Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a libertarian point of view.Full Bio

 

Tech Friday with Dave Hatter - July 16th 2021 - SPONSORED BY INTRUST IT

Tracker pixels in email are a serious privacy concern:

  • Tracking pixels, also known as "Spy" pixels or "web beacons" are small images (often 1x1) that are invisible to the naked eye and requested from a remote location when an email is opened
  • They are typically clear or the same color as the background so that you can't see them
  • Tracking pixels are not new, but are not well known as a tracking mechanism
  • When an email containing one is opened, a request is made to a server to load the pixel which is tracked
  • At a minimum, the sender will know that the email was opened
  • Data captured can include a user's IP address, browser, operating system and other information
  • Hey, a messaging service in the UK, reported that over 600,000 tracking pixels are blocked for every 1,000,000 emails processed every day
  • Hey co-founder David Heinemeier Hansson said they represent a "grotesque invasion of privacy"
  • It is possible to attempt block tracking pixels:
    • Disable automatic image loading
    • Use a privacy friendly browser extension like Privacy Badger
    • Read your email as plain-text
  • Protect your privacy and block tracking pixels

Reid Hoffman: "However terrified you are about cybersecurity, you’re probably not terrified enough"

  • Hoffman is the co-founder of LinkedIn
  • He made the claim in a CNBC interview
  • Per cyberinsurance company DataStream:
    • 68% of small businesses had a cyberattack in 2020
    • 47% of businesses suffered a ransomware attack in 2020
    • Average cost to remediate a successful attack over $500,000
    • Average data breach cost ranges from $120k to $1.24M
    • For attacks that succeeded on businesses:
      • 37% suffer financial loss
      • 25% file for bankruptcy
      • 9.7% go out of business
  • Infrastructure attacks are also a huge concern
  • This is not only an IT issue
  • Tips
    • Install Software patches & firmware updates regularly for all connected devices – Computers, Tablets, Phones, Router, IoT (“smart” devices)
    • Make sure you have current operating systems. For Windows, use Windows 10
    • Use Anti-Malware / Endpoint protection on all devices that allow it – Windows Defender (comes with Windows 10 is sufficient)
    • Enable Multi-Factor Authentication (MFA) everywhere (aka Two-Step Verification or Two-Factor Authentication)
    • Use a Password Manager to create and manage strong, unique passwords for each account. I recommend LastPass
    • Use a firewall - Windows Defender on Windows 10 is sufficient if you don’t want to pay
    • Use a Virtual Private Network (VPN) - Nord is a good choice for individual use
    • Create a Guest network on your Wi-Fi network
    • Use the highest level of Wi-Fi encryption possible, WPA2 minimum
    • Use Virtual LANs (VLANS) if possible to block lateral access across your network
    • Don't download "free" software you have not vetted - Research software/apps at sites like ZDNet, CNet, PC Magazine, or Tom's Guide
    • Only download phone apps from the Apple or Google Store
    • Use Encryption (at rest and in motion). BitLocker is available in Windows 10
    • Ditch everything from Google:
      • Use DuckDuckGo.com for search rather than Google.com
      • Use Firefox, Brave or Tor for a browser rather than Chrome
      • Use Protonmail.com rather than Gmail
    • Backup data regularly and verify the backup integrity – OneDrive is free with a M 365 subscription and is a good, basic choice for relatively small amounts of data
    • Change default settings/risky settings on devices, especially the default password. Disable default accounts.
    • SETA (Security, Education, Training and Awareness)
    • Be skeptical
    • Take a Zero Trust stance – Trust nothing, verify everything
  •  Remember, just because you're paranoid doesn't mean they're not out to get you. They are

Existing Ohio law makes it difficult to prosecute attempted cybercrimes:

  • Ohio currently has two laws for attempted computer crimes:
    • Criminal mischief
    • Unauthorized use of a computer
  • These two laws rely on monetary loss for prosecution, until there is monetary loss, there is no crime
  • Rep. Brian Baldridge, R-Winchester, said. "It's like breaking into a house but getting caught before you stole anything"
  • Ohio Credit Union League's Chief Advocacy Officer Emily Leite said "There is no disincentive to trying to take the data"
  • Baldridge introduced House Bill 116 to create new computer-specific crimes including computer service interference, electronic data tampering, unauthorized data disclosure and computer trespass
  • Baldridge sponsored a nearly identical bill in 2020 that passed the House but died in the Senate
  • Leite has also been working on statewide standards for privacy
  • Leite and Baldridge expect HB 116 to pass this year
  • The timing is good with more people working from home and cyberattacks on the rise

Sponsored Content

Sponsored Content