How to Ensure Online Security


In 2015 nine large companies announced their systems had been breached. With these data breaches, hackers stole private information ranging from medical records to credit card information. Scary occurrences like data breaches show why it is important to protect your private information when you’re online. With National Cyber Security Awareness Month almost over, BBB wanted to share a general roundup of tips to know about keeping safe online:

Update Software Regularly

One of the best ways to prevent breaches is by making sure the software you use is always updated. Select automatic updates when you’re setting up new programs, and you’ll always have the latest updates and security patches. Key programs that must be updated regularly includes your web browser, operating system and virus and malware prevention software.

Your computer is not the only device you need to keep updated. Your tablet, smartphone and gaming systems also need updated software to prevent breaches.

Virus and malware software must be active when you’re online. It’s also highly recommended that you scan your system for potential threats each day. Do so after you’ve updated virus definitions.

Make Sure Your Wireless Router is Secure

When installing a wireless network in your home, make sure it’s secure. Don’t use the router name set by the manufacturer. Instead, change it to something that’s not easily guessed by others. Next, change the password to something unique. Finally, turn on firewalls on the router and your operating system. Here’s another tip: check the specifications on your router. Avoid routers that use WEP for security. You want a router that offers WPA or WPA2 security levels.

Put Thought Into Your Passwords

Despite every article that discusses the importance of passwords, many still use easily guessed passwords like “123456” or “password.” If you’re using a simple password, you need to change your ways. Longer passwords with a mix of upper and lowercase letters, numbers and symbols are best.

Here’s an easy way to create a tough password. Choose a favorite book, song, movie or television show and turn it into a tough-to-crack password. For example, if Game of Thrones is a favorite show, use it to create “G4m30fThr0n3$” as your password. All you’ve done is replaced all occurrences of “o” and “e” with numbers and the “s” with a dollar sign. It’s a tougher password, but still one you should be able to remember with ease.

Now that you have a tougher password, use a different password phrase for different functions. Have one password for online storefronts, one for your banking, one for work-related sites and one for emails. Don’t just use one password for everything you do online.

Don’t Shop or Pay Bills on Wi-Fi Hotspots

When you go to a coffee shop or restaurant and use their free internet, unless you’re given a password, the network is not secure. The same is true if your internet provider allows your home or device to become a wireless hotspot for others to use. Avoid using free internet hotspots unless they’re password protected. To prevent others from using your internet, go into your settings and turn off the ability for others to share your network.

Always Look for Security Enabled Sites

Google’s come a long way in giving higher ranking to sites that have security measures enabled that encrypt anything you send to the site. When you’re shopping online or doing any banking transaction, look at the address bar at the top of your screen, if it doesn’t say https:// or shttp:// don’t give out any banking information.

Don’t Store Credit Cards Online

It’s frustrating just how many retailers store your credit card information for future use. Some will offer you the chance to decide if you want the credit or debit card stored. If given the chance, avoid it. If you don’t have the chance, after the sale is complete, go into the payment method settings and click “delete card.” It’s best to avoid having your credit or debit card stored online, even if the retailer is trusted.

The risk of having your information stolen is always present, but by being proactive when shopping or completing financial transactions online, you make it harder for thieves to gain your personal information. However, no system is completely safe, so make sure you check bank accounts and credit card statements regularly to look for unauthorized transactions. If you do find anything, report it with your financial institution immediately.


Fish and Wildlife Hack in Idaho and Oregon


The Oregon Department of Fish and Wildlife and Idaho Department of Fish and Game both reported there was “unauthorized access of the system” discovered around August 23. The data breaches are tied to Active Network, a company that owns and operates the licensing systems.

According to ODFW, the breach impacted records from before September 2007, for both resident and nonresident tags and licenses. Social Security numbers and credit card information wasn’t exposed, but information like driver’s license numbers, name, gender, date of birth, address, telephone and email were accessed, the site says.

Since the breach, license purchasing in both Oregon and Idaho has been limited as the departments ironed out the details. ODFW says licenses and tags may be purchased at their offices and hundreds of businesses statewide, and the department is updating its website regularly with information on alternative ways to apply for what you need this fall.

Active Network has said they will soon be contacting affected customers by mail. In the meantime, ODFW recommends license buyers assume their information was accessed and monitor their financial accounts and credit history for any signs of suspicious activity.

