Monday, October 24, 2016

Cybersecurity tips for the finance worker

When I heard about the hacked Podesta and Powell personal emails, I became concerned and reevaluated what I already have in place or need to do to in order to better safeguard my communications.

If you are not familiar with the method used to hack into Podesta's personal Gmail account, you can read about it at the Motherboard.
Using an e-mail message though a tactic known as spear phishing the hacker sends you an email that appear to come from a legitimate party, possibly a security alert from your email provider account which was the case with Powell and Podesta.
"The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you." -Norton
. What can you do ?
  1. Never reveal too much personal information. That's one of the reasons I write under a pseudonym.
  2. Use different e-mail  accounts for different purposes (for example one for friends communication, another for bills, another for shopping, another for medical records, etc.)
  3. Change passwords frequently.
  4. Familiarize yourself with encryption methods @Justin Fox @Bloomberg View mentions Barton Gellman . Gellman uses Secure Drop, Ricochet and Pump to keep him anonymous and conceal his IP address. Pretty Good Privacy (PGP) is considered the gold standard in encrypting email (you need to create open PGP keys though, encrypt, and then decrypt the files).  Read Gellman's Why I Guess Your Ipad Password to stop using easy to guess passwords.
  5. Surf the internet anonymously using a VPN so traffic though your computer goes through alternating proxies, not revealing your physical (IP) address.
  6. You may wish to use Tor for anonymous browsing.  Tor Version was released Oct. 17th. Tor requires a subscription. The problem with Tor is that is may attract unsavory characters operating on the fringes of the law. 
  7. "Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers."-Tor
    As an investment professional, you need to expect your communications to be listened in, If it's not your competitor, it could be your wife (or husband). OK, the latter is not a 'hack', more of an indiscretion. What do you do ? You just don't have a computer, you have phones, and there's the Internet of Things (multiple devices such as cameras or a refrigerator connected to the Internet in your household). Security cameras are particularly susceptible to being hacked.
  8. Use VPNs for your phone. (Express VPN, PureVPN have a monthly fee while Super VPN  for example, is free)
  9. Use these measures to protect your IoT devices from being easily hacked ( Business Insider ). Recent hacks have used digital cameras and DVRs to reach a multitude of devicesThe Rise of IoT hacking
  10. Your wife (husband) might be using FlexySpy Phone Sofware to keep tabs on you. What do you do ? Get another wife! Easier said than done! Or it could be a real hacker.The Guardian: Your phone number is all a hacker needs to read texts, listen to calls and track you.
  11. Stop using cells phones and go back to the '80s and early '90s. (use public phones and land lines only that are unknown to others except to the closest to you). Again, easier said than done.
When working in the securities industry, you can have zero expectations of privacy, on your work emails and messenger. These are routinely screened for keywords and are the property of the company you work for..

Updated Oct. 29th, 2016

Here's a sample of emails I received recently. Guess what? Chicken butt !

Important Disclaimer:

"No legal or tax advice is being offered herein. Website operators not responsible for any errors or omissions in the contents or for links to any third-party resources. The publisher expressly disclaims any and all responsibility for any direct or consequential loss or damage of any kind whatsoever arising directly or indirectly from: (i) reliance on any information contained in the website, (ii) any error, omission or inaccuracy in any such information or (iii) any action resulting therefrom.


  1. Veritone is transforming Artificial Intelligence into Actionable Intelligence !


To embed an image, please use this code: :img:IMAGEURL:eimg:
For videos, :youtube:VIDEO ID HERE:eyoutube: