Cybersecurity expert Eric Draeger came onto WTMJ N.O.W. and talked about important cybersecurity tips and tricks heading into 2024.
Password Management
“Adding a ‘1’ and an exclamation point to the end of my password… turns out that’s not actually that secure,” Draeger said.
He said hackers have figured out those common passwords and people should use more complicated ones with random words instead.
“Use four simple words… tree grass, roof, door… and separate them with some sort of special character. Now, you’re really only remembering four things,” he said. “You’ve got a password that’s probably about 20 characters long and uncrackable even by today’s computer standards.”
He recommends using this password for automatic password manager apps that store all the passwords on your device. These apps file all of your passwords so they don’t have to be remembered, but there still has to be a password to access the account. That’s where you’d use the four random words password example.
“Make that one password something you have never used before. Not even like a part of it in a different password. Not even like a base root word,” he said.
He said although some people might use iPhone notes to store passwords, password manager apps are the better option.
“If you have another device that’s attached to [an iPhone], all those notes get replicated on the other device. If that device is already similarly unlocked or has the ability to be unlocked… those notes would be available to anybody else who’s looking at that screen,” he said.
Oversharing Online
In addition to finding more secure passwords, Draegor also said sharing some basic information online can be dangerous.
“Just having that birth date makes you much easier to dig up information about,” he said. “There might be 100 [people with your name] in the world, but there’s probably only one with your birth date.”
He said that’s how they easily found people when he worked for the police department, but if they can do it, then anyone can as well.
Telling people when you travel is also one of those things that people should wait to tell online. The best time to post pictures of a vacation online is after you return home, otherwise it can be a potential safety issue.
Using public wifi can also be a risk unless you use a virtual private network or VPN.
VPNs protect users by encrypting their data, including browsing activity, identity, and location.
“Without something like a VPN, people can see certain things about what you’re doing online. Not specifically the words or things your typing, but things like what websites you’re going to,” Draeger said.
Mainly get VPNs from verified companies online, but Draeger says anything is better than nothing.
Vishing
Draeger said something to look out for in 2024 is vishing, or voice phishing, attacks.
“[Vishing is] somebody making a phone call to the company and impersonating an employee in order to get access to their password reset system,” he said. “Specifically to get access to their multi-factor authentication, that little app where we all have to put in the six-digit code to get into our email.”
“Once you’re in… you’re often trusted as ‘this must be the right user if they have that code,'” he said.
He said there have been two major vishing incidents so far: MGM in Las Vegas and Caesars Entertainment. Caesars Entertainment paid about $15,000,000 for their ransomware attack.
Draeger said almost anyone can learn how to do these attacks, and it’s an attack that’s very common at its source.
“They’d call up people, [especially with old people], at home, and try to get them to give up passwords and other information so they can get into bank accounts,” he said. “Now we’re seeing the evolution where it’s business, and that’s kind of a scary thing.”
He said companies haven’t done a great job preparing people for this scamming attack to hit the workplace, and he expects vishing scams to increase a lot more in 2024.