Tesla Stops Accepting Bitcoin As Payment For Its Cars

What happened?

On February 8th, 2021, Elon Musk’s automotive company Tesla announced it had purchased $1.5 billion in Bitcoin. They also announced they were going to start accepting bitcoin as payment for its products. This news had caused the price of bitcoin to rise up 20% on the day of the announcement.

Fast forward three months, and on May 12th, 2021, Elon Musk–one of the higher profile supporters of cryptocurrency–announced Tesla will stop accepting Bitcoin as payment for its cars. “We are concerned about rapidly increasing use of fossil fuels for Bitcoin mining and transactions, especially coal, which has the worst emissions of any fuel,” Musk said in a statement posted to his Twitter account.

So what accounts for the dramatic change?

Musk still supports cryptocurrency, but cited the environmental impact of Bitcoin as currently unacceptable. The generation of Bitcoin requires a great expenditure of electricity. This, in turn, has led to a massive reliance on fossil fuels. Fossil fuel usage is the scourge of the environmental sustainability movement.

What is Musk thinking?

There is obvious tension for Musk here—his company Tesla is predicated on the large-scale transition from fossil fuel dependent vehicles to electric vehicles. Being the poster boy for a Cryptocurrency that is fossil fuel heavy would make Musk look hypocritical and create bad optics for Tesla.

This is another reminder that while the value of Cryptocurrencies like Bitcoin are judged alongside the national and transnational currencies on the market, such as Euros and the USD, there is a big difference in their volatility. Musk obviously couldn’t stop accepting Euros for Tesla cars if he felt like it. As Jay Adkisson, writer for Forbes states in his article “That difference is that governmental currency, such as dollars, are given the nation’s support to reduce volatility, prevent manipulation, and maintain a steady price. Crypto has no such support.” The link to Adkisson’s full article on Cryptos vulnerability in being detached from government support is below: https://www.forbes.com/sites/jayadkisson/2018/12/26/the-difference-between-crypto-and-a-dollar-euro-yen-etc/?sh=61ad8baf58e8

Why does this matter?

It’s a big deal that Musk, a famous supporter of Bitcoin, is concerned enough about its fossil fuel usage to do a public about-face. Cryptocurrency has issues with environmental sustainability, and until these issues are resolved, the use of cryptocurrency will be inhibited.

There are consumers and businesses convinced that cryptocurrency like Bitcoin is ready to disrupt the entire economic balance, and may have pointed to a progressive company like Tesla embracing Bitcoin as evidence. This announcement invalidates that idea, and resets that timeline. Any major disruption by cryptocurrency in the commercial market seems delayed until further notice.

It also further demonstrates the dramatic difference between cryptocurrencies and government-backed currencies when it comes to stability. Cryptocurrencies can still be radically destabilized by the whims of one major player like Elon Musk. What will help crypto get away from this vulnerability? Vitalik Buterin, the co-creator of Ethereum, says that the market needs to “build up an immune system over time.” So part of the answer is that the longer time and familiarity the market has with crypto, the less volatile it will be. Buterin says “…I do think that the markets will learn. Elon is not going to have this influence forever.” The second factor in the stabilization of Crypto will be a fully realized technological breakthrough, in which there are no flaws, such as fossil usage, that create fundamental fear about its viability long-term.

Bottom Line: cryptocurrencies have become less likely to be standard forms of payment anytime soon.

What to expect in the future based on this news?

Expect a lot of news in the near future about how the cryptocurrencies are trying to drastically reduce their fossil fuel footprint. Whichever form of cryptocurrency (i.e. Bitcoin, Etherium) most successfully reduces its footprint will have a big leg up in becoming the predominant cryptocurrency. And environmental sustainability is the key to cryptocurrency being normalized as a form of payment.

For now, carry on as usual—this news reinforces the current status quo of currency exchange.

THE GDPR: HERE’S WHAT YOU NEED TO KNOW

You may have noticed recently that your inbox is filling up with companies informing you that their privacy policies and terms of service have changed. That’s no coincidence: on Friday, May 25th, the European Union will put into effect a sweeping new legislation that deals with data privacy and how companies handle personal data. Here’s what that legislation is, and how it could affect you. 

