(soft upbeat music) - Welcome back to InFocus, I'm Jennifer Fuller.

We've all heard the warnings about cyber security, but how seriously are we taking those warnings?

Perhaps you've been overwhelmed by the advice, the guidance, the alerts, and more, and like so many of us you're dependent on a phone or a mobile device, any number of online apps and portals that track important information those things that can also cause a big threat to your personal security.

In this episode, we're taking a closer look at ways to keep yourself safe.

And while experts say nothing is foolproof these tips and suggestions might just get you a bit closer to securing your digital world.

Coming out of the holidays many of us received devices, but how many of us took the time to make sure those devices were secure before we dove in, installing apps, joining groups and conversations and more and how much are we paying attention to the young people in our lives.

One security risks that may be overlooked are children's toys.

As more and more toys become connected to apps, Bluetooth, the internet parents may not fully understand the way the toys could be hacked or use to gain access to a homes other devices, Steph Whiteside talks through Hannah Rhodes with Illinois Public Interest Research Group about the risks and what parents can do to make sure their children are safe using these devices.

- Hi Hannah, thank you so much for joining me today.

- Thank you so much for having me.

- Thank you today about children's toys and some of the sort of security risks that can come with these connected toys.

And so I wanna start out by saying like can you tell me a little about more of what examples are of these toys that have a tech aspect?

I think most people think, oh, gaming systems, Nintendo Switch that kind of thing, but there are also other toys that may get overlooked, right?

- Absolutely.

I think it's important to understand how smart toys work and there's really three levels of smart toys.

So first there can be the toy that the child interacts with, so a toy that could have a camera or a microphone.

Next there could be a toy that has a mobile app, which can connect children to other users or to the internet.

And third, there can be a personalized online account which is storing data on the toy and its user, which presumably would be a child.

- So let's talk about some of the risks.

I think parents buy toys, they assume because it's for children especially if it's for young children that there's safeguards built in.

And I think most people know kind of to talk to their kids about like, don't give your information out to strangers on the internet, don't trust that the person that says they're another kid is another kid, but what are some of the less obvious security risks?

- Well, one toy that we tested this year in our annual Trouble in Toyland report was the singing machine, which was the children's karaoke machine.

We tested the Bluetooth connection and we found that from 30 feet away and even outside of the home, a person could connect to that device.

And one of the risks there is that a person could play an explicit song or a voice recording, telling a child to come outside.

A darker plot, could be a person trying to connect to other devices in the home, other smart devices.

One toy that we did look at in years past and other consumer groups did as well is CloudPets.

But what we found in this year's report is that CloudPets were still for sale on eBay.

And what we looked into it was to see if any of the issues have been fixed, in years past they got in the hot water, because the stuff toys collected voice recordings and those voice recordings of children were hacked.

What we found is that website is still insecure so if you purchase that toy from eBay or another resale site, you still could have the same issues that happened years ago.

There are ways to work around and with the singing machine another thing to point out is that it was just if the device was turned on, we didn't have to hit the Bluetooth pairing device to pair a device to it.

- What about toys with apps?

I know a lot of those apps are supposed to have safeguards to kind of make sure that adults aren't using them or that kids can't access things kind of beyond that kid safe zone.

How secure are those?

- We have seen an example in the past where a company was able to upload as a user of the toy inappropriate content.

So that can be a risk there that sometimes it can be difficulties policing, what users are putting on the platform in an app.

- In terms of internet, I believe some internet connected devices or toys do say they kind of limit the parts of the internet that they connect to.

Is that really secure or do parents need to kind of take additional steps with those toys to make them a safe?

- I can't speak to the general security of the toy, but I would say no matter what it's always important to be aware of what the smart toy can do and what the limits are.

It's really important to be there when setting up a smart toy and seeing what information is being shared about your child and what they can connect to.

- In terms of internet, I believe some internet connected devices or toys do say they kind of limit the parts of the internet that they connect to.

Is that really secure or did parents need to kind of take steps with those toys to make them safe?

- When talking to their children it's really important to outline what information they're even comfortable with their child sharing about themselves, to make sure that they're not skipping over the parental permission settings, especially if they're under the age of 13 and simple things that adults might look over, making sure they're strong passwords on online accounts is something a child may not think of.

- Yeah, I know a lot of adults don't think of that.

What about things like sharing wifi?

Are there things like that?

I think kids might be inclined to, oh my friend or somebody wanted our password.

Like how should parents kind of approach those conversations?

