Protecting Yourself from a Data Breach requires Two Step Authentication

Have you ever thought about how a data breach could affect you personally? What about your business? Either way, it can be devastating. Fortunately, there are ways that you can protect your personal or business data, and it’s easier than you think. Don’t assume that protecting yourself is impossible just because big corporations get hit with data breaches all of the time. There are things you can do to get protected.

  • All of your important accounts should use two-factor authentication. This helps to eliminate the exposure of passwords. Once one of the bad guys gets access to your password, and that’s all they need to access your account, they are already in.
  • When using two-factor authentication, you must first enter your password. However, you also have to do a second step. The website sends the owner of the account a unique code to their phone also known as a “one time password”. The only way to access the account, even if you put the password in, is to enter that code. The code changes each time. So, unless a hacker has your password AND your mobile phone, they can’t get into your account.

All of the major websites that we most commonly use have some type of two-factor authentication. They are spelled out, below:

Facebook

The two-factor authentication that Facebook has is called “Login Approvals.” You can find this in the blue menu bar at the top right side of your screen. Click the arrow that you see, which opens a menu. Choose the Settings option, and look for a gold colored badge. You then see “Security,” which you should click. To the right of that, you should see Login Approvals and near that, a box that says “Require a security code.” Put a check mark there and then follow the instructions. The Facebook Code Generator might require a person to use the mobile application on their phone to get their code. Alternatively, Facebook sends a text.

Google

Google also has two-factor authentication. To do this, go to Google.com/2step, and then look for the blue “get started’ button. You can find it on the upper right of the screen. Click this, and then follow the directions. You can also opt for a text or a phone call to get a code. This also sets you up for other Google services, including YouTube.

Twitter

Twitter also has a form of two-factor authentication. It is called “Login Verification.” To use it, log in to Twitter and click on the gear icon at the top right of the screen. You should see “Security and Privacy.” Click that, and then look for “Login Verification” under the Security heading. You can then choose how to get your code and then follow the prompts.

PayPal

PayPal has a feature known as “Security Key.” To use this, look for the Security and Protection section on the upper right corner of the screen. You should see PayPal Security Key on the bottom left. Click the option to “Go to register your mobile phone.” On the following page, you can add your phone number. Then, you get a text from PayPal with your code.

Yahoo

Yahoo uses “Two-step Verification.” To use it, hover over your Yahoo avatar, which brings up a menu. Click on Account Settings and then on Account Info. Then, scroll until you see Sign-In and Security. There, you will see a link labeled “Set up your second sign-in verification.” Click that and enter your phone number. You should get a code via text.

Microsoft

The system that Microsoft has is called “Two-step Verification.” To use it, go to the website login.live.com. Look for the link on the left. It goes to Security Info. Click that link. On the right side, click Set Up Two-Step Verification, and then follow the prompts.

Apple

Apple also has something called “Two-Step Verification.” To use it, go to applied.apple.com. On the right is a blue box labeled Manage Your Apple ID. Hit that, and then use you Apple ID to log in. You should then see a link for Passwords and Security. You have to answer two questions to access the Security Settings area of the site. There, you should see another link labeled “Get Started.” Click that, and then enter your phone number. Wait for your code on your mobile phone, and then enter it.

LinkedIn

LinkedIn also has “Two-Step Verification.” On the LinkedIn site, hover your mouse over your avatar and a drop-down menu should appear. Click on Privacy and Settings, and then click on Account. You should then see Security Settings, which you should also click. Finally, you should see the option to turn on Two-Step Verification for Sign-In. Turn that on to get your code.

These are only a few of the major sites that have two-step verification. Many others do, too, so always check to see if your accounts have this option. If they don’t, see if there is another option that you can use in addition to your password to log in. This could be an email or a telephone call, for instance. This will help to keep you safe.

Amazon

Amazon’s Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in.

Without setting up Two Step authentication for your most critical accounts, all a criminal needs is access to your username, which is often your email address and then access data breach files containing billions of passwords that are posted all over the web. Once they search your username/email for the associated password, they are in.

Two factor locks them out.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Should You Fight or Take a Flight When Being Attacked?

I am a big believer that people should run away from an attacker. If a bad guy gets into your home and he often wants to cause you pain, RUN as quickly as you can to the nearest door. If you are in a corner or you have to protect a loved one, you might have to fight him.

Most of us are taught to not hurt other people. We teach our children to have manners and to be kind to others. This is a process known as “civilized conditioning,” and it allows us to live in a civilized society.

However, sometimes violence occurs regardless of this civilization. In fact, there are millions of people out there who are uncivilized and fully capable of doing terrible things to other people.

When you think of it, civilized conditioning is a type of double-edged sword. Yes, it helps to prevent us from being violent to each other for no good reason. But, it also prevents us from being violent with another person if we need to. Because of this conditioning, you might panic, stop breathing, or even freeze when someone attacks you.