What is the GDPR?

The General Data Protection Regulation (or GDPR) grants individuals a series of rights concerning their personal data, informs how companies can use that data, and stipulates how companies are beholden to their customers with regards to their data and its usage.

What’s its goal? To give internet users more control over their data and their privacy, and to prevent companies using your data in ways that you might not have consented to.

Does the GDPR apply to companies and people outside the EU?

Obviously, the United States isn’t a part of the European Union. But the GDRP has reach that might surprise you, with effects that you could feel here.

For starters, if you’re just visiting the EU on vacation, the GDRP will affect you during your stay. It doesn’t necessarily apply to all EU citizens who are living outside of the EU, but it does apply to EU citizens who work for companies that do business inside the European Union. In fact, if your company processes even just one person’s data from within the EU at any point after May 25th, 2018, then your company has to abide by the rules and regulations put into place by the GDRP- even if your company isn’t European and doesn’t have any physical presence in the EU at all.

How will companies and people in the U.S. be affected?

A lot of companies are already asking you to accept updates to their terms of service. This is because the GDRP requires organizations to get consent from their users before storing and processing their personal information. If it’s an email, a prompt upon login, or another form of notification, companies will seek your consent if you choose to continue using their services.

And again, if you’re a company in the U.S. that processes any personal data at all from a person inside the EU, then you’re required by law to be GDPR compliant.

What are the penalties for non-compliance?

If a company is found to be violating the GDPR the financial price is steep. The fine is either 24 million dollars (20 million euros) or 4% of the company’s global revenue for the year, whichever is higher.

Is the U.S. planning to do something similar?

Currently, the U.S. Congress is considering the Social Media Privacy Protection and Consumer Rights Act of 2018, which is similar to the GDPR in a lot of ways. While the U.S.’s current data privacy laws are more lax than the EU’s will be after the GDPR goes into effect, several lawmakers in America are pushing for stronger protections for personal data.

Regardless of actual policy, the GDPR has put standards into place that companies will begin to follow, and consumers will come to expect. It won’t be long before we’ll feel the full effects stateside.

What can I/my company do to be GDPR compliant?

If you’re going to be affected by the GDPR, you’re going to want to read it (LINK) and make sure you’re legally conforming. That being said, there are a few steps you can take right now to get ahead of the GDPR-caused curve. Here’s what you can do to make sure you’re GDPR compliant:

1) Provide a clear indication of consent to your users

On websites and web forms, let people know that by utilizing your service they’re consenting to allow their data to be used, stored, etc. Make sure your wording is concise and easy to understand, and be sure to include a cookie agreement and age verification (if needed), as well.

2) Validate the country of your user

If necessary, you should try to ascertain whether a person’s data is regulated by the GDPR. You can do this by adding a ‘Country’ or ‘Country of Residence’ field to web forms.

3) Review and manage existing contacts and your contact database

You’ve been getting all those emails for a reason! Consider sending your users a new request to reverify their email address and renew their consent to receive emails from your company and use your services.

4) Proactively update your privacy policy and regularly notify your users

Include a simple outline of how data is being collected, which data is used, and what it is used for. Not only will people appreciate your clarity and honesty, but by getting started on GDPR compliance now, you’ll be saving yourself headaches in the future.

WHAT IS A PATCH, AND WHY IS IT SO IMPORTANT?

We all sometimes ignore notifications that our computers, phones, and tablets are ready to update. Here’s why you should stop, and how you could be compromising your cybersecurity safety by doing so!

In today’s cybersecurity landscape, it seems like we’re hearing more and more about software vulnerabilities being exposed and exploited by malicious parties. These malicious parties count on the fact that common, everyday users aren’t keeping up-to-date on all the latest cybersecurity news- meaning that they could be leaving the door wide open to attacks on their systems and programs.

Recently, you may have read about the urgent Adobe fix for two critical vulnerabilities that affected Photoshop Creative Cloud (CC) for both Windows and macOS, or the ecommerce vulnerability that had been left untreated by many users of several online payment tools. Or maybe you haven’t. Again, these cybercriminals count on the average computer user to not be aware of all the possible vulnerabilities they face.

So how do we, as tech professionals, fix this problem? How can you fix this problem at home? At work? How can you teach your family to protect themselves?

The short answer is: patching!

If you’re not familiar with the tech world, “patching” might mean darning socks or fixing ripped pants. Similar to these fabric patches, a computer software patch can be used to repair an exposed flaw in a program or operating system.

Along with other types of updates, like maintenance updates or complete overhauls, patches are part of essential preventative measures that are necessary to keep your computers, phones, tablets, etc. up-to-date and safe from malware and other cybersecurity threats.

Being knowledgeable and willing to apply patches as soon as you’re notified of them (whether that notification comes from a trusted news source or from the developer of the software in question) is your best defense against cybercriminals that seek to weaponize known vulnerabilities. (And, according to the NSA, this can occur in as little as 24 hours of a vulnerability being discovered!)

Think of software patches as armor that repels attacks and protects against various exploits. It’s important that you keep that armor polished and new! If you’re a TechBldrs client, we apply these patches to your systems on a monthly and as-needed basis. At home, you can best protect yourself by updating all your software as soon as you get a notification about an available patch. And, of course, by calling TechBldrs at (610) 937-0900 or emailing us at info@techbldrs.com if you have any questions!

Stay safe, stay smart!

DON’T FALL FOR PHISHING HOOK, LINE, & SINKER!

We’re excited to share our new video blog format with you! Watch our video to learn how to avoid getting caught in a phishing attempt. Then, test your skills with Google’s spam-spotting quiz! Joe got 100%- think you can get 100%, too?

HAVE YOU GOTTEN ANY OF THESE SPAM EMAILS?

Here are the five most common types of spam emails you’ll see. Do you know how to spot them and protect yourself?

While in the past “spam” was primarily recognized as a tinned form of meat, most internet-goers today will recognize the word “spam” as describing unwanted (and potentially dangerous) junk email. Yet while spam is common (approximately 70-80% of all email traffic is spam), not many people can claim that they haven’t been fooled- or almost fooled- by a spam email they’ve gotten.

So how can you protect yourself?

Firstly, we recommend catching up on our past blog about identifying phishing attempts.

Secondly, educating yourself about the types of spam emails you might receive will help you identify them as you get them, preventing you from potentially compromising your cybersecurity.

The most common types of spam

Averaged out over the course of the year, more than 50% of spam falls into the following categories:

  1. Adult content
  2. Health
  3. Technology & Technological Support
  4. Personal Finance
  5. Political

Adult Content

This type of spam email includes links to porn sites, advertisements for pornographic content, male enhancements, adult dating sites, etc.

Spammers who send adult content will often use attention-grabbing, explicit, and rude words (like “hardcore”). In order to bypass spam filters, spammers will also often distort or otherwise alter these words, deliberately adding symbols or making spelling mistakes (like “se><” or “extremme”).

URLs included in the body of the message often redirect to an adult site, or to a site that could distribute viruses or ransomware. As always, we highly recommend HOVERING over every link before clicking to ensure the link leads to a reputable, safe site.

Health

This category of spam email includes advertisements for weight loss supplements or programs, “magic cures,” non-traditional medication, etc. which can all be bought online. These emails might include links to blogs that tout whatever the email is offering as “too good to be true,” or might include (fake) endorsements from celebrities or other public figures. They might even offer to allow you to try them for free, just pay shipping. (What they don’t tell you is that they’ll keep sending you product and charging your card.)

Don’t fall for it! If that “magic cure” seems too magical, chances are it’s a scam.

Technology & Technical Support

Technology-focused spam emails often include low-priced or free computer hardware or software as well as services for website owners such as hosting, domain registration, etc.

Recently, this category of spam email has broadened to include advertisements for apps, smartphones, and tablets. Be wary of so-called “smart” devices offered for unusually low prices, or offered for free- especially if there is any indication that whoever is behind the email wants you to give them personal information (such as your full name, address, credit card number, etc.).

And, with the rise of apps being used to mine information or turn your phone or tablet into a cryptocurrency farming device, be wary of what you download!

Remember, if you have TechBldrs as your IT support provider, we will NEVER send you emails from an account that does not end in “@techbldrs.com,” nor will we ever try to sell you something in an email. When in doubt, please contact us directly by phone so we can tell you if the email you received was spam or not!

