Is there a better way of protecting your digital life? [Q&A]
The nature of the modern world means that we all have lots of different accounts to manage various services.
Protecting all of these can be a challenge and you can end up with lots of different tools like password managers, VPNs, anti-virus tools and more. It also leads to people getting lazy and reusing passwords.
So, is there a better way of looking after your digital life? Avi Turgeman, CEO and co-founder of IronVest, thinks so, we spoke to him to find out more.
BN: What types of data and accounts are most at risk?
AT: Any account that requires you to log in with traditional credentials -- a username and a password -- is at risk of coming under the possession of a hacker. From your email accounts, ecommerce profiles, streaming services, online banking accounts, social media profiles and beyond, hackers are getting extremely sophisticated in the kinds of social engineering and data hacking techniques they employ. Of course, among those accounts, some are more sensitive and require additional layers of security.
'Phishing' and 'smishing' are types of attacks commonly leveraged against individuals by a cybercriminal posing as a reputable institution and trying to gain account access. Phishing refers to when criminals use emails or malicious website links to steal personal information, while smishing is a similar attack carried out over SMS or text message.
Then, you have malware attacks. Sometimes, instead of trying to gain account access, cyber criminals will use phishing or smishing attacks to send malicious web links that appear legitimate but instead install malware when clicked.
One of the newest and most vicious attacks is SIM swapping, which I was actually a victim of. This happens when criminals use one of a few methods to trick a victim’s cell phone provider into switching their number to a SIM card in their possession. Once they’ve done this, the criminal can then easily access any account by providing the 2FA code received via SMS to login or resetting the password on the account.
Then there's traditional credit card fraud, which occurs when criminals fraudulently access an individual’s credit card information to make purchases or steal funds. Cyber criminals don't even need physical access to the card to do this, as they typically strike when information is leaked in data breaches or when people access their accounts on public or unsecured Wi-Fi networks.
To make matters worse, password managers, VPNs, and anti-virus solutions create a false sense of security for consumers around the above attacks. For example, if your password manager gets hacked, all of your accounts are exposed and history has already shown us that this is more than possible. From Norton LifeLock, Passwordstate to the hack on LastPass, many password manager providers have experienced a high-profile security breach that put all of their customers' most precious accounts and private information in the hands of criminals.
In short, most of today's solutions are just not purpose-built for the kind of sophisticated cybercrime that exists. You have a lot of one-trick-pony providers that solve one problem or put a band-aid over it, but don't truly secure your accounts and privacy from log in to sign-out.
BN: Are technologies like 2FA and biometrics helping or hindering security?
AT: Two-factor authentication (2FA) has become extremely popular in recent years as a way to add a secondary layer of security onto your accounts. However, hackers have found a way to use 2FA against us, as highlighted with the emergence of SIM swapping above. Once hackers get that 2FA code in their hands, they can reset the password on the account or, if they have the stolen credentials, use the 2FA code that has now been sent to the phone.
Biometric fraud prevention is the only way to solve this problem. Biometrically secured account credentials are the safest way to secure accounts and are the path forward to a passwordless future. At the same time, they create other privacy risks. That's why it’s crucial to turn to a solution that uses decentralized biometrics.
Instead of storing your biometric information on a server, it's important that any biometric-based security solution separates and stores biometric data in multiple places, or nodes. This means there is no central honeypot of biometric data for cybercriminals to get a hold of and hack.
On the consumer side, this is incredibly easy to use. Instead of using a traditional password management tool, you use one that first verifies it's you using browser-based or mobile face biometrics to access your account safely.
BN: The user is invariably the weakest link in the security chain, do we need better education around these issues?
AT: Many of these attacks are powered by social engineering tactics for a reason. Us humans are susceptible to fear mongering, authoritative scare tactics. Not because we are stupid, but because we have a million and one other things to focus on throughout the day and it's a hacker's full-time job to hit us at our weakest points.
For this reason, we definitely need to put a greater emphasis on educating ourselves around the different tactics these criminals typically employ. And for our enterprise customers, we hold security awareness training that use real life stories to bring these tactics to life and help them spot them before it's too late.
These include everything from deep dives into what a phishing email looks like -- a general greeting ('Dear Sir/Madam'), spelling errors, suspicious attachments, etc -- to the kind of tone the attacker will take. Popular approaches include making the victim feel a fear of missing out (FOMO) for a certain deal or a sense of urgency from an authoritative figure like a CEO or head of human resources.
BN: How does IronVest make things easier?
AT: IronVest is a first-of-its-kind security and privacy super app that couples bank-level security with easy-to-use convenience to provide modern consumers and enterprises with full-spectrum digital life protection. More so, IronVest isn't just a password manager -- we already know these are far from foolproof alone. It’s a next-generation security super app that helps consumers manage everything they need to transact safely in a digital world -- from ultra-secure account protection, privacy emails to virtual credit cards, all auto-filled with a click.
A core part of our offering is differentiating between two concepts that often get used interchangeably -- 'privacy' and 'security'. They are tied to one another, but not exactly the same. Privacy is keeping your personal identifiable information (PII) safe, while security is focused on keeping your accounts safe. You'll see solutions that do one or the other, leaving consumers at risk. IronVest is the only all-in-one security and privacy super app designed to protect the access points most vulnerable to hackers and fraudsters.
In addition to our full-spectrum solution, we also pride ourselves in our belief in protecting the self-sovereign identity and putting personal data control back in the hands of consumers. IronVest leverages decentralized biometrics to ensure bad actors can never access a user’s biometric template and a zero-knowledge infrastructure to ensure user data and secure keys are not available to anyone, including us at IronVest.
BN: Are we approaching the much predicted end of the password?
AT: Our hope at IronVest is yes. As someone who has fallen victim to online scammers, I know how demoralizing and scary it feels to be scammed online, often with little help from the organization responsible for your keeping your details secure, with lots of blame placed on your shoulders.
We can't wait to see a world where traditional passwords are no longer. A multi-layered approach to consumer security, including passwordless biometric authentication, securing MFA channels, and self-sovereign identity are the only path forward.
Image credit: PantherMediaSeller/depositphotos.com