gain the information sought. Playing dumb can also be a way to gather information and to gain the trust of the person. Usually when someone asks me about someone else, I turn the tables and play dumb claiming I do not know. I’m instantly suspicious anytime someone asks me something out of the clear blue sky OR asks a family member something ‘odd’ in my presence. I cannot tell you how many times the family member freely gives away information without thinking! After it’s said and done, I confront this family member with what they did and they’re always surprised. I’ve asked them to be less trusting and to give away nothing to people whom they are not close with.

 

 I’ve heard of impersonation, phishing, and hoaxes. I wasn’t aware of the variety of phishing attacks, but I never open any email I wasn’t expecting and have turned in what appeared to be phishing emails to eBay in the past. I just talked to my husband regarding the shoulder surfing method of someone trying to get your ATM pin number. I’ve asked him to immediately stop what he’s doing at these machines if there is anyone behind him. Let them go first and move in to do his transaction later. Likewise, there is no way shoulder surfing is going to happen with me!! I’ll turn around and ask the person if they would like to go first and then move out of their way. Identity theft is a big concern of mine. It has happened to one of my friends but it was caught very quickly and nipped in the bud before too much damage happened. Avoiding identity theft requires some common sense such as shredding financial documents, don’t carry your social security number in a wallet or write it anywhere (like on a check), don’t give personal info over the phone or by email, keep personal info in a secure location, be alert to any unusual activity with any of your financial accounts. All of these steps I do practice, but one must not become complacent! It requires constant monitoring and acting right away when something doesn’t appear as it should.