E-mail: info@webenergy.ca |  

Webenergy Blog

Online Security Article of the year...

Facebook Google Plus Linked In

If you haven't read my blog before, don't miss this one! I'm talking about online security and privacy. I'll give you tips on how to protect your information. If you don't know, I'm a certified I.T. instructor. I'm a security specialist and teach Security+, Ethical hacking and have set up secure networks for police departments in both the USA and Canada. No, I'm not a conspiracy theorist, whistle-blower or exaggerate the truth to make people panic. I'm simply writing about the facts.

Data Breaches

OK, the first thing I'm going to address is data breaches. There were close to 50 data breaches in 2017 resulting in over 1 Billion users information falling into the hands of organized crime, hackers, scammers and marketing companies. No, this isn't an exaggeration. Yahoo alone between 2013 and 2017 had almost 1 Billion user accounts breached.

Yahoo! (Update)

October 9, 2017: In December 2016, it was reported that “more than 1 billion user accounts” may have been impacted by the 2013 Yahoo breach. Recent news, however, shows it was indeed more than 1 billion—much more. Four months after Verizon acquired Yahoo’s core internet assets, it was revealed that every single customer account was impacted by that breach; three billion Yahoo accounts—including email, Tumblr, Fantasy, and Flickr—were stolen. Even after thorough investigations, it is still unknown who was behind the 2013 Yahoo breach. The other major data breaches in 2017 were: Equifax, XBOX 360, Ebay, Blue Cross, Uber, Verizon, Kmart, Gmail, Verifone (Point Of Sale machines), Nissan (Canada only so far).
To see if your email account or username has been involved in a data breach, I strongly recommend you visit this site and bookmark it. If any of your accounts have been breached, change your password immediately! https://haveibeenpwned.com.

Wireless Tap & Pay

So, you like the convenience of tapping your debit or credit card. You can tap and pay up to $100.00. First off, no one should do this. The connection between your card and the terminal is not encrypted. That means your credit card information is being transmitted wirelessly without any protection. Basically, it's like holding a sign up with your credit card info at a checkout so people can snap a picture of it with their phones. So why is it dangerous? There are many phone apps out there that can read the data from a transaction and capture it. That means I can be at a checkout line with my phone in my pocket gathering credit and debit card transaction data. I can then use my phone to tap and pay using someone else's card information! Yes, it is that easy! I suggest waiting until the banks have secured this type of transaction with data encryption.

Apple Pay

Apple Pay is secured with data encryption. So, when you pay, the connetion to your iPhone and the terminal is encrypted. This way if the data is intercepted, it isn't readable. So what's the down side? Well, it's not accepted everywhere as it's expensive for the retailer to set up. Not all credit cards are supported by ApplePay. Also, your credit card information isn't shared with the retailer. This can be bad because if you don't have a sales reciept then you have no proof you purchased the item at that store. It also makes it difficult for record keeping for businesses because when you look at your credit card statement all you will see is ApplePay and an amount.

G Pay

Yup, Google is getting into this too. They are combining Android Pay and Google wallet. Some apps support it like Airbnb and Uber. Should you use it? Read my section on Google below.

Google

No, I don't hate Google or their services. However, their way of doing business it what's scary. First off, the Android operating system used by 85% of all smartphones is of course created by Google. The operating system is 100% free. You can download it, modify it, install it and deploy it all for free. Sounds good doesn't it? Well like anything there is a catch.

Android Phones

So what's the first thing you need to do when you open your new phone out of the box? Create a Google account or link it with your existing account. You can't even use your brand new $400.00 - $800.00 phone without Google letting you. Did I mention that in 2016 and 2017 there were Google account data breaches? So, now you know Google isn't the most secure company in the world. What should you do? Simply put, create a separate Google account just for your phone. If you use Gmail for your email, just set that up in the email app on your phone but don't use your main Google account as your phone account. Google tracks everything you do, everywhere you go, scans your email content and contacts. For proof, click here and enter your google account information. You will see your location history that's kept by Google. The location services are on by default on your phone. Also, when you install certain apps like Uber, it will turn on your location services automatically. In fact, most of the apps you use require location services to be on which means you are being tracked by Google everywhere you go. Google also scans your emails and will target ads and marketing emails to you based on your email content. Google will also harvest the email addresses of your email contacts. My recommendation is to thoroughly read the Google privacy policy before using Gmail as your main email for personal or business use. Here's the part where Google shares your information with affiliates and trusted businesses. Who are the affiliates and trusted businesses? What do they do with my information? These are questions that only Google knows the answer to.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

If you want to secure your information as much as possible. Login to your account and change your security & sign in, and personal & provate info settings. 

The Cloud

The big 3 are Microsoft's One Drive, Google Drive and iCloud. If you are in Canada and have a data policy where you cannot store data outside the country, then you have 2 options. One Drive and Google. Microsoft has 3 data centers in Canada where Google only has 1. It's not clear if information stored on the Google cloud in Canada also syncs with USA data centers. Microsoft keeps Canadian data in Canada. iCloud's data centers are in the USA only. When it comes to security, iCloud has been breached so many times that users have accepted the fact their personal information and photos will become public at some point. Hopefully Google will tighten security and have no more data breaches. Microsoft is the only company that has not had data breaches and personal user information released online. Microsoft has invested heavily in their OneDrive and Azure platforms.

Alternatives to the cloud

There are several things you can do to secure your data. Here's our list:
  • Get 1 or 2 external hard drives. They are about $100 for 2TB of storage
  • Get a NAS device and store your data there. NAS are live and attached to the network
  • Set your phone to not automatically sync your files to the cloud
  • Don't use the same account for email and for your phone
  • Set up passwords for your devices
  • Use a program like keeper security to store your passwords
I hope you found this article informative. If you need a security consultation or more information, please feel free to contact me!

Blog by: Rick Sanders

©2024 All Rights Reserved | by: Webenergy