Have you been Keylogged?
Jan invested in a new computer. Excited with her new computer, she took it to a professional conference. Several months later, and much to her disbelief, someone has been accessing her computer records, without her knowledge. Jan has been Keylogged.
How could this be possible? Jan has never shared her login credentials with anyone.
This scenario is not only possible but occurs more frequently than most people are aware of. Jan may have unknowingly shared her login credentials at a conference when she used the hotel’s computer to access her PMS system.
What is Keylogger?
A software-based Keylogger records the activities of the computer it is installed on, including each keystroke, all in real-time. It records what was typed, when it was typed, what program it was typed in, including email and messaging programs. The more sophisticated Keyloggers may also copy and transmit screenshots to a remote computer or web server, or allow remote access to data stored locally. Some programs work in a hidden mode making itself invisible to the average user (hardware-based Keylogger are not discussed here).
Keyloggers are used in many applications, some good and others not good. A few examples include:
• Parents install and use Keyloggers to monitor their children’s use of computers and the internet.
• IT organizations use Keyloggers for technical support.
• Research organizations use Keyloggers in research studies.
• Companies use Keyloggers to monitor their employees.
• People use Keyloggers to monitor the activities of loved ones, close associates, persons of interest, etc.
• Malicious individuals use Keyloggers to steal information – credit cards, bank accounts and passwords, etc.
It is not surprising that security experts consider Keylogging as one of the most dangerous computer threats. It allows cybercriminals to capture and receive private and confidential information without the knowledge of the user for weeks, months or even years.
How can you be Keylogged?
If you use a public, semi-public or another person’s computer that has a Keylogger program installed. Keyloggers work the same for remote desktop or log-in programs. Experts believe public and semi-public computers account for the lion share of Keylogging.
Someone with access to your computer could install a Keylogger on your computer, in an effort to track you.
Keyloggers are sometimes bundled with malware (virus), which installs itself on your computer after you have clicked on it, for instance.
What proactive steps can you take?
• Change your password frequently.
• Do not use public, semi-public or another person’s computer to log into your programs.
• Password protect your computer. Avoid sharing your computer with others.
• Avoid logging in as an Administrator for everyday usage. Set up a user account to do so.
• Install and maintain an updated Anti-Keylogger on your computer. Implement and maintain a good computer security policy.
• Be wary of any software (including PMS and Remote Desktop software) that allows you to log in from any computer. Logging in from any computer is a disaster waiting to happen. A proactive approach is to block access from any unregistered computers.
Checking your computer for a Keylogger
The best way to check your computer for a Keylogger is to download and run an anti-Keylogger program, much like your antivirus program. You can also do a quick check without installing a program.
• Press Ctrl+Alt+Delete on your keyboard
• Click the Task Manager
• Click on Processes
• Scroll all the way down to exe. If you see two instances of winlogon.exe, you have been Keylogged. Don’t delete any of these files until you are absolutely sure which of the two the Keylogger program is.
Why is PHI security important in Healthcare?
In the context of a Health Care Facility (HCF) or a Health Custodian, such infringement could be tantamount to a breach of Personal Health Information (PHI). Even worse, you could potentially wake up one day and find your clients’ information posted on social media. A breach of this magnitude could destroy your credibility as a business or therapist.
I note that the above examples are extreme cases. Nonetheless, I am guided by the approach advocated by the Privacy Commissioner of Ontario, who promotes “Privacy by Design”, a proactive approach to PHI protection. “A few preventative steps can save a lifetime of headaches.”