Tips to protect yourself from new computer threats

Some of you – especially if you work in a technology-related job – may have already heard about two newly discovered computer vulnerabilities that are called Spectre and Meltdown. And if you think the names Spectre and Meltdown sound pretty ominous, you’re right.

These hardware bugs represent a potential risk for everyone who uses a computer or smartphone. Hardware and software companies are now scrambling to fix the vulnerabilities before major fraud is committed. To date, no major instances of fraud have been attributed to these hardware flaws, but it is possible that fraudsters will figure out the mechanism to do so soon.

That’s why we all need to be especially careful and vigilant while online and take some extra steps to protect our computers and the personal information stored on them.

What are the vulnerabilities?

Meltdown. The hardware affected by Meltdown has been in our computers for years – including every Intel chip produced since 1995 (yikes!). Basically, the Meltdown flaw makes it possible for malware to “melt” the security isolation between your computer’s operating system (OS) and your apps.

Spectre. This design flaw doesn’t date back to the ’90s — it only affects newer hardware, including some smartphones. It doesn’t affect the OS, but instead breaks the security isolation between the various apps on your computer or phone.

Why now? So if these design flaws have been part of our computers for years, why are we only hearing about them now? The design flaw that creates the vulnerabilities was discovered last summer by researchers at Google’s Project Zero. They alerted manufacturers so they could work on a fix, and the discovery became public in late December.

What could happen? The worst case scenario is that a fraudster who accesses your PC by taking advantage of one of these vulnerabilities could access info from your computer memory. This could reveal information that would enable them to steal your identity. The bug could reveal passwords that are stored in your web browsers or the contents of documents that have personal financial information, like retirement account statements or tax forms like your W2 or 1099. Access to those forms via a breach of your PC’s memory could thus give a fraudster enough info to compromise your identity.

What is Alliant doing to protect you?

Alliant’s Information Security and Fraud teams are vigilant in their work to protect our members’ accounts and identities. A special task force meets regularly to ensure they are up-to-speed on the latest developments in mitigating these issues. They are educating all Alliant employees on the risks of Spectre and Meltdown and how to best protect our members.

“Alliant members can rest assured that we’re doing everything possible to protect them from the risks related to the Spectre and Meltdown hardware flaws,” said Bill Podborny, Alliant chief information security officer. 

While Alliant is doing our part to protect our members, we know that the best way for members to maintain their security is to be educated about risks and ways to mitigate them. And that’s why Alliant’s Spectre and Meltdown task force asked me to write this article to fill you in on these two risks and share tips on how to better protect yourself and your family as you use computers and smartphones in your daily lives.

What can you do to protect yourself?

A few general security and fraud-prevention recommendations are key, as always. You should use strong passwords, keep your software updated, use up-to-date antivirus and antispyware software, learn to recognize phishing emails, and avoid unsecured Wi-Fi networks. For more general security tips, check out the Security page on our website and our blog. Below, I’ll go into a bit more detail on some protection steps that are especially relevant to the risks posed by Spectre and Meltdown.

Check – carefully – for Spectre and Meltdown patches

There are already patches to protect against the Meltdown flaw for computers using Linux, Windows and OS X operating systems, and patches are in the works for other systems and devices. But please don’t just Google “meltdown patch” to find yours, or you could end up downloading and installing malware (a malicious computer program) that will cause you to fall victim to this problem.

The National Cybersecurity and Communications Integration Center (NCCIC) recommends that you only “download any patches or microcode directly from your vendor’s website.” The NCCIC knows that scammers will soon be setting up fake websites and sending spam emails with links to dangerous malware – if they haven’t already started doing so.

You should be suspicious of any fix announcement email you receive or see on social media. Instead, to find out if a patch is available for your PC or phone, go to the website of the company that made it and use the site’s search to find out if they have released a patch. That way, you’ll know that a link is legitimate and you won’t install malware on your computer.

Avoid malware

With both Spectre and Meltdown, for a PC to be compromised, malware has to be running on the computer. This means that now more than ever, you need to be very diligent about the links you click and the apps you install on your PCs. This is NOT the time to download and install a freeware solitaire game app from download.com. And actually, that’s always a risky thing to do, but especially now, while we’re waiting on permanent fixes for these two issues.

Create an admin login for app installs

But what can you do if other family members also use your computer and you worry that they might not use good judgment about links or downloads? One way is to create a second “admin” login for your PC, with that admin account being the only account allowed to install any software.

I completed this process last night, and the only drawback I found is that I now have to remember both an admin and an end-user login. The benefits, however, far outweigh the small outlay of my time and the slight annoyance of having to remember one additional password. I’ll now log in as an end user most of the time, and I’ll only use the admin login when I need to install or update software. Because the end-user account does not have the right to install any apps, my PC is protected from an errant click or a bad decision made by one of my nieces or nephews when they’re using my computer. If they try to download something, they will hit a brick wall. It really is a great way to protect your PC, and I wish I had known about it sooner.

So how do you set up separate admin and user accounts? Both Apple and Microsoft provide step-by-step instructions on their websites. If you are using an older version of Windows or Mac OS, you can search for that version on the Apple or Microsoft website. And if you’re intimidated about the idea of doing it yourself, ask a techie friend or one of your children/grandchildren who is tech-savvy to help you. Just make sure that you ask them to turn away while you enter your new admin password. After all, creating the account to keep your grandchildren from installing apps would be ineffective if they actually know what your admin password is!

Stay tuned to Alliant’s Money Mentor blog for further security and fraud prevention tips. 

Pam Leibfried is a marketing content specialist whose love of words led to a writing and editing career. After a brief stint teaching English, she transitioned to corporate communications and spent 20 years at The Nielsen Company before joining Alliant’s content development team. Early in her work life, Pam’s friend Matt explained the benefits of a 401(k) and her dad encouraged her to start a Roth IRA. Their good counsel prompted her to prioritize retirement savings, which just might enable her to retire early so she can read more and live out the slogan on her fave T-shirt:  “I have a retirement plan: I plan on quilting.”