Personal Finance

Personal finance spam accounts for around 10% of all spam messages. This category includes offers to refinance student loans, offers to reduce credit card bills, get better deals on insurance, etc. Like adult content spam, personal finance spam often distorts key words (“fin-ance,” “creddit”) in an attempt to avoid spam filter detection.

Personal finance spam is often very short, advertising a link to click on to take a survey to see how much money you could save, the state of your credit score, or any other type of financial assessment. This link could either lead to a virus or could be a ploy to get your personal financial information. Remember, never enter ANY financial information online, unless you fully trust the (reputable) source.

Political

With the increasing profile of certain political figures, parties, and movements, we’ve noticed a large increase in political spam emails. These types of messages can include links to surveys, polls, fake political sites, offers to join mailing lists, and so forth.

As always with emails you suspect might be spam, do NOT give out your personal information if the email in question seems even the least bit illegitimate. People who design and distribute political spam are counting on the fact that people feel very strongly about their own political beliefs and might be less inclined to think critically about something political they receive.

Now that you’re a spam-spotting pro, your employees can be, too- TechBldrs offers a cybersecurity training program as well as a complete five-part cybersecurity plan.

And if you ever get any emails you’re unsure of, you can email us directly at info@techbldrs.com.

Stay safe, stay smart!

5 WAYS TO HELP YOUR ELECTRONICS BEAT THE HEAT THIS SUMMER

Summer is finally here! School’s out, days are long, and memories are being made (and stored on your phone’s Camera Roll). But as the days get warmer, it’s important to the working condition of your computers, phones, and other portable electronic devices that they remain as cool as you feel after a dip in the pool.

If you want to make sure you’re able to Instagram those 4th of July fireworks, keep these five tips in mind as you go through the summer months.

Backup Your Data

Dropping your phone in the pool or leaving your Kindle at the beach is costly and painful, but not as costly and painful as losing your irreplaceable photos and documents. To avoid that, make sure your data and devices are backed up regularly with a verified backup service provider like IDrive, Backblaze, or Carbonite. A damaged device can be replaced, but your data could be lost forever unless you back it up!

2. Allow for Airflow

Your devices like a nice breeze as much as you do- so give them some breathing room! Most computers, printers, game consoles, etc. have fans and vents clearly located on the back or side. Make sure these are free of blockages and have ample room around them (about 2-4 inches) so as not to obstruct the flow of air into and out of your device.

3. No Sun

Never place your computer, phone, or other electronics under direct sunlight for an extended period of time, since the sun can cause heat damage, damage to your screens, and melting. It’s best to store your electronics in a cool place, like near a fan or air conditioner. And never leave your electronics in your car- your iPhone can’t use sunscreen!

4. Don’t Stack

Electronics get hot enough on their own during the summer. Stacking them on top of each other produces heat, which can transfer between devices and cause things to get dangerously toasty. We want to roast mashmallows during the summer, not important data, so keep your devices spread out and use shelves for device storage!

5. In an Emergency, Shut it Down

If one of your devices begins to overheat and malfunction, immediately shut it down and (if possible) disconnect its power supply. Taking steps to cool down your device can help prevent damage and data loss, so it’s important to let your overheating gadget sit until it is no longer hot to the touch. It will then be safe to power up again.

If you’d like to learn more ways to protect your devices and keep up on the latest cybersecurity news, you can “Like” us on Facebook.

Stay safe, stay smart!

HOW HACKABLE IS YOUR PASSWORD? THE REAL COST OF DATA BREACHES

Data breaches are getting worse and happening more frequently, and our password habits aren’t helping. Financial information, healthcare, education- no matter how secure the system, nothing is truly safe. What’s been happening while you’re still logging into Netflix with your old “flyEaglesfly123” password? We’re so glad you asked.

Data breaches are happening more often.

It’s only August, and there have already been 14 major data breaches in 2019- on track to eclipse 2018’s record year (1 billion records, up from 179 million in 2017). And it’s not just small companies being hit: Facebook, Amazon, Google, and Apple have all experienced data breaches. Some notable hacks close to home here in Pennsylvania include Baltimore City (5/7/2019), Philadelphia Courts (5/21/2019), and LabCorp (6/4/2019).

