Securing Your Google Account: The Unofficial Guide

Securing Your Google Account: The Unofficial Guide

If you use a computer today, there’s a fair chance that you have a Google account. The practicality that if offers with its comprehensive service offerings simply can’t be ignored. However, it is also important that a user’s, whether they utilize it for business or personal use,security isn’t ignored either.

Unfortunately, security is precisely what is often ignored, mainly due to ignorance as to why and how to secure their account. Here, we will cover both why a Google account absolutely must be locked down, and how to go about doing it.

What Makes a Google Account So Valuable

There is a huge discrepancy between the impression of what the Internet itself is for, and what it was actually created to do. While a great amount of the Internet is utilized as a means to store personal and private information, it was actually intended to share information as effectively as possible. The word Internet itself reflects that, derived from inter (reciprocal or shared) and network (a system of connected things).

From the very start, the Internet was meant to be an information dispersal tool, enabling anyone to access the knowledge they wanted. Back in 1962, MIT’s J.C.R. Licklider described a system he called the“Galactic Network” in a series of memos. The Galactic Network was meant to connect computers all around the world so that data and programs could be shared. Sir Tim Berners-Lee, the man credited with inventing the World Wide Web, did so based on the ideals of access and openness. As he put it:

“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”

This viewpoint informed the Internet as it largely exists today: a space where things can be shared, unfettered by any central point of control. This is the framework that the ideals of net neutrality and group participation flourish in, censorship stomped down through accessibility. It’s almost funny that we try to keep anything on the Internet a secret anymore, looking back at its original purpose.

Yet, as the Internet was leveraged for additional purposes, there was an increased need for privacy and security. Many communications shared online contain confidential information that needs to be shared exclusively with certain users. As a result, a new online environment emerged, where security measures restricted access to information to only those with the right credentials. This new approach has proved beneficial for businesses and individuals alike and is why Google has grown to offer what it does today.

Google’s Assorted Services

While Google originally started as a dissertation project by two PhD students at Stamford, its uses have expanded greatly in the years since. G Suite applications, like Google Drive, Google Docs, and others have assisted businesses greatly, while many private users have leveraged services like Google Maps and Google Drive for their own ends.

Perhaps most of all, users of all kinds have opened Gmail accounts, and have used these accounts to sign up for other assorted web services… and this is the where the potential problem lies.

How much do you rely on Google, in terms of accessing your online accounts? How much impact would the compromise of your Google account have?

It May Be More Than You’d First Think

Let’s look at the tendency to use a Gmail address whenever an email is required, or to save a password for easy access,or even to link a Google account to another profile. This all makes Google the most convenient option–if all you need is an email to create a profile, why not just use the one that you use for everything else?

Really, when all is said and done, Google is the choice that makes the most sense. Google offers reasonable security, and the other capabilities it offers deliver some compelling reasons to use it a soften as possible. However, there is a consideration that many overlook, to the potential detriment of the security of all of their accounts.

Setting up an account through Google means that account is only as secure as your Google account is.

Or in other words, if someone were to access your Google account, they have everything they need to access every account that you connected to Google in some way, shape, or form. This may mean more to you than you’d realize.

A Brief Demonstration

If you happen to be reading this on a desktop,go to your Google account by clicking here. Under Sign-in & security, click into Apps with account access. This will show you a list of all the applications with access to your Google account, along with a list of the websites that Google Smart Lock has your credentials to.

How long is your list? Does it happen to feature your bank?

If so, someone who gains access to your account could easily commit financial fraud. They could also use their access to your email to tell your bank that “you’ve” forgotten your password, resetting it and locking you out.

The Quandary

Unfortunately, the usefulness that Google delivers is too great to ignore as well, to the point that it is almost irresponsible to pass it up. This leaves us at an impasse of sorts–do we embrace convenience at the cost of security, or improve our security while sacrificing convenience?

The good news is, you don’t have to choose, as long as you have properly secured your Google account.

A daunting task, yes, but only because we have grown accustomed to Google providing one-click solutions. While there is no magic option that will keep you completely safe, securing a Google account is possible if the right precautions are taken.

Protecting Your Google Account

Again, these aren’t magic options, which means that that these aren’t solutions that will work indefinitely. Rather, they will require repeated activities over time. What follows are the steps you need to follow in order to protect your Google account, and by extension, your data.

