- Company data breaches
- Ransomware attacks
- Phishing schemes
- Companies storing files in plain text
- Servers that did not receive critical updates
- Social engineering and more
Security Round Up: Amazon, Facebook & Ransomware
A Bloomberg report from earlier this week reported that Amazon workers are listening to conversations heardy by Alexa. There are thousands of people around the world helping to improve Alexa by listening to voice recordings captured by owners of the Echo. Amazon has responded by saying only a very small portion of conversations are being listened to by humans and that this is done to help improve customer service.
Alexa's privacy settings do provide the option to disable the use of your personal voice recordings from being used to develop new features. However, disabling this does not guarantee some of your voice recordings will not end up being listened to by a real person.
The Takeaway: Any smart device that has a listening mode is, well, listening. Use these devices cautiously based on what your conversations include and how comfortable you are with that information being listened to by others. As with anything that is sent over the internet, regardless of the intent to keep this data secure, there is the potential for it to end up in the wrong hands or being used in an unacceptable way.
In addition to the database found in plain text mentioned above, another database of 22,000 Facebook users was found exposed by UpGuard. Unfortunately, this breach has the potential to be far more devastating than the one with millions of records because this breach included the names, emails and passwords of those users.
The Takeaway: This is yet another example of why it can be critical to use different combinations of user id's and passwords for different accounts. There is no way to predict when a company, or you, might suffer a data breach. The best protection is to prevent anyone from reusing those credentials at another site because they only work at the site that was compromised.
Ransomware locks users out of the files on their computers by encrypting the local files until a Ransom is paid. Even then, there is no guarantee the decryption key will work. Worse yet, each time a ransom is paid, the hackers are encouraged to continue this kind of attack. Some victims are forced to pay or risk losing their business. Other victims cannot afford to pay and instead move forward with the loss. Either way, there is no good answer unless you have backup copies of all of your important files.
The Takeaway: The increasing consistency of Ransomware attacks is in response to the effectiveness of these attacks. The more people pay, the longer they will remain a threat. The best thing you can do to protect yourself is to be prepared so you never need to pay. This is accomplished by keeping multiple copies of important files. Be sure these are in separate locations and on separate machines. NOTE: External USB drives connected to computers will also be encrypted in a Ransomware attack!
It is unfortunate that there are constant attacks targeting our data privacy and security. This is not going to change any time soon. What you can do is stay informed, use good practices when creating new user accounts and passwords, never share accounts with others, refrain from making decisions based on emotions, and talk to someone you trust when you run into a problem.