Blog

According to Forbes, over 500,000 Zoom credentials were recently sold or given away on the dark web. The credentials ranged from personal meeting URLs to login information. While there are a lot of ongoing discussions about using Zoom in the wake of security issues that have come to light over the last few week, if you make the decision to continue to use Zoom, it is probably a good idea to change your password again. However, if you’re already following the practices for password use, that step may not be necessary since you would have a unique generated password in your password manager that is only used for Zoom. Also a good idea–don’t post your Zoom PMI (personal meeting identification) on social media like Prime Minister Boris Johnson did a few weeks back as detailed in this article at PC World.

The bottom line from this news is that practicing good cyber hygiene if just as applicable to Zoom, as it is to anywhere else in cyber space.

Go check out this short article from some of my colleagues about an increase in cyber attacks that try to exploit the prevalence of confusion over the coronavirus COVID-19. It’s always smart to be careful before clicking links or opening attachments, but make sure you don’t let your guard down when there is so much else going on.

Also, a friendly reminder that if you’re starting to work remotely and are using various videoconferencing apps, be aware that the camera and mic will sometimes turn on before you realize it. They may also get left on inadvertently. Make sure you close out of conferencing software when you’re done with it and/or cover your cameras to make sure you aren’t sharing more than intended.

According to an article at ZDNet, personal information from over 10.6 million MGM Resorts guests was posted on a hacking forum this week. ZDNet was able to confirm the information, which included names, addresses, phone numbers, and birthdays, was for people who had been guests at various MGM Resorts. MGM Resorts confirmed that they experienced a breach last summer and gave proper notification in accordance with state law. Not surprisingly, this looks like the first time that breach is in the mainstream media. While they claim no financial information or passwords were included, that doesn’t mean this information is not useful to hackers who had. If you got a notification from MGM Resorts about the breach, now is a good time to take stock of your data–check your credit report, make sure your passwords are secure in a password manager, etc. Time will tell whether this breach has wider implications.

Head over to TechCrunch and check out this article by Zach Whittaker (a good follow on Twitter, by the way). It details Senator Kirsten Gillibrand’s new bill called the Data Protection Act that would “create and meaningfully enforce” data protection at a federal level. This is just the latest in a series of different bills presented in Congress trying to bring a more cohesive regulation framework to privacy and data security in the US (as noted in this article at the National Law Review). To date, none of the proposed federal regulations have gotten enough traction to be passed into law, but don’t worry–it’s coming. With the states leading the way with things like CCPA and the Nevada Privacy Law, businesses are starting to be affected by the varying laws. And even though privacy is not quite the lawless wild west that the Senator makes it out to be, the inconsistent laws from state to state help make the case for some federal regulation. I wouldn’t be surprised if we see more developments on this front throughout the year.

I know it seems like just one more thing to add to your plate, but you really should be doing an annual privacy/data security checkup. Now is as good of time as any to start. The more things you check on the better, but here are a few ideas of places to start:

• Facebook privacy checkup
• Google privacy checkup
• haveibeenpwned.com – check all of your email accounts and passwords and update any that are exposed
• Get your free annual credit report
• Next time you long into any accounts, especially financial accounts, make sure you have turned on Two Factor Authentication/2FA.

There are other things you can do too, but this will give you a good start on making sure your data is protected.

Cybersecurity is a broad topic that conveys different meanings to different people, but generally deals with security and privacy on computer systems. If you are curious about some of the basic principles of cybersecurity, check out this Cybersecurity Lab from PBS’ Nova. While you may think you can’t learn much from an online game, this actually does a good job of introducing some concepts that you should be thinking about in terms of passwords, code, and defending yourself against hackers.

Part of planning for cybersecurity incidents and breach response is identifying your digital assets. Whether it be photos, documents, or other data, digital assets are something valuable that you own and have rights in. While we often focus on protecting those assets from a breach, more and more people are starting to realize that they need to think about what happens to those assets in death. Perhaps you have stuff that you never want to be seen by others; maybe you would rather not have your loved ones sifting through you email account; or maybe you’re an open book and don’t mind what happens. Either way, you should consider addressing your digital assets in an estate plan. If you were to die, would those you leave behind be able to access your accounts and carry out your wishes? Would your cryptocurrency fortune be forever lost in your hard wallet? There are many different aspects of this to consider and which have been addressed in a new guide published by one of my law school classmates, Megan Yip. Go check out her free guide here and consider implementing some of her tips. And at the very least, follow the advice she gives and which I have suggested before–use a password manager!

A lot of planning goes into what to do in the event of a data breach. One aspect that is, unfortunately, sometimes neglected is disclosure of the breach. While there are laws that require disclosure, they are not uniform across the world. It is important that you have a plan for dealing with disclosure of a breach. Head over to Troy Hunt’s blog to learn about some of the difficulties of ethical disclosure and make sure you have a plan for handling the situation when you are notified of a breach.

Today is the 11th anniversary of the mining of the Bitcoin genesis block. It is also a day which some have designated as proof of keys day. If you don’t know what that is you can read about it in detail at this Yahoo Finance article, but basically it is a reminder that cybersecurity is an issue for cryptocurrency too. If you own Bitcoin or any of the other cryptocurrencies out there, it is a good practice to make sure your keys are secure. While hardware wallets are not completely foolproof, nor unhackable, they provide you with a way to make sure that your crypto-assets are really there. Proof of keys days is as good a day as any to make sure that (1) you have your keys, (2) they work, and (3) your crypto actually exists. Good crypto cybersecurity practices is one way to help you have a prosperous New Year!

With all the gift giving going on right now, you might need to take a few steps to make sure your privacy and cyber assets are secure. Make sure that you take a couple of extra minutes while setting up any new smart toys or connected devices to turn on the security features. This will vary depending on the item, but generally, you should set up new devices with passwords (preferably one you don’t use elsewhere); turn on two-factor authentication; and check to make sure you’re okay with the marketing/data collection preference boxes that may be clicked in the settings. It never hurts to look through the settings portion of a new toy to make sure there isn’t something set to a default allow that you would rather not have happen. For a little information about the risks with children’s toys, check out this article from Forbes.