CLIENT LOGIN

CLIENT LOGIN

Cybercrime Q&A

Dec 1, 2020 | General Financial Planning News

Responses to questions posed during the cybercrime webinar held on 24th November 2020.

  1. What can one do to check one’s exposure – on the internet, emails, social media, hacked information?

Please visit the website https://haveibeenpwned.com and enter your email address to see if your  email address has been compromised in a data breach.

If your email has been compromised, either reset your password or create a new email address.

  • Is something like 1password safe to store your passwords?

Yes, password managers are one of the safest ways to store passwords.  There are many password managers available such as bitwarden.com or LastPass.

Make sure your master password is a minimum of 12 characters long. Use characters, numbers and special symbols for example:

FaceWaterpipeYellowsticker1200@@

  1. The above password is easy for people to memorise, but difficult for computers to hack. This is because the password is long and contains special characters.
    1. If you lose the master password to your password manager you will not be able to log into your password database.
      1. This means you will not be able to view any of your other passwords.
      1. Make sure you never lose your master password.
    1. Don’t ever use the master password for any other websites or applications. Only ever use it for your chosen password manager.
    1. Please seek professional IT help if you need help setting up the password manager on your computer or need further training.
  2. What is recommended as an affordable yet effective, anti-virus for home users?
    1. The top anti-virus providers are BitDefender, Kaspersky and Sophos. It is critical that you keep your anti-virus software updated and install the latest version every year.
    1. In addition, it is important to make sure you run the latest operating system like Windows 10, and always install the latest windows updates. These updates are critical to keeping you safe online.
  • What is an ‘authenticator app’ and can you give an example?
    • The authenticator app is an app that is installed on your mobile phone. For example, Microsoft Authenticator or Authy are two possible options.
    • The authenticator app generates a unique number every +/- 20 seconds. Therefore, when you sign into a website with your username and password, the website will ask you to enter the OTP number which is generated by the authenticator application.
    • Important steps are to always make sure Microsoft Authenticator is configured to backup to the Microsoft Cloud. This will allow you to recover the authentication app settings in the event that you you lose your mobile phone.
    • The authenticator application provides an additional step when logging in to a website after you have entered the password. So instead of using SMS as a Second Factor authentication, you can choose to use the authenticator app.
    • Most websites today will allow you to enable Two Factor Authentication.
  • FNB wants users to log into the app to authorise business transactions. With long passwords this is VERY tricky. It encourages users to have shorter passwords.
    • We recommend using Biometric authentication using your mobile phone. Biometric authentication is a security process that verifies a user’s identity through unique traits such as facial characteristics, fingerprints etc.  Most banks offer this form of authentication.
    • Do not ever compromise your bank password by shortening it for convenience or writing it down paper.
  • If a cell phone is stolen, it is difficult to get back into one’s accounts where one has 2-factor authentication in use. Any workarounds?
    • The Microsoft Authenticator app supports cloud backup and restore.
    • Always make sure that the website you are using 2-factor authentication with allows for SMS signing as well. This will allow you to sign in using sms in the event you can no longer use the authenticator app.
  • If I want to make a payment,  for example a subscription to a publishing news site, and they have a ‘make payment’ page where they ask for username and password for banking to make the payment, how safe is this?
    • Always avoid entering a username and password.
    • It is better to rather use Paypal / EFT payments.
  • When we get a dodgy caller – what questions should we ask to determine if they are legit or not?
    • Rather terminate the call and contact the bank using the numbers provided on your bank card or on the website.  Never use telephone numbers provided by the caller.  Never engage in a conversation with someone who called you on behalf of a company.
  • Are Apps safer than browsers?  E.g. banking app versus banking via browser
    • No, the security of banking apps and web browsers are dependent on the security of your computer or phone.  Ensure they are regularly updated and correctly configured.
    • No IT system will ever be 100%, there is always a risk with using technology.
  • What are patches?
    • They are software updates.

Disclaimer:

Information provided here is intended to provide you with general information.  All information provided is done without warranty, express or implied, to its accuracy or completeness.  Personal Trust shall not be responsible and accepts no liability for any loss, liability, damage (whether direct or consequential) or expense that stems from the use of or reliance upon any information, links or service providers mentioned here. You acknowledge that the use of this information is entirely at your own risk.  Please consult an IT professional for further advice or assistance.