In 2019, a business will fall victim to a ransomware attack every 14 seconds. “It’s no longer enough to be on the lookout for something in your inbox that appears suspicious,” said FBI Cyber Division Assistant Director Matt Gorham. “As criminals have grown savvier and their efforts more targeted, individuals and organizations need to scrutinize messages and requests that appear legitimate.”
The most common and often most damaging cyber-crimes begin with a person clicking a link in an email that appears to be from a friend or colleague. The unsuspecting victim follows the instructions, or clicks on a link, in a message that looks like it came from a someone they know and trust.
“These routine actions can be what exposes a computer or an entire network to a ransomware attack, data breach, or another crime,” said Gorham. “As we mark National Cybersecurity Awareness Month, our hope is to focus attention on the efforts required to safeguard individual computers and accounts and secure and protect critical data and infrastructure.”
How do you stay safe online when facing off against such savvy criminals?
Here are some personal cyber-safety tips as identified by the FBI.
Own IT
Connected devices are everywhere – in our home, at school and at work, in our purse or pocket. Continuous connection is handy – especially when you need to know that archaic song or TV reference, or who played “that guy” in “that movie.” Connection also allows for vast opportunities for innovation and convenience and modernization. But there’s also the downside.
Continuous connection also means continuous potential for cybersecurity attacks and can leave your most sensitive data vulnerable. Know all your connected devices and apps, not just the obvious ones like your phone and computer. Anything connected is susceptible from smart thermostats and fish tanks to smart TVs and home security systems. Yes – even smart security systems are hackable. This was proven when an anonymous white hat hacker from Canada spoke to a man in Phoenix through his security system, warning him that his personal information was exposed. Know, and understand what connected devices you have and whether they are secure or not. (Often, Internet of Things (IoT) devices are not as secure as they should be.
Secure IT
Cybercriminals are excellent at obtaining personal data from their victims – it’s what they do. You may not even be aware that you’ve been hacked. Sometimes, criminals will lie dormant in a system, waiting for the right time to strike or for when a strike would produce the biggest payoff. The Marriott breach was an example of a sleeper attack.
To add to this, as technology evolves for us, it also evolves for cybercriminal, making their attack methods more sophisticated. It’s vital that you protect yourself and your devices against cyber threats by understanding the security features available on the equipment and software you use (and, if it doesn’t have built-in security, educate yourself and install an appropriate security measure). Baseline security measures are often not enough, so applying additional layers of cybersecurity to your devices is recommended (an example would be multi-factor authentication).
Protect IT
Your digital footprint can be exploited. That means every click, post and share leaves a digital imprint that can be exploited by threat actors. Make smart choices when you post, share and click. Evaluate your privacy settings – the more privacy you maintain, the less cyber criminals can see. This includes privacy of pictures, not just data privacy. Of course, you already know never to post your number, address, mother’s maiden name, SIN #, or similar information for all to see. If you’re vacationing, don’t post your pictures, where you’re staying, flight numbers or dates you’re gone. Rule of thumb – don’t give personal details away.
Here’s a true story to demonstrate.
Just this week, several people’s profiles were mimicked on a certain social media sharing site. The threat actor gained access to different people’s instant messenger (IM). They sent, what seemed like innocent messages based on images from the profiles. One friend had a picture of a book she was reading. The message that got sent to her contacts (including me) said “Hey, I’m reading this terrific book (even giving the title and author), I think you’d really love it.” When friends responded, it opened up their contacts and also tried to lure them into a financial scheme. I was skeptical, so I didn’t respond. Not that I don’t like book recommendations, but because this friend and I hadn’t spoken in a really long time and I found it odd she didn’t start with more of a greeting – like a hi, how are you, been a while- sort of thing. Or maybe working for a cybersecurity company has just made me skeptical of every message I receive. I didn’t respond, but some others did. Ask yourself, would you have responded – be truthful.
A year ago, I probably would have. Now, it made my cyber senses tingle.
Be skeptical of ALL messages.
This wasn’t the only person this happened to this past week either, there was a slew. And, the victims weren’t all connected through the platform. Luckily, this wasn’t a form of terrible malware or ransomware (at least that we know of). This scenario was a good teaching moment for those involved about how easy it is to get tricked and how a cybercriminal can use something as simple as an image of a book to lure in friends and acquaintances and infiltrate their networks.
These sorts of incidents are quite commonplace.
A recent survey revealed that 22 percent of internet users said that their online accounts have been hacked at least once, while 14 percent reported they were hacked more than once. And we can all think back on the Facebook breach of 2018 where almost 50 million user records were compromised.
So, here’s ten steps to help stay cyber safe.
1) Be skeptical and don’t click on any messages or links if your cyber sense is tingling.
2) Flag any scam posts or messages you encounter to the host website.
3) Use unique, complicated passwords for all your accounts.
4) If you can use multi-factor authentication, use it.
5) Choose the maximum privacy setting available.
6) Avoid posting any personal details that might allow a hacker to guess your security questions or access any of your accounts (or home).
7) Avoid logging on to your social accounts using public Wi-Fi.
8) Always use security software that protects you from the latest threats.
9) Stay current on the cyber threats that are active right now – anything new and scary.
10) Use common sense – whether you know the person contacting you or not look for signs of abnormality.
Following these ten steps can’t guarantee your cyber safety, but they will increase your odds.