Passwords and Account Security – Of course, this goes for all of your accounts, but because your Google account has so much tantalizing info in it for a hacker to leverage to their advantage you need to be extra careful in locking it down. Therefore, you need to ensure that access to it is sufficiently protected by a password in keeping with best practices, as well as the access point used to log into your account.

A good rule of thumb is to avoid using devices that are open to the public in order to access your accounts. This is because a cyber criminal may be able to access your account after you have finished your work, and the fact that these devices are petri dishes for cyber attacks doesn’t help either. Public Wi-Fi signals should be avoided for similar reasons. All the convenience in the world isn’t worth a security breach.

Two-Factor Authentication (2FA) – In addition to being smarter about how you access your Google account, you should establish additional requirements to make it more challenging to do so. Two-factor authentication can be a highly effective way to prevent unwanted access to an account, as long as it’s approached correctly.

The crux of the matter is this: not all two-factor is the same. If given the choice between a text-based 2FA solution or a mobile application like Google Authenticator, you should utilize the app. It will be the more secure option.

Furthermore, your Google account will give you access to a list of authentication codes that each have a one-time use. These can be used if you don’t happen to have your mobile device handy. Furthermore, these can be reset whenever you need to, so if you happen to lose the list, you don’t have to worry.

Log in to your Google account to set up these features and the others that are offered.

With the amount that the average Google account is linked to, it is paramount that its security is preserved. WheelHouse IT can help you preserve not only the sanctity of your Google account, but your entire IT infrastructure. Give us a call at (877) 771-2384 to learn more.

The Best Way to Be Safe

The Best Way to Be Safe

Computers of all kinds typically come with hardware built-in that allows them wireless connectivity to the internet and/or network access in which a host of resources are available. On the other side of the coin, there are wireless access points that are administered to allow computers the internet or network access. There are some points to keep in mind whether using or administering a wireless network to ensure a safe experience. The scheme of it can seem like an enigma so the points below are simplified as much as possible. 

On the user side of the coin, when approaching a wireless network, there are two basic choices when it comes to security; it can be used, or not be used. Some wireless networks require a password to access and some do not. The ones that do encrypt data flowing over the wireless network, which means that in the event somebody using the same wireless network intercepts the data, it will be unreadable (which is good).

When the data leaves the wireless network and moves across the internet, it may or may not be readable by other people depending on the website being accessed. Websites that use HTTPin their website address encrypt the data from the user’s computer all the way to its destination, and vise versa.  If the ‘S‘ portion of the protocol is missing, data will not be safe once it leaves the wireless network and moves across the internet. 

The administrative side of the coin, that is, setting up a wireless network to be secure is relatively simple. The administrator can choose to require a password, or not. A wireless access point to which computers wirelessly connect can be purchased at several different kinds of stores and contain instructions for setting them up. 

If there is concern about the security of using or administering a wireless network, please contact us.

Check Out Our Blog!

Tumblr Vulnerability Concerns Valid Amidst Social Data Breaches

Tumblr Vulnerability Concerns Valid Amidst Social Data Breaches

Earlier this month, short blogging and social media tool Tumblr announced the presence of a vulnerability that could have exposed certain protected information to hackers under specific circumstances.

The news came at a bad time for social media platforms. Just a week prior, Facebook announced an industry-shaking data breach, around the same time that Google announced it was shutting down its Google+ service due also to a huge data breach.

Within the context of those other stories, its important to fully understand the vulnerability and what it means if you use the service.

Problem with Recommended Blogs

According to Tumblr, an unnamed security researcher found a flaw in the “Recommended Blogs” feature on Tumblr, which displays a select, rotating list of other users’ blogs to the reader. When using the desktop version of the site, the researcher found that an attacker could expose blog owners’ information using debugging software in a certain way.

The vulnerable information wasn’t as critical as it could have been. Potentially exposed information included users’ email addresses, salted and hashed account passwords, self-reported location, prior email addresses, last login IP addresses, and blog names associated with the compromised account.

It’s interesting to note that the self-reported location is no longer an available feature.

More Vulnerability Than Breach

So, how bad is the news, really? In light of the breaches at Facebook and Google—we can count Twitter’s API flaw from September in the mix—Tumblr got extremely lucky. Its report was forthcoming about the vulnerability and its limitations.