- I would agree with you that it's important conversation to have about sharing wifi and passwords that are personal to a home and could be a privacy risk that a child just isn't aware of.

- Yeah, 'cause it sounds like the most important thing is really to for parents to sit down with these devices and get to know them and what they're capable of and not just kind of trust that because it's marketed to kids it's fine.

- Absolutely.

Just taking a few minutes to be aware of what the device can do and what your child has access to is really important with connected toys.

- Lots of advice on cyber security can go over our heads.

It flies in one ear and right out the other.

So here are some ways to keep yourself safe on those mobile devices, both at home and away from home.

The first you'll need to learn to sacrifice convenience for safety.

Some things may seem easy, like keeping your information on your favorite sites but it may not be secure.

Think of a router as a key to your home.

What are you going to do?

Get a deadbolt.

Well, make sure your routers password is very strong and only give it to people you trust.

And don't forget to change that password regularly, avoid using public wifi, use your mobile device and cellular data instead, consider using an ethernet connection instead of wifi for all your devices even at home and use a VPN, a virtual private network.

VPNs can keep your IP address secret and encrypt your internet traffic, be aware of your mobile devices and what they're connected to Bluetooth, hotspots, location signaling can all be ways for someone to get into your device even if you don't know it.

Well, speaking of those mobile devices nearly everyone has a smartphone.

They've given us unprecedented access to information, products, people and more, but they've also given other people access to us and to our information.

Mark McDonald takes a look at how we can take steps to protect ourselves against becoming a smartphone victim.

- We're with Josh Krigbaum, who's an IT professional at Sharkey Transportation in Quincy.

He's also worked for the Homeland Security Department in internet security.

And I asked you because I wanted to concentrate on phone security.

You know, almost all of us have one of these now and know very little about what their possibilities are.

So let's briefly talk about, I think a lot of people have heard about what phishing expeditions or phishing attacks are.

And I asked you to demonstrate a few for me, could you get us going?

- Yes, a phishing attack is where an attacker will create a fake log in on a website and pretend it's real so that you will hopefully enter your username and password, your username and password and give that to the attacker.

And you sent one up for us.

- Yes.

So I have one, I created an email account that would just play the role of victim of these various scams.

And one of the first ones I sent was a Bank of America emails saying, just saying, hi, your account has been suspended due to suspected hacking please log in to fix the problem.

- And then if you're a little on the dumb sign like I would go ahead and hit long in because I'd be worried about this, right?

- And the point of most of these is to cause some kind of fear or panic or anything to make you not think about what you're about to do.

So the goal of this is to make you nervous, make you click on this login link.

And when you click on the login link you go to a site that looks that has the Bank of America logo, it could have other elements from the legitimate Bank of America website, but this is something I set up yesterday.

- You created it, so if you could do it, other people could do it too to make it look like it.

- It's very easy to do with minimal skills.

I've disabled the actual input on this just to make it safer, but it will look like a genuine login with a space for your username and a space for your password but it's not owned by Bank of America.

So when you enter that information it goes to the hacker.

- (murmurs) goes to the hacker, okay.

- Who can then use that to get into your actual the bank account.

- Now is there a way that I would know not to do this?

- There are a couple of ways to tell the first way is in the email itself.

When you receive an email, it'll show you who the name is for that email and that can be set to whatever you want.

So I set this one to Bank of America help desk.

If you click on it, however, it will show you what the actual email address is and this is just a generic one I created @gmail.

So you can look at it and say @gmail.com, this definitely isn't Bank of America that's emailing me.

- So it's a good rule of thumb to go ahead and click on the two line and that'll give you the email address and it gives you more information about whether it's legit or not.

- Yes.

- And now you might also send me one just to a person, asking for help.

And I think we've all gotten those from Nigerian people who need to get home, those kinds of things.

- Yeah, there's the Nigerian prince scam and these can come via email or Instagram or any social media.

- So this one, you created this this is a plea to me, go ahead and open it up for us if you would.

- [Josh] This email looks like it's comes from Mark McDonald, you open it up and it says, hey, I'm out of town, my wallet got stolen, I'm going to a birthday party for my cousin could you real quick send me an Amazon gift card.

- [Mark] (laughs) Okay.

- Seems innocent and if you don't think about it, you just think, hey, Mark needs a gift card I'll send him one.

- But again now the two line shows you something.

And if you click on the two line, what do you learn?

- So it doesn't show it by default but if you click on where it says to me, and it will change based on which app you're using, you might have to click on the icon for the person.

