Excellent Planet Money Podcast on the topic of SPAM and captcha challenges that we all hate.
By Staff Writer Tatyana White-Jenkin
With advancements in online technology moving forward with lightning speed, cybersecurity has become one of the Department of Defense’s top security concerns. Proper adherence to cybersecurity protocols ensures the Army’s defense against online predators, and when one Soldier becomes vulnerable to cyber threats, the entire force can become susceptible.
The Army Cyber Security Campaign is an ongoing effort to promote awareness and cybersecurity best practices for Soldiers, Civilians, contractors and Family members.
From detailed social media posts to unprotected devices, many issues can leave a service member vulnerable to cyber adversaries. Now more than ever, Soldiers need to be armed with tools like those provided by the Army Cyber Security Campaign to remain protected online.
In the spirit of the Army Cyber Security Campaign, the following is a list of 10 simple ways to remain aware and protected while online:
1. MINIMIZE THE PERSONAL INFORMATION YOU SHARE ON SOCIAL MEDIA
When using social media, limit the amount of personal details shared. Sharing information like a personal address, birth year or phone number can easily compromise privacy and lead to dangerous consequences.
“If your post is out there on social media, it’s out there forever and whether [or not] you take it down is inconsequential to the outcome,” said Jack Harrison, a division chief with the National Guard Bureau (NGB)’s Office of Public Affairs who oversees the NGB’s social media and web presence. “Protecting yourself starts from moment one.”
2. CHOOSE YOUR FRIENDS WISELY
While it’s great to be friendly, when it comes to social media, it is important to be critical of potential friendships. Be sure to examine each friend request before hitting accept. Accepting friend requests from people you do not know can be as risky as letting a burglar in your front door.
3. REFRAIN FROM UPDATING YOUR LOCATION ON SOCIAL MEDIA PLATFORMS
Sharing a current vacation spot or pictures from a recent work event may seem like an exciting thing to do, but it can actually be detrimental to individual security and the security of others.
“Divulging someone’s exact location would not only be a personal security concern, but an operational security issue relative to the units in which that person serves,” Harrison noted.
A criminal can easily trace a person or learn daily routines if locations are publicized online. Location information can also be saved through the geotagging on apps like the camera on a phone. Be sure to deactivate the geotagging feature on all mobile devices.
4. DO NOT OPEN ATTACHED FILE SENT TO YOUR INBOX IF YOU ARE UNSURE OF THE SENDER
Opening an attachment from an unknown source can result in a hacker gaining access to your information. Be sure to only download attachments from senders you recognize and trust. If the subject matter of the email containing the attachment seems suspicious in any way, confirm the email was actually sent by the noted sender before opening the attachment.
5. READ THE TERMS AND CONDITIONS BEFORE SIGNING UP WITH ANY SOCIAL MEDIA PLATFORM
Though it may seem tedious, reading the Terms and Conditions section on a social media platform is vital to ensuring security. Knowing the details of the platform’s privacy settings and regulations helps to confirm how and when personal information is being protected.
6. BE MINDFUL OF YOUR DEVICE SETTINGS
Bluetooth and other wireless capabilities on cellphones and laptops can leave you vulnerable to hackers. In public settings, be sure to always check your wireless settings and security features so others cannot access your device’s information.
“The effort to protect information isn’t only about the social media platforms,” Harrison said. “It’s also about the technology in laptops on desks or the cellphones in hands, [and] it’s about making sure to use the technology to protect [oneself].”
7. IF YOU SIGN IN ON A PUBLIC COMPUTER, ENSURE THAT YOU PROPERLY SIGN OUT BEFORE LEAVING
After using a public computer, it is important to sign out from each account you used. Forgetting to sign out may leave account information and passwords accessible to those who use the computer next.
8. CHANGE YOUR PASSWORD OFTEN
Changing passwords at regular intervals is crucial to ensuring accounts are secure. Doing so can deprive hackers the time needed to figure out passwords to break into accounts and steal valuable information.
9. KEEP YOUR DEVICES IN THE RIGHT HANDS
Be careful about who handles your smartphone and other internet-enabled devices. Social media accounts and other personal information can be accessed through these devices, so be mindful of who is allowed to use them.
10. THINK BEFORE YOU POST
When it comes to posting on social media, it is important to think twice not only about the amount of information being posted, but also about the type of information being posted. Posting details that make it easier for hackers to penetrate accounts and steal valuable information is just one concern. Another is posting information that could show you, or fellow unit members, in a bad light.
“You need to ask yourself how much of your life you want to be exposed,” noted Harrison. “From a military perspective, what would your commander think? One moment of your life can easily go viral and affect or destroy your career.”
“At the end of the day, it’s all about common sense overruling the desire to be [noticed on social media],” he continued. “You can do both, but you have to be safe and protect yourself by taking some common sense steps at the very beginning.”
Data breaches have become so common that their impact, at least in many of our minds, has lessened.
When we hear of so-many-millions of accounts compromised, or that the information of countless users of a service has been stolen, the sheer volume of data lost can disguise the individual impact.
When financial information such as bank card numbers and security codes are taken, they can be used to create clone cards for making fraudulent transactions. Social Security numbers, home addresses, full names, dates of birth, and other Personally Identifiable Information (PII) can be utilized in identity theft, but when it comes to medical information, the reasons for theft are not so clear.
Medical data may include past and present health conditions, pharmacy prescriptions, hospital records, insurance details, and online medical account credentials.
In recent years, Singapore’s SingHealth, the largest group of healthcare institutions in the country, suffered a data breach which leaked the details of 1.5 million patients — including Prime Minister Lee Hsien Loong — Atrium Health‘s billing provider exposed the information of 2.65 million patients belonging to the company, and only last week, client data belonging to People Inc., New York’s non-profit human services agency, was compromised.
According to a new report released by Carbon Black on Wednesday, an examination into current Dark Web offerings when it comes to stolen, leaked, and fake medical data reveals just how hackers are using this information for their own ends.
The most expensive offering on the market is provider information which can be used to forge a medical background, an alarming prospect given the harm which could be done when someone who hasn’t qualified poses as a medical professional.
These include insurance documents, medical diplomas, doctor licenses, and DEA licenses, all of which can be snapped up for roughly $500 per listing. The report says:
“A hacker compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity. The hacker then sells to a buyer or intermediary (who then sells to the buyer) for a high enough price to ensure a return on investment but low enough to ensure multiple people buy the item.
The buyer poses as the stolen doctor’s identity and submits claims to Medicare or other medical insurance providers for high-end surgeries.”
The cybersecurity firm also found a vast array of forgeries available and for sale. For between $10 and $120 per record, you can buy fake prescriptions, labels, sales receipts, and stolen healthcare cards.
For $3.25 or less, Carbon Black researchers viewed listings for stolen health insurance information which could be used to make fake claims at the cost of the victim.
When it comes to personal health information, of which there are mass dumps for sale online, the company says that these records may be worth up to “three times as much” as standard PII, given their immutability.
“Hacked PHI can be used by nation states against individuals who have health issues as a method of extortion or compromise,” Carbon Black added.
The report also included a survey based on interviews with a number of CISOs and healthcare organizations. According to the research, 66 percent of organizations said cyberattacks have become more sophisticated over the past year, and aside from data theft, 45 percent of companies said they’ve encountered attacks which are focused on information destruction in the last 12 months.
“In healthcare, prevention often stands to be the best cure,” Carbon Black says. “This holds true for both physical and digital health. A person’s digital (and often physical) health can be directly tied to the cybersecurity posture of their healthcare providers.”