I just finished a class on cyber security. We all know there are threats to us through our phones and computers and other linked "smart" devices. Of course I am interested in knowing as much as possible about general cyber security but in real estate we specifically have to pay attention to how we handle remote signing and how we store client data. It is important we try and stay on top of a field that is constantly changing.
The class addressed "brute force attacks" which are a common and simple way to compromise a victim's information. The hacker uses a simple coding script program that tests every password possible: trying "a," then "b," then "c," and so on.Once the full list of characters has been tested, the computer tests two characters in a row: "aa," "ab," "ac,"and so on until the computer has submitted the right password.
This sort of attack will succeed if the computer has enough time. Modern computers are able to test over 11 million keys per second, so a password like "abcdefg" could be cracked in 0.22 milliseconds. Consider what that means when a PIN number or numerical password only has 6 digits (using 0 through 9); at most there would be one million possible combinations. While using a single computer might take some time to discover an account password using multiple computers could significantly reduce the time needed to brute-force an account password.
Discovering a password could be a basic first step a hacker will try when breaking into a secured digital database because they can easily crack nearly every basic password within a few hours. Programs that crack passwords are available online as well, so it doesn't take a particularly sophisticated hacker to use a brute force attack.
The need for strong passwords was reiterated over and over as the single thing we can do to protect our information. Using two-factor authentication when possible, is the best. For example, if you send a request to access data from a website, then that website will send a confirmation of identity to your registered telephone number or email address. You then may need to provide a fingerprint scan or type in a 4-digit code generated from an authenticator app on your smartphone after submitting your password.
If you don't want to or can't use two-factor authentication then adding complex characters to a password, such as !, #, or -, exponentially increases how many passwords have to be tested. Aim for 15 or more characters in a password using a mix of complex characters, lowercase letters, uppercase letters, and numbers whenever possible. Longer passwords are more difficult to crack with brute force password programs. In general, a longer password will be harder to crack than a short password containing symbols or upper case/lower case letters.
The second thing that I want to highlight is "phishing" which is when the hacker sends an email, telephones or texts a message posing as a legitimate person or company. These can look pretty sophisticated and ask the reader to make a payment, provide personal information etc. It could even look like a coupon to a local restaurant just asking for your your name and address. Don't click on these! If you receive one, and particularly if you have been scammed, report it at ftc.gov/complaint.
This is only the tip of the iceberg but hopefully will get you thinking about cybersecurity and ways to protect your personal information.