So different email apps will have different ways to look, but you wanna look at the actual email address and you can see right away that if I know Mark McDonald, I know that this is not his email address.

So that would mean I need to either follow up and say, is this really Mark?

What's your birthday?

That kind of thing.

- Let me ask you about apps.

Companies are constantly asking you to download the their app, download their app, when you download an app are you in any jeopardy?

- For the most part, no, especially if it's official company app.

If been by default, a phone will only install an app if it's from the App Store or the Play Store depending on what type of phone you have.

That can be overridden SO that apps can be installed from any location.

So if you have a teenager that might do something like that, then you might wanna think about virus protection.

- [Mark] Yeah.

- But if you're only going to the App Store you generally feel pretty safe.

- You feel generally safe about that?

- Yes.

- 'Cause they filter out the bad stuff.

- Right?

- You're going to your bank website or you're going to a company that you frequent and they have your credit card information and you purchase from them on a regular basis.

Do you feel safe that that site is safe?

And how do you check?

And some sites are encrypted, some sites are not, I wanna deal with the encrypted sites, right?

- Yes.

- How do I know?

- When you, on a website it will show a lock and in any browser, whether you're on Chrome, Edge, Firefox, it'll show a lock by the address.

And the address could be on the top or the bottom of the screen, depending on the version of the browser and the type of browser.

But that will show your address of where you are and it will show a lock.

If the lock is closed, that means the site is secure and you're okay with entering information.

- You tapped on it and a little box and here it says, it says connection is secure.

And that's what you're looking for then.

- Right.

- You feel a lot better than of giving them your credit card information or sending them any information about yourself.

- Correct.

Yes, if you don't see that lock I would not give any information to that website.

- Okay, very good.

Good advice.

Thank you.

I hope you too feel better about using your phone after these few moments with Josh.

InFocus, in Quincy, I'm Mark McDonald.

- So locking down devices and other points of entry into our lives it's just one piece of the puzzle when it comes to cyber security.

We also have to think about the ways we interact with the outside world.

Certain web browsers can be more secure than others, consider using Firefox or Brave browsers.

DuckDuckGo is a more private search engine and use multi-factor authentication.

The more steps it takes to access your account the better.

How do you keep track of your passwords?

Using a password manager can be helpful in this case and more secure.

Be careful as well about what you post to social media and who can see it, remove location information from your photos before you post them.

Another way to keep yourself safe is to have a PO Box.

Many of those credit card offers you receive in the mail can be used for fraud, so hiding your personal address might be a good idea.

Do you have a virtual wallet for your credit cards?

These allow you to use a different card number, a different name, even a different address, and they can all be locked.

Personal safety is just a part of the puzzle, organizations, businesses, even governments can keep up with cyber security and should.

Insurance claims from ransomware attacks rapidly increased in 2020, they led to insurance companies requiring more and more safety training and regulations before they'd even write a policy.

Benjy Jeffords looks at how those changes affected Williamson's County Government in renewing their policy recently.

- [Benjy] Malware and ransomware accounted for 13% of cyber liability insurance claims from 2014 to 2019.

In 2020, it showed up to 54% of the total claims.

The increase in attacks led to insurance underwriters requiring more protection before the policy can be written.

In January for example, Williamson County's board of commissioners learned they have to meet new conditions to renew their policy.

County commissioner Jim Marlo says in the past, renewing only took a couple of minutes over the phone, but now they have to demonstrate they've met the new requirements.

- There is a multilevel authentication as a requirement.

Training is a requirement, all these have to be met in order to comply with the insurance demands to get the coverage.

It used to not be quite that way, but as time goes on and I'm sure everyone's aware hackers become more clever in everything.

- [Benjy] Marlo says the county provides computers and network for the county's administration building, courthouse, Sheriff's department and highway department.

So they have to make sure cyber criminals aren't able to get access to their network or data.

- In order to protect the county and to protect the residents and the information and the data that we have, you have to do that.

As a public official we're put in charge to be the stewards of the county's funds and the taxpayer dollars so we have to protect it at all costs.

So yes, this does increase the cost of daily operations.

- [Benjy] Tom Couch is an insurance agent with First Mid Insurance Group which provides Williamson County with cyber liability insurance.

Couch says over the last few years trends in cyber attacks have gone from stealing data to taking control of the network and shutting it down for a ransom.

- It's the first party coverage which is the ransomware and extortion threats that have developed in the last year.

And these are the claims that have ramped up significantly.