Better Business Bureau serving the Northwest suggests doing the following:

  • Check financial accounts. Look at your bank, credit and debit card statements for any charges that aren’t yours, and make sure you report fraud to your bank right away.
  • Check your credit. Go to from a secure WiFi connection. You will need to enter your Social Security number, so don’t do this from a public computer or WiFi. Each of the credit reporting agencies, Equifax, Experian and Transunion, give you a free look at your credit report annually. You can check one today, one in four months, and the third four months later so you are regularly seeing activity. You are looking for anything on that report that isn’t yours, and once again, report fraud right away.

For more information on spotting and recovering from identity theft, visit our website,

Cyber Security Is Important for Small Businesses

Image courtesy of
Image courtesy of

Reposted from my column in the Portland Business Tribune.

We’ve all heard about the cyber attacks on large businesses—including Home Depot, Anthem and Target—but small businesses are actually the most common targets of online scam artists.

According to, 71 percent of data breaches happen to small businesses, and nearly half of all small businesses have been the victim of a cyber attack. Visa Inc reports that 95 percent of credit card breaches it discovers are from its smallest business customers.

Criminals are attracted to small businesses for three reasons:

  1. Due to a lack of resources, they are less equipped to handle an attack.
  2. The information hackers want—credit card credentials, intellectual property, personally identifiable information—is often less guarded on a small business system.
  3. Small businesses’ partnerships with larger businesses provide back-channel access to a hacker’s true targets.

Protecting personal information should be a high priority for any business. A data breach is not just a financial problem, but it will make customers lose trust in a business. Your customers will stop coming to you if they don’t believe their information is safe in your hands. Among small businesses that suffer a breach, a staggering 60 percent will go out of business in six months, according to Experian.

To protect your business and your customers, it is imperative you have safe-measures in place as well as a plan for recovery in the event of a cyber attack. Consider the tips below, and read Better Business Bureau’s comprehensive guide on data security for businesses at

Minimize what you save. Don’t collect or keep any information you don’t absolutely need. When information is no longer needed, make sure it is destroyed responsibly.

Restrict access. Limit access to data to only the people who need the information in order to do their jobs. Sensitive electronic information should be encrypted, and portable electronic devices should be secured. Any paper records should be locked up when not in use.

Use strong passwords. Never use the default password provided by your IT person or service provider. Each computer user at your company should have his or her own unique password. Never use simple passwords such as your name, your business name, “12345,” “ABCDE” or “password,” and never use the same password for multiple accounts. Strong passwords include a combination of numbers, letters and symbols, and they should be changed every 60 days.

Block intruders. Use up-to-date antivirus protection and firewalls. Most antivirus programs will automatically update the software as new viruses and spyware become known, but you should also run a full scan for viruses and spam at least once a week. Make sure your Internet connection is secure, and keep any guest Wi-Fi networks completely separate from the rest of your networks. Be aware that personal websites, including social networks, can be a gateway for malware and viruses; use business computers for business-only purposes.

Share with caution. Use a secure connection, such as SSL technology, when transmitting data over the Internet. Do not transmit sensitive information via email unless it is encrypted. When mailing physical records, use a security envelope, request package tracking and require the recipient to sign for the package.

Back up information. Back up data on all computers automatically, or at least weekly, including word processing documents, spreadsheets, databases, financial records and human resources files. Store backups in a secure location that is offsite or in the cloud.

The Top Cyberthreats of 2014

CyberThreats 2014

I came across an interesting article from my friends over at ThreatMetrix a few weeks ago that caught my eye—it’s the company’s annual list of what it considers the most important emerging cyberthreats for the upcoming year. I covered last year’s roundup—Cyberthreats of 2013—and was pleased/sorry to see how accurate and insightful the list was, with three of the five items making headlines during the year.

Cybercrime is an interesting phenomenon: On one end of the spectrum is a middle school girl who has her Facebook account hacked and used for cyberbullying, and on the other end is a data breach that compromises millions of credit card numbers costing victims thousands of dollars; the anonymity and scalability of the Internet makes it possible for one singular person to perpetrate both of these crimes.

So what do we have to look forward to in 2014?

