This one mistake could put your kids in danger this holiday season
Eric Cole has been working in cybersecurity since the 1980’s, before the term was even widely known.
When he would attend parties and get-togethers, friends would either not know what cybersecurity was, or tell him they thought his profession was “weird,” he said.
Since that time, as more shopping has happened online, and breaches such as Equifax’s EFX, -0.46% have made Americans afraid of cyber attackers, they want to know how to stay safe. And many still aren’t taking the threat seriously enough.
“Security is an afterthought,” he said. “No one ever thinks about it until after the fact.”
Cole was recruited by the CIA when he was studying computer science at New York Institute of Technology. Since then, he has developed several security companies, including The Sytex Group, which Lockheed Martin Corporation acquired in 2005. That drew the attention of experts in the government, including the FBI, which led to Cole’s appointment as former president Barack Obama’s cybersecurity commissioner.
He has also served as personal cybersecurity advisor for Bill Gates and his family and is the author of “Online Danger: How to protect yourself and your loved ones from the evil side of the Internet,” which will debut in January 2018.
These are his top tips for staying safe online this holiday season:
MarketWatch: Many consumers are afraid of identity theft, but they are hesitant to take any action to protect themselves. What do you suggest?
Eric Cole: Minimize and reduce what you’re not using.
Friends of mine will say, “Eric, I’m real scared. I’m real scared of the cyber threat, and I’m doing what I can.” And I say, “Give me your phone.” I flip through it and say, “You have 73 apps. When was the last time you used those apps?” And they say, “I haven’t used it in six or seven months.” Then why are they on there?
My other favorite is, people receive an email, and they’ll click on any attachment. And that’s the number one method of compromising a system.
MarketWatch: What are some other common mistakes?
Cole: Giving out personal data. When we get to cyberspace people lose common sense. If you were walking down the street today after work and someone came up to you and said, “What’s your name, your phone number and where do you live?,” you’d walk away. You’d never think of giving it to them.
MarketWatch: What are some mistakes people in stores?
Cole: Leave your debit cards at home. Most people don’t realize two big differences between credit and debit. Even if you were completely negligent, the credit card company is liable, not you. That only protects credit cards, it doesn’t protect debit. (That’s according to the Fair Credit Reporting Act.)
If somebody uses your debit card, it immediately comes out of your account. So if it takes four months to debate with the bank, you’re out that money for four months.
I’m not Mr. Popular with this one, but I stay away from Apple Pay, AAPL, +1.05% Android Pay GOOG, +0.14% The data that’s on your system is secure, but the transfer may not be.
MarketWatch: Really? Mobile payments are widely believed safer because of tokenization, the process that creates unique codes every time someone pay.
Cole: The problem is on the retailer side. Most of their retailers were set for credit.
If I was walking through a store, and I was evil, I would connect to the store’s wireless, and the most likely the point of sale would be locked down, but the Apple Pay would not. It’s the retail piece that everyone misses.
(A spokesperson for Google’s Android Pay said even if hackers were to hijack a merchant’s point-of-sale equipment, they could not access the user’s payment credentials because of tokenization. Apple did not respond to MarketWatch’s request for comment.)
Be really careful of your kids. During the holiday season the amount of child abductions in malls increases.
MarketWatch: What common mistakes do people make during the holidays?
Cole: Be really careful of your kids. During the holiday season the amount of child abductions in malls increases. And the reason is children have location services turned on in apps on their phone. If I was a child predator, I could basically track your child at the mall.
MarketWatch: Are there predators really sophisticated enough to do that?
Cole: Location services are on most games, Snapchat, Instagram FB, -0.54% If I was a child predator, I could set up an Instagram or Snapchat profile to look like it’s for a 16-year-old girl. We’re seeing that being used a lot more, and it’s going to increase.
I do a lot of work with law enforcement and the FBI, and unfortunately those are real cases. One case six months ago, one dirtball targeted seven girls at different schools. We were able to eventually get his phone and see it was the seven people he had on Snapchat.
(A spokesman for Snapchat told MarketWatch that when entering the “Map” feature for the first time, Snapchat users can either select “Ghost Mode,” “Select Friends” or “My Friends” to see their location. They must select “Ghost Mode” to disappear from the Map. If they choose “My Friends,” the app will remind them of that choice periodically.)
MarketWatch: How can parents protect their kids, if they still want to use those apps?
Cole: Make the children aware of the threat, and show them how to protect themselves. Snapchat is fine, it’s the default permissions you don’t know about. As long as you take 30 seconds to configure it, the app is OK.
(Snapchat has a Parents Guide and Safety Center where parents can learn more.)
MarketWatch: After the Equifax breach, a lot of consumers were very angry. Do you think that anger is justified?
Cole: Yes. If I decide to shop, say on Amazon AMZN, +1.46% — they actually do really good security — but if I shop on Amazon, and I give them my credit card and address, that’s my decision. With Equifax, we didn’t have a choice. As U.S. citizens, we don’t have a choice.
You can’t stop all breaches. But this breach was preventable. This was a basic breach where they had a server accessible from the Internet. That’s the first no-no. That would be like having a table right in front of your window at your house piled with gold.
I have six different credit cards. I have one I only use for Amazon, one I only use for Whole Foods. This way if something happens, it’s controllable.
MarketWatch: Giving our data to Equifax is unavoidable. What can we do, aside from living off the grid?
Cole: Control the damage. I have six different credit cards. I have one I only use for Amazon, one I only use for Whole Foods. This way if something happens, it’s controllable.
After the holiday season, I expire my credit cards. I ask for a new card with a new number, every nine months. When your credit card is stolen, it’s not used right away. So if every six or nine months you expire it and get a new one, you reduce the damage.
Sign up with your credit card to get a text alert for every purchase. Most people don’t realize credit card fraud is small amounts. They’re not going to do $ 50,000, they’ll do $ 3.
Have your money in different bank accounts. I have one bank for online banking, and I keep a balance of about $ 3,000. The other accounts I never do online banking.
MarketWatch: How can people stay safe at home?
Cole: I recommend having two computers. One computer has all your personal data and banking information, and the other one is for web surfing and email. If one computer is compromised, your damage is minimal. Some people say, “I can’t afford two computers,” but my response is, “You can’t afford not to.”
MarketWatch: What do you think of monthly subscription services for cybersecurity?
Cole: Those companies are like life preservers on airplanes. They make you feel good, but let’s face it, what’s really the probability you’re going to use a life preserver on an airplane? If you’re careful and you use the other services that are out there, like signing up for text alerts, they’re not necessary.
(This interview has been condensed and edited for clarity.)