Even if you do use multi-factor authentication (MFA) security codes, the process of sending these codes by text or email can open you up to hacking if you don’t routinely update your computer’s software. When you go to an outside source for a code, you can open yourself up for hackers to take advantage of certain vulnerabilities if any backdoors are left open.
When it comes to online security, the more you know, the better protected you will be. When coupled with safe online behaviors, these measures add an extra layer of security.
Types of Cybersecurity Threats
Phishing for your data
Phishing is a means for hackers to trick you into sharing your private information through an email plea or webpage offer. It can occur in the form of legitimate-looking emails and web pages. The successful “hook” uses a bit of social engineering in the form of content designed to lure you into taking some sort of action. Cybercriminals often send emails with heartfelt requests, exciting clickbait notices, shocking headlines, or legitimate-looking offers. If you click, you may be sent to web pages that install malicious software on your computer. To spot emails, look at the “from” address and be wary of urgent requests for money and bank transfers.
Spear phishing can look like it came directly from someone you know or even a respected company that asks for confidential information or sends you to malicious sites. Because spear phishing is so cleverly customized, traditional anti-virus protection does not help thwart these types of attacks. Email security programs help ward off attacks, but education and awareness are the best line of defense for cybersecurity.
To protect yourself from phishing and spear phishing:
- Question the legitimacy of every email to help you avoid unwittingly giving up private information. For instance, emails that look like they come from your bank or credit card company that ask for personal information or send you to sites requesting personal information can be verified by calling the number on your statement or the back of your bank card
- If you receive an urgent email from a friend or co-worker that asks for money or a bank transfer or an email that seems out of place, call them to verify if they sent it
- For charitable donations, you can make those directly on the company’s website, instead of through an email request
Pharming not farming
This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, social security numbers, and account numbers. This can occur when you inadvertently click a link that installs a virus on your computer that changes the addresses of sites you wish to visit.
To protect yourself from pharming:
- Install anti-virus and anti-malware software and keep it updated
- Use smart computer practices such as not clicking on websites or emails that look suspicious
- Watch for addresses in the address bar that don’t look right
- Be wary of sites that ask for personal information that normally don’t
- Get in the practice of looking for a lock on the address bar that indicates the website has special security encryption before you share information on the page
- Click on the security lock in the address bar to make sure the website has an up-to-date, trusted certificate
Spam a lot
Reducing the amount of spam and junk emails that you receive will help you sort through emails faster. To help keep you from creating more spam, never respond to it. Think twice before unsubscribing or replying to messages. Asking to be removed shows spammers your email is active and will likely result in you receiving more spam. If the email is from someone you do not know, or a company you have not done business with, clicking any links in the email might download a virus or code that opens a backdoor to your computer.
Ever get a strange email or private message from a friend suggesting you take a look at a link or picture that is completely out of character for them? This is the result of a botnet. Botnets are large, zombie networks hackers create by linking together thousands or even millions of affected computers to stage a spam attack or Distributed Denial of Service (DDoS) attack. A DDoS is simply a fancy way of saying that spammers overload a website with requests to the point that it malfunctions.
To protect yourself from pharming, spam, and botnets:
- Keep your anti-virus and anti-malware software up to date and do not click on anything that seems suspect
- Have at least two email accounts for private and personal email use. Use one for personal emails only, and one for public use like signing up for new accounts, mail lists, and public forums
Ransomware is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails that are “booby-trapped” with attachments they open, or click malicious links while browsing websites. The three types of ransomware are scareware, screen locks, and encrypting ransomware.
- Scareware– usually takes the form of pop-ups that claim your computer is infected and you must purchase their software to remove it. Your files are usually safe, but whether you back out of the screen or pay, you’ll likely continue getting annoying pop-ups.
- Lock-screen ransomware– will lock you out of your computer, often with an official-looking seal that says illegal activity has been detected and you must pay a fine.
- Encrypted ransomware– means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. There is no guarantee the files will be returned to you, even if you decide to pay.
To protect yourself from ransomware:
- Keep your computer system, software and browsers updated. The WannaCry attack in 2017 was successful because it exploited many users who did not apply the Microsoft updates to their computer
- Never pay a ransom to get your data back. With professional help, you may be able to use other alternatives to get some of it, but you may never get it all
- Routinely create secure backups to external drives that remain unplugged when not in use so they do not become infected. You can also backup to cloud storage that includes highly-encrypted, multi-factor authentication
- Use multi-factor authentication whenever possible, including any cloud storage you may use
What should you do if you become a victim of cybercrime?