What does this mean in real numbers?

In January of this year, 2.3 billion accounts were found in the Dark Web, their information visible to all. 4.3 billion people classified as “internet users” by the International Telecommunications Union. 4.3 billion vs. 3.2 billion- if you do the math, do you feel confident in trusting your security to those odds?

Data breaches are getting worse.

More people are online than ever, and more people means more devastating results when a breach occurs. 31% of data breach victims later experience identity theft, with a reported $905 million in total fraud losses in 2017 in the United States alone. It’s too expensive to ignore online account security.

Bad password habits are here to stay.

If “123456” is your password, you’re not alone- and that’s not a good thing. The UK’s National Cyber Security Centre analyzed passwords belonging to accounts worldwide that have been breached and found that 23.2 million accounts used this simple-to-crack password. In fact, 40% of users still use weak passwords. That’s a lot of people who are easy targets for hackers.

The more online accounts you have, the more vulnerable you are.

73% of users have the same password for multiple sites, and 33% have the same password for all of them. Meaning if you’re affected by one data breach, it’s possible that a hacker could gain access to every portion of your online life. If you knew there was a chance that a robber had a key to your home, would you change your locks, or would you keep them the same?

But I use a Password Manager. Isn’t that safe?

Guess what they found in the 2.3 billion stolen accounts? Lots of long complex passwords, likely created by password managers. Password managers give you a false sense of security that no one’s going to figure your password out, but given enough time, a computer can crack any password. And, if you don’t change a complex password regularly, you’re a sitting duck.

So how can you minimize this risk?

There’s only one way, and that is to follow these rules:

  • Create a separate password for all your accounts that is 10 or more characters long. When one site gets breached, if you have separate passwords, hackers won’t have access to your other accounts.
  • Remember all your passwords. Password managers are great for generating passwords, but not changing them. And we often find they lull users into a false sense of security.
  • Change your passwords at least once every year. This is the ONLY way to keep your accounts safe.

But can you remember several dozens of passwords without writing it down?

See our “Hackproof Password” method to generate secure passwords.

Still worried? Call us at (610) 937-0900 for a free cybersecurity assessment for your business, visit our website to learn more about the current cybersecurity landscape, and follow us at www.Facebook.com/TechBldrsInc for the latest security news.

YOUR IPHONE USES TWO FACTOR AUTHENTICATION, BUT YOU’VE LOST IT. NOW WHAT?

Last month, we covered what to do to protect your digital life if you lose an Android device with access to your online accounts. But what if you’re a member of the 45% of Americans that have an iPhone as their smartphone of choice? This month, we’ll be covering what to do if you lose your Apple device.

In case you missed last month’s article, we’ll recap: most people with online accounts have been asked to enable two-factor authentication (2FA) before. While it’s not foolproof, it’s one of the most accessible online security measures you can take, and we at TechBldrs recommend it highly. Companies like Google, Facebook, and Microsoft encourage users to add a device- like a mobile phone- to which they can send a login code when an attempted account login is registered.

If you’re the owner of the account, great: you input the 2FA code when prompted and gain access. If the person trying to access your account isn’t you, then that added layer of security just saved you a major headache.

But what happens if the person trying to access your account is you, you’ve just lost or broken your phone? And how do you prevent people using your phone to generate 2FA codes that they can use to gain access to your accounts?

In this article, we’ll review what to do if you’ve lost a device (like an iPhone or iPad) with access to an Apple ID.

Step #1: Before you lose your phone

Nobody plans on losing their phone, but there are some important preventative measures you can take right now that will help you in case the worst happens. If you want the best outcome, they’re necessary!

  • Add an additional trusted phone number to your Apple account

If your iPhone is your only trusted device and it goes missing or becomes damaged, you’ll be unable to receive verification codes Apple requires in order for you to log into your account.