- [Benjy] Couch says the increase in cyber security has the cyber criminals aiming at new targets.

- These have been directed at very large businesses, but now they're moving down into smaller and mid-sized businesses and they're targeting primarily in the last six months or so hospitals, local governments, medical providers, these types of businesses have been the targets recently.

- [Benjy] Currently local government entities have been a big target for ransomware.

- There are so many essential services that local governments provide that when they are shut down and denied access to those services they really have to respond and pay the ransom.

- [Benjy] Couch says one of the most important parts of the new requirements is a yearly training.

- The main way they infiltrate these is by phishing, by sending emails that look very, run of the mill, day to day and get someone to click on a link that puts the malware into the organizations systems.

- [Benjy] Marlo says Williamson County, hasn't had to use it cyber liability insurance yet and he hopes they never have to.

- We're always subject to being a target of viruses, of cyber attacks.

Every governmental entity is.

And so with that being known, the county needs to have coverage, insurance coverage in regards to this.

- [Benjy] Marlo says to limit cyber attacks they have blocked employees access to certain websites that are not necessary for county business, but some departments need open access to the internet for investigation purposes.

Marlo says they had to make special arrangements to accommodate those departments while protecting the rest of the network.

- In order to do so, our network with the IT protection that we have, the virus protection that we have and malware protection, it would prevent that.

So we'll have to have certain dedicated units that will be different than all the other computers that are on our network.

So the county itself will be protected for many malicious attacks.

- [Benjy] Marlo says the board of commissioners plans to be proactive in protecting the county from cyber attacks.

- We have to all understand we live in a changing world.

I'd like to think that things like this don't exist in that think good of everybody in that nobody would wanna do any criminal activity anywhere in the world, but that would be living in a bubble.

And the reality is we do have to protect ourselves.

It's up to you and I to protect ourselves in everyday life and it's the commissioner's job to protect the taxpayer dollars and the data that we have in county government.

- [Benjy] For InFocus, I am Benjy Jeffords.

- There are more ways to keep yourself safe and sometimes it has to do with the physical world rather than the virtual world.

For instance, invest in a shredder, shred all personal information instead of just throwing it in the trash.

Get a privacy screen for your phone or laptop, especially if you use them a lot in public.

This blocks the view of those screens unless you're right in front of them.

And finally, you need to think about what you should do if you think you've been hacked, that can be a chaotic time, but there is help available.

Contact your bank and your credit card companies immediately they can help you either suspend, close or transfer your accounts and information, put a security fraud alert on your credit by contacting any of the four credit bureaus, TransUnion, Equifax, Experian, or Innovis they'll circulate that alert to each other.

You can also put a lock on your social security number.

but be aware that means even you can't use it unless you unlock it via the social security office.

You should change all of your passwords and set up multi-factor authentication.

Unfortunately, if your information is compromised, the chances are hackers have also found ways to identify your close friends and family.

So contact them, make sure they're taking precautions as well.

There's certainly a lot to absorb when it comes to protecting your private information while still being able to interact in an increasingly connected world.

From all of us here at InFocus, I hope you learned some new things to help make your world a bit more secure.

Until next time, I'm Jennifer Fuller.

Thanks for joining us.

(soft upbeat music) (soft trumpet music) - I actually never met your dad, my grandfather, what was he like?

He wasn't the biggest guy, but people reacted to him like he was a giant.

He could swear with the best of him, it sounded like music, but it never used it to be angry with somebody.

I remember my mom would tell me, "Your dad tried to spank you once and he cried instead.

He had a kind heart."

And I remember in grade school, there was a little kid, he was mentally retarded.

And one day there was a bunch of us and we started throwing ball caps at him.

I picked one up and threw it, it smacked him in the head and I turned around and my dad was standing there and I thought, oops, I'm really in trouble now.

But he looked at me tears in his eyes and he said, "Maybe I didn't teach you how to look after others.

That's my fault. "

You could have stabbed me in the heart and it wouldn't hurt as much.

I don't know maybe that's why I became a special ed teacher.

He had a lot of lessons that I hold on to, to this day When I was young I came home one day and I said, "Dad I was told that men don't cry."

He looked at me and he said, "Son, that's a lie.

If you don't cry, you don't get rid of that poison that's in your body, that hurt, that pain, that's the only way you can truly be strong."

That was one of the most powerful things I've learned from him.

And that's how I always remember him, the way I'd want to be remembered as a good man.

(soft trumpet music)