Cyber Insurance and Personal Data

No computer is invincible, so learn to protect yourself from identity theft and cyber fraud. Photo:

Imagine if complete strangers could look inside your head and see your every thought and know everything about you. Imagine if they could use that information any way they wanted to. What sort of damage could they do to your life?

Strangers can’t get into your head to root around for information to exploit, but they can get pretty close by gaining access to your personal information. The same “strangers’ we’re taught to fear as children have been hacking their way into personal computers for as long as there have been computers.

As long as there have been personal computers, there have been people interested in exploiting them. The first digital hacks date back to the 1970s and allowed hackers to make free long-distance phone calls (quaint by today’s standards).

The Apple II was introduced in 1977 and by 1981 the first widespread computer virus, the Elk Cloner, was unleashed. It was spread from machine to machine by embedding itself in floppy disks. The Elk Cloner did its damage two full years before the term virus was first applied to self-replicating computer code.

The day the world changed, in the summer of 1981, it was greeted by a hot August breeze. The Apple II was about four years old when IBM introduced their PC to the world. By the following summer they were embroiled in clone wars with less expensive PC clones from China. The IBM machines ran PC-DOS, which was developed in partnership with a very young Microsoft, and the clones ran on MS-DOS. By the time Microsoft released Windows 1.0 in 1985, their relationship with IBM DOS was over and PC became a generic term for any computer that wasn’t an Apple.

Personal Protection

It wasn’t much more than a generation ago when personal data protection was a matter of keeping your front door locked when you went out and maybe keeping important documents in a safe deposit box. Beyond door locks and safes, personal protection revolved around your wallet: That’s where you kept your ATM card and, with surprising frequency, your ATM PIN code on a small piece of paper.

In 1983 the computing world was introduced to Lotus 1-2-3. The first commercially available digital spreadsheet program was a huge hit with accountants and numbers geeks. That was also the year that Intuit released Quicken, which made reconciling checking accounts and budgets a snap.

Two years later, in 1985, Microsoft introduced Windows 1.0, and in 1987, with the release of version 2.0, withstood a lawsuit by Apple. Microsoft was ready to turn the computing world on its head in 1990 with the release of Windows 3.0, which quickly became the bestselling software in the world and the de facto PC operating system.

Throughout the late 1980s, trailblazers connected with each other in the brave new world of the Internet. Users accessed UUNET through subscription services like CompuServe, and later Prodigy, to read and contribute to newsgroups and, for some, to access their bank accounts. Access was spotty and clunky (), but the idea of being able to see your money anytime you wanted would prove addictive. The digital table was now set for the first Web page to be served in 1990.

The Legion of Doom

Before the Web was born, the Secret Service started an investigation of online credit card theft that culminated in dozens of arrests in cities across the country. The arrests included members of the Legion of Doom, which was hacker group that quickly moved from poking around in university and government computers to credit card theft and fraud.

The realm of financial, personal protection exploded from wallets to desktops in what seemed like an instant but what was really years in the making.

For all that has changed since 1990, including the demise of the Legion of Doom, much remains the same. There is a great deal of money to be made by exploiting vulnerabilities in digital systems. Weaknesses in software still grant access for those who are able to find them before programmers identify and close them.

However, modern hackers take greater advantage not of holes in software security, but in the digital equivalent of an unlocked front door and a lost wallet.

Myth vs. Reality

After a couple of decades of dealing with cyber threats, our collective vulnerability has actually increased rather than decreased.

I hate to be the bearer of bad news, but even the most secure computer systems are susceptible. I am not being hyperbolic nor am I being an alarmist, but I do mean every computer — and that includes handheld digital devices like smartphones and tablets — is vulnerable.

The danger was best explained by legendary bank robber Willie Sutton. When asked why he robbed banks, he said, “That’s where they keep the money.” That same logic is at the core of cyber attacks.

Computers and digital devices are little more than giant dollar signs that lure hackers like neon lights. Identity theft and access to bank accounts are only two of the reasons hackers want access to your data. Serving ads and selling fixes to problems they create as well as exploiting intimate images are some others.

That means until we find a way to eliminate the desire to steal from other people rather than earning it honestly, there will always be digital Willie Suttons on the lookout for where the money is kept, and working on ways to get their hands on it.

Cyber Insurance

The insurance industry has been traditionally quick to market new products to meet new perils. For example, the automobile was invented in 1886, and the first auto policy was sold in 1898 when there were only 4,000 cars on American roads.

By contrast, cyber threats have been around for more than 30 years, and most people own at least one computer and one handheld digital device. But the first cyber insurance policy, which was for businesses, wasn’t issued until 2008.

Individual cyber insurance protection is just a newborn. It is only now starting to reach the market.