You can update your trusted phone numbers by following these steps:

  1. Go to appleid.apple.com
  2. Sign-in with your Apple ID
  3. Navigate to the “Security” section and click “Edit”
  4. Select “Add a Trusted Number” and then enter the number you wish to add
  5. Choose to verify the number with a text message or an automated phone call
  • Activate Find My iPhone

Most of Apple’s recovery and security features require you to have Find My iPhone enabled. Here’s how you enable it:

  1. On your device, go to “Settings”
  2. Tap your name
  3. Select “iCloud”
  4. In the “Apps Using iCloud” section, scroll to “Find My iPhone”
  5. If “Find My iPhone” is set to “Off,” tap “Find My iPhone”
  6. In the “Find My iPhone” screen, turn on the “Find My iPhone” slider

If you’ve lost your iPhone, using Find My iPhone is the best step you can take towards trying to get your phone back. If you haven’t set up Find My iPhone yet, then go do it now! (We’ll wait). Without it, your options are severely limited.

Step #2: After you lose your phone

The worst happened. But if you’ve done Step #1, don’t panic! There’s a lot you can to do secure your online life and regain access to your accounts.

It’s important to note that for many of the following steps to work you must know your Apple ID information before you lose your phone, and you must have previously set up Find My iPhone on your device.

  • Activate Call and Text Forwarding

If your 2FA codes come via text, you can gain access to them by asking your cell phone provider to forward all incoming calls and texts to another mobile device of your choice, like a family member’s phone or a work phone. (And if your 2FA codes come in via email, this step could help you gain access to your email account.) All major carriers have Help phone numbers and live chat details listed on their websites that you can use to talk to them about turning on call and text forwarding for your account.

  • Turn on Lost Mode

Using Lost Mode, you can remotely lock your device with a passcode, display a custom message with your contact information, and disable the ability to use Apple Pay. This will also prevent someone with your phone from seeing any generated 2FA texts that your phone receives.

  1. Sign into icloud.com/find on a computer
  2. Click “All Devices,” then select the missing device you want to lock and put into Lost Mode
  3. Follow the onscreen instructions, keeping in mind that whatever contact information you input will be displayed on the screen of your missing device

If your device is online when you put it into Lost Mode, it locks and tracking begins (even if you’ve manually turned off Location Services on your device). If your device is offline, the passcode lock and tracking take effect the next time your phone comes online.

  • Erase your device

If you can’t locate your phone, you worry whose hands your missing device has gotten into, or it’s been lost for awhile, you can use the same Find My iPhone portal to erase the data off of your phone.

  1. Sign into icloud.com/find on a computer
  2. Select “All Devices,” then select the missing device you want to erase
  3. In the device’s “Info” window, click “Erase”
  4. When prompted, input your Apple ID password

If you find your device again, you can restore the information on your phone from any previous iCloud backup you have.

But what if I don’t have Find My iPhone enabled?

If you didn’t set up Find My iPhone before your device was lost, you can’t use it to locate your device. But you can still follow these steps to help protect your data:

  1. Change your Apple ID password. By changing your Apple ID password, you can prevent anyone from accessing your iCloud data or using other services (such as iMessage or iTunes) from your missing device.
  2. Change the passwords for the other online accounts on your device, like email accounts, Facebook, or Twitter.
  3. Report your lost or stolen device to local law enforcement and to your wireless carrier. Your carrier can disable your account, preventing phone calls, texts, and data use.

We store our entire lives on our mobile phones- pictures, emails, important account information, financial data, etc.- so make sure you’re familiar with the steps we’ve outlined above in order to keep the information on your phone safe. If you need further, detailed help, we recommend searching Apple Support’s articles.

Remember, the only way to ensure your cyber life is protected is through careful preparation and preventative measures like two-factor authentication!

Still have questions? Want to know what else you can do to protect your personal information online? Call us at (610) 937-0900 for advice or for a free cybersecurity assessment for your business!

FBI BULLETIN: ARE YOU PROTECTING YOUR COMPUTER?

On October 2nd, the FBI issued a warning that malware, ransomware, and other sorts of cybercrime is on the rise, detailing steps you and your business can take to protect yourself. We’re glad the FBI caught up! If you’ve listened to TechBldrs’ advice before, you’re likely already putting into action the defensive steps the FBI recommended. Or, if you’re one of our clients, we’ve been doing them for you. The best time to start following these tips? Right now, before you need them.

Want to know what the FBI recommended, and what we suggest for each step? We’ve broken it down for you.

