Online Security

Wikileaks, DDoS, and Russia, Oh My!

If your nerves haven’t been rattled by the October 21st DNS attacks, they should have been. The hysterical tenor of the US election drowns everything out, but this news was a real doozy. Many sites, including Twitter, Spotify, and AirBnB were inaccessible due to one of the largest denial of service attack ever.

Also in October, we saw a steady parade of emails illegally obtained from John Podesta, the campaign manager for Democratic presidential nominee Hilary Clinton. The U.S. government has directly accused actors in the Russian government for this action and have threatened to retaliate.

So given the state of a possible escalating cyberwar, how is an attorney to stay safe? Start by making sure you understand and live by these basic security rules:

RULE 1: Use strong passwords that cannot be found in the dictionary.

REASON: So-called “dictionary attacks” brute force their way into systems by trying known words. Best practice is to use a combination of punctuation and numbers.

TIP: Try catchy phrases with numbers, and use punctuation that looks like letters, i.e. Tofu2E@t (tofu to eat) or Dog8Hom3work (dog ate homework).

RULE 2: Use different passwords.

REASON: Usernames are bought and sold on the black market. So if access to one of your sites is compromised, all of your logins are vulnerable if you use the same password.

TIP: Use a tool like 1Password to manage your different passwords, or invent a password that has a variation in it.

RULE 3: Change default passwords.

REASON: Default passwords for routers or other Internet of things devices (such as baby monitors and thermostats) are easily found online. Access to such devices can be used to launch attacks.

RULE 4: Never, ever click on a link in an email to log into an account.

REASON: So called “phishing attacks” are what got John Podesta (and Colin Powell) into email trouble. The perpetrator sends you an email that looks to be legit, telling you there’s something wrong with your account. You click a link, go to an imposter site, and hand over your username and password to a bad actor.

TIP: Make it a rule to never click on links in emails for account information. ALWAYS type the internet address directly into the browser.

RULE 5: Always lock computers, handheld devices, or anything else with sensitive data.

REASON: People lose devices all the time. Tens of thousands of them in a single month. When someone has access to a device, you’re giving them keys to the kingdom. Make sure they can’t log in.

RULE 6: Make sure ALL devices you own are up to date with latest security patches!

REASON: New vulnerabilities are discovered all the time in the cat and mouse game that is cyberwar. The vulnerabilities, once found, are sold for money on the black market. There is no excuse for falling victim to an attack that leverages a known vulnerability.

TIP: Turn automatic updates ON for all of your devices’ operating systems.

RULE 7: Stop taking naked pictures of yourself with your smartphone.

REASON: Not that we have anything wrong with it, but there’s no way your picture is not making it out onto the Internet. Information on the Internet is like toothpaste: once it gets out, it’s not going back in.

TIP: Switch to a an old Canon ELPH or something that’s not connected to the Internet, for cryin’ out loud.