Tracker pixels in email are a serious privacy concern:
- Tracking pixels, also known as "Spy" pixels or "web beacons" are small images (often 1x1) that are invisible to the naked eye and requested from a remote location when an email is opened
- They are typically clear or the same color as the background so that you can't see them
- Tracking pixels are not new, but are not well known as a tracking mechanism
- When an email containing one is opened, a request is made to a server to load the pixel which is tracked
- At a minimum, the sender will know that the email was opened
- Data captured can include a user's IP address, browser, operating system and other information
- Hey, a messaging service in the UK, reported that over 600,000 tracking pixels are blocked for every 1,000,000 emails processed every day
- Hey co-founder David Heinemeier Hansson said they represent a "grotesque invasion of privacy"
- It is possible to attempt block tracking pixels:
- Disable automatic image loading
- Use a privacy friendly browser extension like Privacy Badger
- Read your email as plain-text
- Protect your privacy and block tracking pixels
Reid Hoffman: "However terrified you are about cybersecurity, you’re probably not terrified enough"
- Hoffman is the co-founder of LinkedIn
- He made the claim in a CNBC interview
- Per cyberinsurance company DataStream:
- 68% of small businesses had a cyberattack in 2020
- 47% of businesses suffered a ransomware attack in 2020
- Average cost to remediate a successful attack over $500,000
- Average data breach cost ranges from $120k to $1.24M
- For attacks that succeeded on businesses:
- 37% suffer financial loss
- 25% file for bankruptcy
- 9.7% go out of business
- Infrastructure attacks are also a huge concern
- This is not only an IT issue
- Tips
- Install Software patches & firmware updates regularly for all connected devices – Computers, Tablets, Phones, Router, IoT (“smart” devices)
- Make sure you have current operating systems. For Windows, use Windows 10
- Use Anti-Malware / Endpoint protection on all devices that allow it – Windows Defender (comes with Windows 10 is sufficient)
- Enable Multi-Factor Authentication (MFA) everywhere (aka Two-Step Verification or Two-Factor Authentication)
- Use a Password Manager to create and manage strong, unique passwords for each account. I recommend LastPass
- Use a firewall - Windows Defender on Windows 10 is sufficient if you don’t want to pay
- Use a Virtual Private Network (VPN) - Nord is a good choice for individual use
- Create a Guest network on your Wi-Fi network
- Use the highest level of Wi-Fi encryption possible, WPA2 minimum
- Use Virtual LANs (VLANS) if possible to block lateral access across your network
- Don't download "free" software you have not vetted - Research software/apps at sites like ZDNet, CNet, PC Magazine, or Tom's Guide
- Only download phone apps from the Apple or Google Store
- Use Encryption (at rest and in motion). BitLocker is available in Windows 10
- Ditch everything from Google:
- Use DuckDuckGo.com for search rather than Google.com
- Use Firefox, Brave or Tor for a browser rather than Chrome
- Use Protonmail.com rather than Gmail
- Backup data regularly and verify the backup integrity – OneDrive is free with a M 365 subscription and is a good, basic choice for relatively small amounts of data
- Change default settings/risky settings on devices, especially the default password. Disable default accounts.
- SETA (Security, Education, Training and Awareness)
- Be skeptical
- Take a Zero Trust stance – Trust nothing, verify everything
- Remember, just because you're paranoid doesn't mean they're not out to get you. They are
Existing Ohio law makes it difficult to prosecute attempted cybercrimes:
- Ohio currently has two laws for attempted computer crimes:
- Criminal mischief
- Unauthorized use of a computer
- These two laws rely on monetary loss for prosecution, until there is monetary loss, there is no crime
- Rep. Brian Baldridge, R-Winchester, said. "It's like breaking into a house but getting caught before you stole anything"
- Ohio Credit Union League's Chief Advocacy Officer Emily Leite said "There is no disincentive to trying to take the data"
- Baldridge introduced House Bill 116 to create new computer-specific crimes including computer service interference, electronic data tampering, unauthorized data disclosure and computer trespass
- Baldridge sponsored a nearly identical bill in 2020 that passed the House but died in the Senate
- Leite has also been working on statewide standards for privacy
- Leite and Baldridge expect HB 116 to pass this year
- The timing is good with more people working from home and cyberattacks on the rise