  1. Back up your files

Imagine what would happen if your computer suddenly stopped working. Could you replace everything that was lost? Family photos, financial documents, archived work projects? It may be possible to repair your computer, but your files could be lost forever. The only way to ensure you’ll never lose a file? Backup, backup, backup!

  • External hard drives

The contents of your computer can be copied to an external hard drive to create duplicates of the files you’ve stored. This means that in case of an emergency, you can restore your files to a new device, or (at the very least) be confident that you still have the files you need. Follow-up backups should be conducted on a regular basis to keep your backup current.

An external hard drive can be lost, damaged, or stolen, just like your computer. That’s why it’s important to keep your external hard drive in a secure location when you’re not using it.

  • Online backup services

Online backup services offer secure, Cloud-based storage. Since they store files on the Cloud, you’ll be able to recover them from any computer with an internet connection. As with external hard drives, it’s important that you backup your computer regularly. TechBldrs uses an industrial-strength product called Cloudberry for our clients, but for your personal computer we recommend a service like Carbonite, IDrive, or Backblaze.

It’s important to note that Cloud sync, like the service offered by Apple’s iCloud and Dropbox, are not a form of secure backup! Don’t expect them to be a reliable source for file restoration- always have a form of backup!

  1. Safeguard against cybercriminals

Malware- like viruses, ransomware, and spyware- is a type of software that’s sent over the internet and is designed to damage your computer or gain unauthorized access to your information. It’s cheap to use, and readily found on the Dark Web, meaning it’s become less of an internet boogeyman and more of an everyday threat. It’s so wide-spread that even government computer systems are being attacked, as was the case with the cities of Baltimore, MD, Augusta, ME, and Albany, NY in the last year alone.

  • Antimalware alone isn’t enough

If you get a flu shot, you can still catch a cold. One form of protection is better than none at all, but the only way to be as secure is to have multiple forms of security. Intrusion detection software, such as OSSEC and Splunk, can offer ongoing data protection, while antivirus and antimalware software like Avast and Malwarebytes will alert you to any potentially dangerous programs on your computer.

  • Develop smart browsing habits

Most system intrusions and cyberattacks happen because of user action (even if you don’t realize it!). Clicking on a link, unthinkingly opening an attachment, or responding to an email without checking the sender are all risky actions and can open your computer up to unknown actors.

What can you do? Hover over links before you click on them to make sure they’re going to the right place, don’t download and open unknown files, and always check to make sure that you know the sender of an email before opening links or responding to requests.

  1. Keep your security current

Hackers love out-of-date systems and software, and love bad user habits even more. They’ve learned how to take advantage of known openings in programs and can buy leaked personal data (like usernames, passwords, and email addresses) on the Dark Web for less money than you might spend on lunch. Follow these two recommendations to keep your security current.

  • Up-to-date patches

Tech companies send out patches for vulnerabilities in their programs and systems frequently. They also provide maintenance patches that keep your computer running smoothly and will help expand its life expectancy. But unless you’re choosing to update, some of those vital patches might not be applied to your computer. If you have a habit of clicking “Remind Me Later” when you’re notified of updates, start choosing “Update Now,” instead.

  • Good password habits

Information for at least 2.2 billion online accounts is up for sale on the Dark Web. Can you be sure one (or more) of your accounts isn’t among them? If you use the same password for multiple accounts, then all it takes is for one to be compromised before cybercriminals could have access to your entire online life. That’s why TechBldrs recommends having a different complex password for each account (it’s easier than you think- check out our blog about creating hackproof passwords at www.techbldrs.com to learn more!) and recommends changing your passwords once a year, at least.

These are just some of the steps the FBI (and TechBldrs) suggests taking to protect your online life. Other security steps- like employing best practices for the use of RDP, managing end-user access, and employee training- can only be implemented in your workplace by trained IT professionals. If you’d like to learn more about keeping your information safe, call TechBldrs at (610) 937-0900, email us at info@techbldrs.com. Mention this blog for a FREE Dark Web scan of online accounts associated with your email.

WE’RE DREAMING OF A PHISHING-FREE CHRISTMAS: GET SAVVY FOR THE HOLIDAYS!

