The Detroit Arsenal Cybersecurity Team hosted a briefing for arsenal employees for Cybersecurity Awareness Month Oct. 15, 2019 in the Building 200 auditorium.
This year's awareness month theme "Own It, Secure It, Protect It" demonstrates a need to take personal responsibility in helping to secure not only government information systems, but your own information as well.
Vulnerability Discovery and Analysis Labs Information Security Engineer, Matthew Wilds, presented information highlighting several key areas in cybersecurity to include citizen privacy, consumer devices, and e-commerce security.
The main focus of Wilds lecture centered on securing privacy information. He cautioned that most individuals aren't even aware of the information and passwords they have floating around the internet.
Wilds suggested using certain websites like haveibeenpwned.com and dhashed.com for individuals to find out what information may have been compromised and may have been released during a password dump from previous corporate hacks.
Other sites that hackers use, such as ghostproject.fr, may already have your information available for purchase.
There are many vulnerabilities hackers use to gain access to your network. One of these is that most users will use the same password for multiple online accounts.
"Using the same password on multiple sites increases the chances for that password to be compromised," said Wilds. He went on to say that once the hacker has that password, he can more easily breach any of the sites you sign into.
Even if that site doesn't compromise your finances or credit, a hacker can possibly use that site to gain more information that would allow him to hack into other sites or commit identity theft.
Wilds also suggested using two-factor authentication when possible, whether having the code sent directly to your mobile phone or using an app to "randomly generated key strings" for authentication.
"Using 2FA can stop up to 80% of your risk [on a private network or phone]," Wilds said, "and you can mitigate the other 20% of that risk."
Another personal security matter that can help in that 20% mitigation process is not reusing passwords, or slightly altering previous passwords according to Wilds. "Many people use only one or two passwords or reuse previous passwords is because it is difficult to remember so many of them," said Wilds.
To help keep up with numerous difficult passwords, Wilds suggests using a password app, such as "last pass." Wilds personally uses this app, which can be protected with facial recognition on his smartphone. He goes on to say that you need to make sure that if you use a password app it is on a device that you always keep control of so that it doesn't become compromised.
"It is more safe to keep multiple passwords on one device that you control, than to use only a few passwords," he said.
According to Wilds, it is also a wise idea to make passwords as unique and long as possible this will make them harder for a hacker to break.
As far as consumer devices and e-commerce security, Wilds suggests that you do your research into the company and/or device before purchasing. "Many devices may provide a back door for technicians to access the device," he said, "and may be able to access the device at any time."
This especially holds true with security cameras. Wilds stated that even though a criminal may not be able to access passwords or personal information, they can hack into a security camera and tell when you are alone, or not home.
To protect your credit, Wilds suggests contacting each of the three credit reporting agencies and locking down your credit. This will prevent a criminal from compromising your credit even with stolen identity information, because only you will know the unique password that you give them to lock and unlock it.
Wilds also cautioned against using unsecure wi-fi because it doesn't encrypt the data before sending. If you have to use an unsecure wi-fi, then he suggests using a Virtual Private Network, or VPN, which will encrypt the information from your device to the receiver.
Finally, he suggested that individuals should always update their phones with the latest operating system and patches, this will ensure that users have the most recent security measures for that device.