Do you know what you would do if a bad guy confronts you? Would you freeze? Fight? Run?

If you are a parent and someone attacks your child, you would probably defend your son or daughter with a vengeance. But, what about when it comes to your own safety?

Here are some tools that you can use to overcome civilized conditioning when you need to:

  • Understand that no one has any right to harm you for any reason.
  • Realize that fighting back and resisting is the best way to remove yourself from a situation that is dangerous.
  • Ask yourself “What if” questions, such as “What if, as I walk through this parking lot, there is someone hiding behind that van?” This helps to prepare your body and mind to quickly respond in the face of danger.
  • Practice visualization to try to create potential scenarios in your thoughts, and then think about your response.
  • Take self-defense classes. This helps to give you a different perspective on your situation.
  • Have an awareness of your situation and environment no matter where you are or what you are doing. If you feel like something is wrong, it probably is.
  • If you are attached, run to a safe place, such as to a store, a home, or any other populated area.
  • Install home alarm systems in your home to further protect yourself from the bad guys.

And, when it’s all said and done, don’t worry about any of this. BUT, you need to know your options and you need to do something about it if a bad guy enters your life.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

14 Social Media Disasters Ready to Strike

There are many ways that you or a small business could get caught up in a social media disaster. Can you think of any off the top of your head? If you are like most of us, probably not. Here are 14 ways that you could be in danger:

social-media-privacy-security

  1. A Terrible Online Reputation – Do you keep a watchful eye on you or your business’ Facebook page? Are people posting to it? Are your staff? Even things that seem good-natured at first can be taken the wrong way by friends or potential customers.
  2. Racy Images or Text – If you or your employees are sharing racy text or images on social media, it could negatively affect your life or business. Though you definitely can’t control what they are posting, you can certainly educate them on the smart use of social media. Typically, these things happen because someone is ignorant about it, not feeling malicious. Even something as innocent as sharing a scantily clad photo of themselves while at work or play could give you or your company a bad name.
  3. Imposters – You might be surprised, but there could be someone out there posing as you or your business. So, make sure to patrol the internet to see if anyone is using your company’s logo or name. This even includes phony websites. Set up a Google Alert to notify you if your name or your business name appears online.
  4. Financial Identity Theft – It might seem harmless to post a photo of your employee’s puppy on your company website, but it could lead to financial identity theft. How? Well, if you post the photo, you surely would post the name of the cute little guy, and many people use their pet’s names as their passwords or answers to security questions. With that name, now identity thieves could have one more piece of the pie that they will use to hack into a financial account. Post pics of puppies all day long, just don’t use their names.
  5. Photo Geo Tracking – When you post photos, make sure that the GPS technology is off. This way, criminals can’t use it to find you or your employees addresses. Yes, GPS technology can save lives, but it can also ruin them.
  6. Robberies at Home – Make sure to educate your family or staff about the dangers associated with posting business or vacation travel information on social media. Burglars often use social media as a way to find a good house to break into. If they know Bob in accounting is out of the office and on vacation, they also know that he is likely not home, making his house a target.
  7. Corporate Snoops – It’s also possible that a spy could set up a page on Facebook, post as an employee of a well-known company or other branch, and then attract your real employees to a fake group. This way, he knows that they could give him sensitive information about your business, as they see him as trustworthy.
  8. Sex Offenders – Know who you are talking to online. Also, make sure to tell your staff to be careful when communicating with someone new. This person could be a sex offender, or worse.
  9. Attack of the Badmouth – At some point or another, you will get a disgruntled employee. Perhaps this person believes that they were unjustly terminated, or maybe they still even work for you. Employees who believe they have been “picked on” might try to get revenge by posting a bad review or blog about your company.
  10. Bullies – You might also find that one of your friends or employees is a bully. Are they posting bullying comments on your social media sites? If so, it could be bad for business.
  11. Government Spies – Even if it seems outlandish, many reports say that there are certainly law enforcement agents of the U.S. government that use social media to learn more about criminal suspects.
  12. Fake Sites – Someone could set up a fake site and pretend that they are from your business. When customers go to that site, they unknowingly give information about themselves, such as account numbers, email addresses, and phone numbers. Now, the bad guys have access to this information.
  13. Account Takeovers – You might remember when the show 60 Minutes, the Associated Press and others had their Twitter account hacked. The AP tweet that got out, claimed that then President Obama had been attacked at the White House. The stock market dropped significantly causing billions in losses as a result. If it can happen to the AP, it can certainly happen to you.
  14. Liability – Though you can use Facebook’s privacy settings to hide posts, that doesn’t mean that they can’t be used in some type of legal case. And studies show that Facebook is being used as evidence in 1 out of 5 divorce cases.

What is the takeaway here? It’s that there is no such thing as a fully private Facebook page just because you might have all of the privacy tools in use. A person with bad intentions, or your own ill conceived posts or a skilled hacker can still get in and ruin your good earned reputation.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.