Stop! Before proceeding, check out Part 1 of the Great Toilet Paper Cyber Hack of 2020 - posted on July 10, 2020.
When I reached out to Hal several weeks later to ask all the questions that kept nagging me about this activity, I learned that Hal had taken several actions to ensure this would never happen again. Hal and I agreed that we should share those as lessons learned.
1) Shop From Known Merchants
As mentioned in Part 1, it’s always best to be suspicious of unsolicited advertisements on social media sites, in emails, and anyplace encountered. No doubt, many of these sites are legitimate with legitimate products to sell; however, as Hal experienced, many of these are created for malicious purposes. Some of these purposes might include:
- obtaining your credit card, your password, or other personal information;
- enticing you to donate to a fake charitable cause;
- or to download malware onto your system.
Another point - pay attention to where the items are coming from and where the business is located. Unless you specifically desire a foreign-made product, it’s probably safer to buy from U.S. suppliers.
2) Use Two-Factor Authentication
Use two-factor authentication on all accounts where it is offered, such as social media, bank, shopping, and - most importantly - email accounts. This will help prevent access to your accounts should your credentials be stolen. Additionally, never reuse your passwords across multiple accounts. If the account credentials for one site are obtained, you don’t want them to be used to compromise other accounts.
3) Don’t Store Account Credentials in Your Browser
This one is challenging, I know, but refrain from allowing your browser to store your account credentials. It may seem a convenience but as Hal experienced, if an attacker gains access to your computer, it’s relatively easy to extract and decrypt those credentials out of your browser. Even a rookie can do it! Use a password manager to safeguard your passwords, and ensure you authenticate to that tool using two-factor authentication.
4) Lock Your Computer
Additionally, Hal mentioned that he now locks his computer when he isn’t using it, and for good measure, he never leaves his browser windows open and logged in to his accounts.
5) Backup Your Files
Reloading his computer didn’t concern Hal at all because he had a regular backup schedule and was confident he wouldn't lose any important pictures, documents, or other data. I know many people who back up their data to a cloud service, and many others who use a USB-connected drive. Either of these will work as long as you appropriately safeguard access to your backups. This means two-factor authenticated access to your cloud provider, or ensuring that you disconnect the USB drive and store it somewhere safe. Do not keep it connected to your computer or in your laptop bag once you are done with the backup!
A Happy Ending
Hal assured me that his reloaded computer is working better than ever and that he’s confident this will not happen to him again. Additionally, his cabinets are now stocked full of Charmin Ultra Soft Mega rolls - the authentic product! He committed to never allow his supply get low enough during a global crisis to be tempted to order from any previously unheard of Chinese site! Oh, and subsequently, we learned that Charmin makes their product right here in the U.S.A., so there is no need to send away to China to get this essential product!
Today's blog comes from State of Colorado Chief Information Security Officer Debbi Blyth.