Tips and advice for cyber security from our Tech Expert, Zachary Feuerstein

Zachary Feuerstein is a software engineer for dv01, a financial technology startup that provides reporting and analytics about consumer loans. Previously, Zachary has worked at Etsy and co-founded ResearchConnection, a startup which allows students to find and contact researchers across the globe. Zachary graduated in 2015 from Binghamton University with a B.S. in Computer Engineering where he had a strong focus on network computer security.

Jared: Should everyone follow Marc Zuckerberg’s example and cover their camera and microphones on their computers?

Zachary: It makes perfect sense to me that Marc Zuckerberg covers his webcam. He is an extremely high value target with thousands of people trying to hack into his computer daily. That being said, I cover my microphone and webcam as well. While my guess is that nobody is specifically targeting me like they are the CEO of Facebook, I’m not willing to take the risk since I know how easy it is to perform a hack like that. Anyone with little coding knowledge and a few hours of training could pretty easily get access to most of the computers on a given network.

Jared: Is there another way to protect ourselves from unwanted surveillance or is tape and Post-Its really the most effective way?

Zachary: Here are some good tips for protecting yourself from being hacked: Don’t sign into personal accounts over public Wi-Fi (aka Starbucks). A common attack used to steal user’s passwords in known as the man in the middle attack. This is where the hacker sits between you and the router and intercepts all information coming in and out of your network. While HTTPS websites claim to protect against this using encryption hackers have found ways around this. You can read more about it here

Jared: What methods or programs do you utilize when protecting yourself?

Zachary: Personally, I use ad blockers and I am careful of what I download. While I do not condone streaming TV or movies illegally, it has become so commonplace I feel the need to discuss how to protect yourself if you are going to do it. One of the main ways these hosting providers make money is by throwing ads and ransomware all around the video. Adblock plus is a great Chrome extension that will block most of these. It is definitely not a failsafe solution though and if you by accident click something that opens and looks like it is taking over your computer DO NOT click anything. Power off your machine and turn it back on. While it may look scary and even might start beeping really loudly these are all things done to scare you into clicking on a link to download malicious software that will lock up (encrypt) all of your information and force you to pay if you want the “key” to unlock it. Even the FBI recommends to pay them if you need that information. No other way around it.   

Run anti-malware software on your device every so often. My recommendation is malwarebytes. It is free (for Mac) and also won’t throw other software on your computer like some other antivirus software (Cough, cough Norton)

Jared: Should the average user be concerned about their information being stolen?

Zachary: It’s interesting that you use the word stolen. While we have discussed a few ways to keep yourself protected from hackers, they aren’t the only ones trying to get their hands on your data. You give your data away without anyone hacking you on a daily basic. The government and all of the private companies you use (your cell phone provider, Facebook, Apple, Amazon, Netflix, Google, your internet provider…etc.) all are recording everything and everything you do. In a lot of ways they know a lot more about you then your friends and family. Check out this story where Target knew a girl was pregnant before her father did.

Jared: Does it matter that many people feel as if they “have nothing to hide?”  

Zachary: While I don’t particularly like it, we live in a world where if you want to use the apps and services that everyone else uses you have to accept that almost everything you do is recorded. 99.9% of the time this isn’t an issue if you “have nothing to hide” but it doesn’t mean that one day it won’t be used against you. I think this will become an even more prominent issue in the future as we connect ourselves more and more with technology.

Jared: Most people have numerous accounts in a variety of sectors (social media, banking, etc.) Obviously it is risky to have one password or a variation of one password for every account, but how is the average Joe expected to remember dozens, if not more passwords? What are some best practices you recommend everyone should follow? What shouldn’t people do?

Zachary: While it’s something that I didn’t believe in until recently I suggest people use a password manager such as Dashlane or LastPass. I didn’t like the concept of a password manager at first since it provides a single point of failure (if they get your master password, they get everything) after doing some research the alternatives are much worse. When not using a password manager, most people tend to choose shorter, less secure passwords that are easier to remember. In addition, people reuse passwords for multiple accounts or just use slight variations of the same one. These are all really bad ideas. While the ideal is to use extremely long different passwords for every account and remember them all, most people don’t have the capability or will power to do so. So the next best thing to do is come up with one really strong password that you can remember and then have a computer securely store the rest of your other strong different passwords for every account. In addition to this I would strongly suggest that everyone adds two factor authentication to their password managers and accounts. This will ensure that even if someone steals your password they will also need access to your device that you authenticating with such as your cell phone.