Cyber insurance for individuals falls primarily into two categories, the largely unregulated identity theft and monitoring services, and endorsements for homeowners and renters policies. Standalone cyber insurance for individuals is still virtually non-existent. The benefits on cyber security endorsements are very limited in their scope, including $50 in credit card losses and $200 from bank accounts.

These policy endorsements also cover some of the costs associated with recovering your identity, such as phone calls, certified mail, and a limited amount toward attorney fees. They generally do not offer any coverage for loss of credit or the cost of disputing fraudulent activity.

Current forms of personal cyber insurance are also loaded with exclusions for negligence on the part of the policyholder for not maintaining adequate safeguards. Most importantly, cyber insurance endorsements do not provide any coverage benefits for damage to your equipment and software, or loss or theft of other valuable data such as personal photos and records.

The Best Insurance is Self Assurance

The absence of robust commercial cyber insurance options for your computers and digital devices doesn’t mean that you have to go unprotected. Your best option for cyber insurance is to protect your own assets from cyber creeps of all kinds by securing yourself.

Cyber thieves and vandals are no different from conventional criminals, and that means they prefer to accomplish their tasks in the easiest way possible. It’s the reason houses with bars on the windows are less likely to be burglarized than houses without bars. It’s not that thieves can’t get past the bars, it’s just that it’s not worth it when there are easier pickings next door.

Take passwords, for example. In practical terms there is no such thing as an unbreakable password. All passwords can be broken; it’s just a question of whether it’s worth the trouble to do it.

The first rule of passwords is do not store them on your computer in a file marked “Passwords” — and especially not in a non-password-protected file! Stop laughing and look around — at least a few people reading this article are turning red, saying, “I never thought of that.”

Password-Protect Everything!

Use an online password checker to determine the strength of your passwords. If they don’t measure up as very strong, ditch them for something better.

Even then you should take care not to be obvious. For example, on , “Password” is considered a weak password, but changing it to “[email protected]” makes it very strong. That’s because it follows the rules for including upper- and lowercase letters, special characters, and numbers; however, it’s still not really secure. The point is, replacing one or more letters of your first name with a special character and adding 1234 is not going to be all that hard for a hacker to break just by guessing.

If you don’t trust yourself to come with something secure, use a password generator like .

Dump Defaults

Contrary to what many people think, most burglars don’t come through windows — they just put a good shoulder into the front door and walk in like they were invited. Your home or office firewall is the front door to your computer, and the first place thieves try.

A common tactic of cyber thieves is to slowly drive through neighborhoods with a laptop or other wireless device looking for open Wi-Fi connections. Absent open connections, thieves will try default passwords like “password” or “admin” to see if they can gain access.

Use encryption and reset default passwords on your routers and firewalls. Require passwords to login to each computer. This adds an additional layer of protection if a drive-by hacker manages to bypass your firewall.

Secure important files such as banking and budget spreadsheets with passwords. The extra second or two it takes to open the files is worth the effort.

If all this sounds a touch paranoid because you’re not a billionaire, you’re missing the point. Even brief access to your computer can result in tens of thousands of dollars in damage and theft — even from someone of very modest means.

Update It

Update what, you ask? Everything! Keeping your software, particularly operating systems like Windows, up to date is an essential part of ensuring your computer against attacks.

Updates to accounting software and Windows are easy to ignore because you never see any changes to the way the program runs. That’s because software companies don’t advertise the fact that a good chunk of updates address newly discovered security issues, and not applying those updates leaves you vulnerable.

Trust No One

Ask any con artist what the first rule of any good hustle is, and he’ll tell you it’s to gain the victims’ trust. For cyber criminals that often means taking advantage of established trust relationships by appearing to be someone or something that they are not.

Phishing scams usually come in the form of emails from friends, relatives, or financial institutions advising you to click here to fix something or get important information.

Don’t click. If you think the email is from your bank, open a browser yourself, go to your bank’s website, and look for the information being offered. Scammers rely on you trusting the email and being too lazy to type in your bank’s Web address yourself. Taking the time to do so does two things: It removes a potential scammer from the loop, and satisfies your curiosity about whether the link is legitimate or not.

Cracked is Whacked

Since I’m pretty sure the statute of limitations has run out on my criminal past, I confess to once being hooked on cracked software.

Back in the early ’90s, black boards were all the rage. Trading software was like trading baseball cards in the school yard. Unlike baseball cards, though, this was illegal and exposed you to all sorts of nasty viruses.

The reality is that I spent more time and money cleaning up after downloading infected files than I saved by not paying for the software in the first place.

The fact is that things have gotten worse in the realm of cracked software and serial number hacks. What once resulted in a Trojan taking over your display and haranguing you about being greedy has been replaced by worms and all manner of cyber creepy crawlies. These include keystroke loggers that transmit everything you type, including very strong passwords, back to waiting thieves.

The $150 software you got for free came at the cost of giving to thieves not only the key to your front door, but directions to your house and the times of day that you’re not home!