Commentary on the New York Times article by Jonah Engel Bromwich
The recent ransomware hack has hit targets around the world and still isn’t over. But advisors and their clients can take a few simple steps to safeguard themselves and their data, the New York Times writes.
Encryption, Passwords and Anonymity
It all starts with encryption — making sure that only people with a “key” can decipher your communications, according to the publication. Advisors and clients can download Signal, the open-source encrypted-messaging app that works on Android and iOS, although the program requires inviting people to download it before they can communicate, the Times writes.
Alternatively, the popular messaging platform WhatsApp already uses Signal, as does Apple’s iMessage, according to the publication. Meanwhile, Facebook Messenger and Allo, Google’s texting app, allow users to turn on encryption, the Times writes.
Encryption should extend to the computer’s hard drive too, according to the publication. Most operating systems already provide that option: Apple has FileVault while Windows offers BitLocker, and they simply need to be switched on, the Times writes.
The points of access of all that information — i.e., passwords — are also vulnerable, according to the publication. Changing them often is imperative, but remembering those changes can be daunting. Instead, Quincy Larson, the founder of Free Code Camp, suggests using a password manager such as LastPass, 1Password or KeePass, according to the Times.
But some experts point out that even LastPass itself was once hacked, the publication writes. So for some, physically writing down passwords, storing them securely and changing them weekly or biweekly may be the answer, according to the Times. And passwords should never be “precious,” as the publication puts it: they can be any random word with a string of random numbers and punctuation symbols, as long as they’re stored or written down.
Email as well as social media accounts can be further protected with two-factor authentication, which requires users to use both a password and a generated code sent to their phone to enter their accounts, according to the publication.
Moxie Marlinspike, the founder of Open Whisper Systems, which helped develop Signal, also suggests using a plugin called HTTPS Everywhere while browsing websites, the Times writes. Developed by the digital security group Electronic Frontier Foundation, the plugin makes sure that all traffic between the user and a website is secure and encrypted, according to the publication.
Likewise, online users must pay attention to their wi-fi networks, the Times writes. Many public ones, as well as private networks without additional security, can often expose users to cyber threats, according to the publication.
Some users may want to go further and use a virtual private network, or VPN, to hide their geographical location and browsing history, the Times writes. The publication’s tech expert Brian X. Chen recommends Freedome by F-Secure, TunnelBear and Private Internet Access.
As for anonymous online activity, the Times warns against relying on Chrome’s “incognito” mode. That function, as Google itself spells out, doesn’t hide browsing from the internet service provider, the visited websites nor the browser’s employer, according to the publication. One alternative is the Tor browser, but it’s still relatively unwieldy, the publication writes.
For those who want to hide their search history from Google, meanwhile, Larson recommends DuckDuckGo. But it’s Google’s data collection in the first place that leads to its accuracy and ease of use, he warns.
Finally, some users may want to take it to the next level and cover up their computer’s camera, the Times writes. If someone gets access to the computer, after all, they at least won’t be able to also watch you — which does happen, according to the publication.