The holiday season is here! Time for last-minute online present shopping, an increasing number of holiday-related emails in your inbox, and hackers trying to take advantage of it all. Although the year has already been full of malware attacks, Christmas time is when spammers take full advantage of your busy schedule to bombard you with malicious emails in hopes of getting you on their hook.

Ever gotten a piece of spam email that has your full name, accurate details about an online account, and looks almost exactly like a “real” email you’ve gotten from a service provider before? Congratulations, you’ve gotten spear phished! It’s our Hot Holiday Trend of 2019, but not in a good way.

Not sure what “spear phishing” means? Still think it’s only something you do when you’re on vacation in the Bahamas? Keep reading to learn more about this increasingly common (and dangerous!) form of spam, and why you might be seeing more of it in your inbox soon.

Phishing? Spear phishing? What are they, and what’s the difference?

Phishing and spear phishing are similar- they’re both online attacks that aim to acquire confidential information that can be used maliciously (like your bank credentials, social security number, passwords, etc.). Phishing is a broader term for attacks that are not personalized and are usually sent to a large number of people at the same time. Often, this looks like some sort of official and trustworthy communication (like an email from Amazon, or a text from your credit card company). The phishers are trusting that, by widely casting their net, they have a greater chance of catching a victim.

Spear phishing attacks target an individual victim, and the messages they contain are modified to specifically address that victim, claiming they come from an entity the victim the is familiar with and containing personal information (like a full name or geographic location). They often include urgent calls to action to stop their victim from examining the message too closely.

Because of the personal level of spear phishing attempts, it is more difficult for the average user to identify spear phishing attacks. Spam email isn’t just easily identifiable junk anymore, it has evolved to fool you. This is why the amount of spear phishing is increasing- because it works!

How does spear phishing work?

Spear phishing attackers target people who put personal information on the internet without proper security precautions (like making your pages private). From looking at an online profile, they might be able to find a victim’s email address, friends/followers list, geographic location, and any posts about services the victim uses or products they have. With this information, a spear phisher could then construct a convincing email as a friend or familiar entity and send a fraudulent message to their target.

The target is asked to open an attachment (often containing malware) or click on a link that takes them to a fake website where they are asked to enter passwords, account numbers, credit card information, and other sensitive data. The spear phishers can then use that information to access their victim’s various online accounts and wreak havoc.

How can I protect myself?

  1. Have secure passwords

Reusing passwords across multiple accounts means that if a hacker has access to one of your passwords, they have access to all the accounts you use that password for. Every password you have should be different and should include basic security features like numbers, special characters, and a mix of uppercase and lowercase letters to make your passwords more difficult to guess. Not sure how to create a secure password? You can check out TechBldrs’ Hack-Proof Password Formula on our blog (techbldrs.com/blog/passwords)!

  1. Hover over links before clicking

It’s possible for a link to say it leads to one site when in reality it leads to another. Many spear phishing attackers will try to complicate link destinations by using text that looks like another (trusted) URL. Hover your mouse over a link before clicking on it to see where that link is really taking you, and if it’s a site you truly want to visit.

  1. Adjust your privacy settings

Take a look at your online profiles and assess how much personal information you’re sharing, what your privacy settings are, and what sort of data attackers could glean from one quick look at your account. If there is anything you don’t want a potential spammer to see, do not post it, or, at the minimum, make sure that your security and privacy setting limit what others can see.

  1. Use common sense

Companies will not send you an email asking you to give them your username, password, and other important account information unprompted. Likewise, if you get an email from a friend or acquaintance asking for personal information or money, be cautious. Check with that friend on the phone or in person about the validity of the email- they may have been hacked and not even know!

Still worried you won’t be able to recognize a phishing or spear phishing attempt? If you don’t get a lot of spam or aren’t familiar with the tactics spammers use, you’re the perfect target, since you’re more likely to fall for their tricks. You can learn more and test your knowledge at phishingquiz.withgoogle.com, a phishing resource put together by Google.

Now, more than ever, people are more vulnerable to spear phishing. Protect yourself this holiday season by keeping our tips in mind. Spear phishers are making their list and checking it twice, and you don’t want to be on it!

Still have questions? Want to know what else you can do to protect your personal information online? Call us at (610) 937-0900 for advice or for a free Dark Web scan!