Cyber Security Report | December 2018

microsoft password fob

Logging in Without Passwords?  The Future is Now!

Sound too good to be true? CNBC.com ran an article saying that Microsoft recently announced it “will begin offering the ability to sign in with a security key without using a user name or password.” Passwords are high on the list of being the most significant weaknesses for both commercial and personal computer use.

How will this work? Yubi key and the Feitian Biopass keys will be supported by Microsoft in logging into their popular programs including Outlook, Office, OneDrive, Bing, Skype and Xbox Live. The keys are USB fobs that the user inserts into their computer’s USB port. More good news is the price of the keys. They retail from $20 to $60.

The article notes that average workers have over 100 passwords and that the majority of data breaches can be traced back to compromised passwords. Rob Lefferts, vice president of security at Microsoft says,“Passwords are bad for the planet. They’re bad for people. They’re the easiest way for attackers to get in, and in the case of account takeovers, they’re even a way to force people out.”

Personal Data

A Guide to Protecting Your Online Privacy

Online privacy is front and center in most people’s minds these days. Yet many of us aren’t really sure what steps to take to ensure privacy. Cyber thieves rely on that fact resulting in a steady rise in identity theft. These thefts can result in both a loss of reputation and financial debt. 

John Mason’s article in TechWorld.com has a 10-step guide to protect your online identity.  Briefly, the tips are:

  1. Beware of Internet service providers
  2. Strengthen and protect your login credentials
  3. Check the WiFi you’re using
  4. Watch your browser
  5. Use a private search engine
  6. Install a VPN
  7. Watch out for phishing
  8. Encrypt your communications
  9. Watch what you share on social media
  10. Update early and often
john carlin

In The News: Cyber 9/11 Scenarios that are Worrying the Experts

Cyber attacks are inevitable disasters these days. They can result in power outages, runs on banks, and other disruptions. Experts have been warning that a “cyber 9/11” could be around the corner.  As grim as this may sound, we can all learn from past occurrences. Bottom line is that we all need to be aware of the types of cyber attacks that could occur.

According to KateFazzini’s article on CNBC.com, “For years, government security specialists have predicted the inevitable ‘cyber 9/11,’ an event originating as a digital attack that spills over into other aspects of society, causing widespread harm to people and the global financial sector.”

These cyber attacks fall into three categories:

Physical attacks that shut off or damage some aspects of critical services. These have already happened many times already. Shutting down basic services like electricity or water disrupts millions of people.

Financial attacks that lead to bank runs. These types of attacks create a contagion where customers panic and rush to the bank to withdraw their money.

Hackers changing data. Changing data such as financial information can be as damaging as actually stealing it. These attacks can cause panic, especially when several attacks are timed to occur at the same time.

cyber security employee

When Should you Hire a Cyber Specialist?

Cybersecurity is a hot topic. We’re all trying to learn as much as we can to stay ahead of the curve.  Most organizations of all types and sizes are being impacted by cybersecurity.  Larger organizations often have a cybersecurity specialist on staff. Small tomid-sized companies may not and most likely have a staff member who has been tasked with performing security tasks in addition to their regular daily responsibilities.  This may not be enough. Today’s cyber society dictates that organizations have one person overseeing being accountable for that company’s security.

Here are some factors to consider to help you determine when it’s time to either hire a cyber security expert, or train an existing staff member to become a dedicated full-time security personnel.  E-commerce Times’ articlepoints out things to consider and help in your decision, such as:

Why designate someone? In a word, accountability.  Having one person responsible for cyber security helps keep tasks from falling through the cracks. Duties are clear and interest is focused.

How will you know?This is the tough one.  Obviously a one-person shop can’t hire or allocate the only employee to full-time security duties.  Larger companies may be required by HIPAA to designate a named security officer.  If you aren’t mandated by regulatory requirements, let customer expectations, staff time and organizational risks help you make the decision.

biometric passwords

Risky Business – Young Smartphone Users Sharing Fingerprints to Unlock Devices

Apple and Google smartphones are steadily moving toward biometric access. Younger users love the convenience of this and have taken it to a new level by sharing fingerprints to unlock each other’s phones.

Today’s Gen Z teens and even younger Millennials are so much more tech-savvy and less concerned about privacy than the rest of us. Times have changed and swapping biometric passwords (fingerprints or facial recognition ID) is becoming commonplace.  They find it convenient to have one-tap access to other’s phones.

Google smartphones and older iPhones have the TouchID system that can store up to five fingerprints.  Newer iPhones have done away with the Touch ID and replaced with facial recognition, called Face ID.  The most recent operating system allows for an“alternative appearance.”

One would think that they would worry about the cybersecurity repercussions of doing this.  Data breaches have become a common occurrence and as a result, younger users are becoming used to it and not taking the risks seriously.

Sharing biometric logins can cause issues if the user decides to ban someone from their phone.  Passwords can be easily changed.  Not so for biometrics – they’re much harder to change.


This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your company’s cyber insurance,please contact the insurance pros at ARCW Insurance.  We are here to help.

Get a Business Quote