The Internet of Things: The world is growing more and more connected every day—from refrigerators to cars to clothes—and the privacy and security implications are startling. Industry analysts estimate that 30 billion devices will wirelessly connect to the Internet by 2020, and while it seems silly to think that a WiFi toothbrush could steal your identity or send spam emails, the probability is increasing.

Critical Infrastructure: Think about the things that we all use on a daily basis: Water, electricity, roads… All of these services rely heavily on computer-based platforms. The battlefield has moved from reality into cyberspace and infrastructure in the United States faces cyber attacks every day. The issue has become so severe that an Executive Order to improve infrastructure cybersecurity was signed in February 2013.

Data Privacy: The National Security Administration’s PRISM program surprised and angered many Americans after it was revealed that their personal information was collected and stored. It is likely that personal information will only grow more desirable in the future—to governments and marketers—and be sought out in less-than-transparent methods.

Alternative Payments: I wrote about Bitcoins last Spring when the value hovered around $47 per Bitcoin—the current value as of this post is approximately $800 per coin—and they are practically mainstream: You can purchase a hotdog and soda at a Sacramento Kings game; buy an electric snow-cone machine from; and book your next trip into space with Virgin Galactic. However convenient and ubiquitous, these types of digital currency are still unregulated and prone to malware.

Mobile Transactions: Mobile transactions are poised to grow by 40 percent in 2014 to nearly $325 billion, but the dangers of unsecure apps and networks are very real. Check out BBB’s August 2012 article: Don’t Be Dumb with Smartphones.

Online Transactions: Just as fast as security experts can shutdown viruses and malware, new threats emerge. If the high-profile data breaches in 2013 are any indication of the future, online bankers and shoppers will need to exercise caution.

If you still don’t believe that cybercrime is a big deal—or if you’re just looking to quit your day job and become a bounty-hunter—check out the FBI’s Most Wanted Cybercriminals who have arrest rewards ranging from $20,000 to $100,000; but you have to split the bounty with me.

Full Disclosure: is a BBB Accredited Business headquartered in Salt Lake City, Utah.

What’s the Big Deal with Identity Theft?

BBB PR Manager Adam Harkness speaking at AARP's 2012 Consumer Protection Workshop.
Former BBB Senior Editor Adam Harkness speaking at AARP’s 2012 Consumer Protection Workshop.

When I first started working for Better Business Bureau in 2012, a large part of my job entailed traveling around Alaska to educate folks about common scams and the dangers of identity theft. I spoke at senior centers, Rotary Clubs and universities, and while people always seemed to agree that identity theft was bad, no one really seemed to understand exactly why it was bad. In the age of zero-liability credit and debit cards, why should people care if accounts are compromised? They just get the lost funds back right away anyways…

So what could an identity thief do with a few pieces of personal information? The short list is pretty straightforward:

  • Open a new checking or savings account.
  • Gain access to real accounts.
  • Establish new lines of credit.
  • Change addresses to receive mail.
  • Obtain medical treatment.
  • Commit crimes.
  • Pass background checks.
  • Steal children’s identities.

Yet many of these thefts, if expediently reported, will not likely cause immediate financial repercussions to the victims. But in the long-run, identity theft can affect credit scores which can result in less-than-favorable terms on loans, mortgages and credit accounts—an extra one percent on a 30-year mortgage could add upwards of $4,000 to the total cost. A big problem seems to be the fact that identity theft is such a hot topic in the news lately—consider the recent data breaches at Target and Adobe—and consumers appear to be growing complacent and desensitized to the issue.

The bottom line: If your identity is stolen and used to rack up thousands of dollars in charges, you probably won’t be held accountable for that money; but the damage to your credit report could literally take years to remedy.

A common question I often received while conducting identity theft awareness presentations was about the quality and effectiveness of monitoring services like LifeLock, and my answer remains the same: The services are incredibly effective and if paying that $10 every month eases your concerns then I encourage you to sign up; however, exercising a few proactive steps—for free—can accomplish the same thing:

BBB presentations on a wide range of topics are available to the public at no cost through BBB Foundation; to have a BBB Representative visit your organization just shoot us an email.

Full Disclosure: LifeLock Inc is  a BBB Accredited Business headquartered in Tempe, Arizona.