Given how an attacker would need to see a recommended blog, and then perform a specific set of actions, it’s easy to believe Tumblr’s assertion that it can’t determine if specific accounts were affected, nor the fact that the bug was “rarely present.” That rarity, and the fact that sensitive passwords weren’t exposed in a more open manner, are encouraging facts.

While the Tumblr vulnerability might not reach the level of a data breach, it’s still important to be ready to respond if your data is compromised. Contact Wheelhouse ITif you believe your information was compromised in any of these breaches to determine your best course of action to protect yourself from harm.

Why You Should Encrypt Email

Why You Should Encrypt Email

Encryption can be an invaluable tool for your company, especially where your email communications are concerned. Here, we’ll go over a few of the benefits you can see by adopting it – but first, we’ll briefly go over what encryption is.

What is Encryption?

Looking at the word itself and breaking it down into its parts, the root of the word encryption is “crypt,” from the Greek kruptos, meaning “hidden.”When something is encrypted, it just means that it is hidden from view unless one has the key to decrypt it. While the process of encryption actually scrambles the data, this is an apt way of describing the end result: when an email is encrypted, only the intended recipient will be able to read it properly.

This leads to some of the greatest benefits that this process has to offer, especially where your business’ emails are concerned.

Security

Naturally, security is the primary motivation for encrypting data, as it is a pretty effective measure to take. With so much sensitive and private data being passed along through email in businesses of all sizes, protecting it through encryption measures is a must for any organization.

Nowadays, rather than attack your network to gain access to your communications, hackers prefer to seek a peek at them while they’re in transit, outside of your business’ protections. Encryption renders them unable to do so with any efficacy. After all, a hacker would find the phrase: “Password: fn*o807jsL” very valuable… not so much when all they can see is “bh16//57xf+lkbv/sdn.”

This also ties into another reason why a business should be encrypting their emails.

Compliance

Depending on the industry it falls under; one business may have more stringent regulations than another regarding data privacy. The example you’ll likely hear is the Health Insurance Portability and Accountability Act, or HIPAA.

Under the rules set by HIPAA, health information cannot – cannot – be shared without the patient’s consent. The thing is, if a hacker were to intercept an email that contained this information as it was being exchanged between two approved parties, this would count as a HIPAA violation. Email encryption adds that additional layer of protection to the correspondence, protecting both (in this case) patient and provider.

Efficiency

If the correct technology is leveraged, there is no longer the need to jump through hoops in order to ensure the security of your emails. That means that, rather than taking the time to manually secure your emails, your solution protects them on your behalf.

Interested in learning more about encryption and how it can benefit you? Reach out to WheelHouse IT at (877) 771-2384!

Facebook Database Breach: Practical Information

Facebook Database Breach: Practical Information

On September 16, 2018, Facebook discovered unusual activity via their network analytics equipment — it appeared that computer hackers gained some type of access to a database of approximately 50 million users.

In July of 2017, Facebook introduced a new feature called “view as“, which allowed owners of Facebook accounts to view their profiles the way the public would see them — the data breach occurred through a vulnerability found in the recently added Facebook feature — computer hackers are said to have used Facebook developer software to exploit the vulnerability.

The bottom line is that although the Facebook administration discovered the hacking, the vulnerability in Facebook’s network existed for over a year before they actually discovered it — who knows how the stolen information has been exploited before anyone knew anything about it! 

What type of information was stolen?

So far, it’s known that only relatively simple information has been stolen — nothing that will allow criminals to easily steal one’s identity. However, Facebook administration’s assessment is that it’s still very early on in the discovery process and it’s still too early to know exactly what types of data were accessed and how that data might be used in the future. 

Until more information is known about the potentials of the data breach, there are a few practical pointers below that will help bring peace of mind while waiting for the experts to learn more. 

For starters, the Facebook administration recommends that all its users change their passwords, ASAP

Furthermore, since computers are now a critical and integral part of society, and since personal data of millions is spread out across several different government websites and other organizations, it’s probably a good idea to purchase some type of identity theft protection and insurance — it needs to be understood that Facebook is only one of many organizations with a potential to lose personal, private computer data to illegal hackers.

It’s recommended by security experts that a minimal type of identity theft protection be purchased regardless of the recent Facebook database breach. Keep in mind that identity theft protection and insurance are relatively inexpensive. 

WheelHouse IT specializes in a wide array of security defense systems enabling a proactive approach to security as opposed to a reactive approach. Please contact us for assistance in determining a suitable course of action if there is concern regarding the Facebook database breach.