- Be cautious about what you visit, read or receive. The internet is untrustworthy, and we must test and validate everything we do while online
- If you become a victim of ransomware, visit a trusted local IT company that can reload your computer from scratch and pull your data from backups
- The FBI keeps a database of cybersecurity crimes and would like you to report if you become a victim of cybercrime to their Internet Crime Complaint Center at ic3.gov
- Finally, if you receive an email or text message that threatens your life, call 1-800-CALLFBI immediately so that the FBI can deal with that real-time
Best Practices to avoid cybercrime
Some people believe that if they don’t do much online, a hacker or spoofer isn’t going to be interested in their data. That is simply not true. Below are some important ways to protect yourself from becoming a victim of cybercrime:
Stop Recycling Passwords
It’s surprising how many people still haven’t given their passwords a bit of well-deserved attention. Many people we talk to often find it difficult to remember them and are drawn to the ease of using the same password and login credentials for all their online activity. But once a hacker discovers your password, you have made it easy to access all of your accounts.
Use a Password App
With password apps, you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access your app and all of your passwords. The app reminds you if you need to save or update a password, it saves the website link and allows you to log into a website from the app, and it lets you know if your password has been found on the dark web. Login credentials even sync from one device to the next, so if you sign up for a new site on your mobile phone, it will sync to your desktop and tablet as well.
Adding your long-lost passwords is easy. If you store passwords on a spreadsheet, most password managers let you upload them. They also allow you to import passwords saved to all the popular browsers, like Google.
Emails are not protected. They are sent out among general internet traffic. By rewording a previously sent email, it can look legitimate to the receiver. Cybercriminals have been known to get into computers and swipe copies of previous emails, posing as someone you know.
If you receive an email that seems off, it probably is. The IRS, Social Security Administration, financial institutions, and credit card companies will not ask you for your login or personal details in an email. If you receive an email requesting money, fines, fees, or personal information that looks like it’s from someone you know or a company you do business with, call and verify before you send money or share any details.
Make certain you turn on MFA or multi-factor authentication security wherever possible. There are several options that companies may use to further establish your identity beyond your ID and password. They can be set up through:
- Something you know – like a pin or security questions
- Something you have – like your mobile phone that receives a one-time passcode, smart chip, or hard token
- Something you are – using biometrics like a fingerprint, retina scanner, face scanner, voice recognition, or behavior analysis
Probably one of the best-known apps is Google Authenticator. With this app, the first time you use it on a device, you can “remember” that device, so you don’t have to authenticate your computer, tablet, or mobile device every time you wish to log on.
Google Authenticator also allows you to use the app to access passcodes for other participating websites as well. It keeps the codes in one place and even works when offline. Depending upon the other programs you wish to use with it, you may need to download a barcode or QR Code. Also note that if you buy a new device, you will have to set it up again and “remember” the new device.
Many people wonder if cloud-based services can be trusted? While there have been data breaches with cloud-based services, when it comes to finding the best cloud-based storage, you get what you pay for. Be cautious with free versions of software. The security built into free versions is not as robust as in paid versions.
Offline data storage
When people lose data to cyber criminals it’s usually the pictures and videos that are missed the most. Buy a USB drive and store all your photos, videos, income tax returns, and important documents on it. Then keep the drive removed from the computer until you need it.
Backup your computers and keep them updated
You should routinely backup your computer to the cloud or to an external drive that you keep unplugged the rest of the time. This will enable you to gain access to your data, even if you are the victim of ransomware. You should also keep your computer and browser updated. These updates offer the latest cybersecurity updates and fix flaws in previous versions.
The Cybersecurity Future is Already Here
Biometrics are already here. Both iPhone and Samsung brought fingerprint, iris scan, and face recognition technology to the forefront, and it has even been integrated into a variety of apps.
There is also work being done with artificial intelligence (AI) and behavioral biometrics. These systems can measure the rate at which you input data using your keyboard, eye-hand coordination, and even the pressure with which you type or tap. While criminals continue to keep up with the technology, the best thing you can do to mitigate damage is to have a data breach game plan in place.
We are always happy to answer any questions you may have when it comes to preventing online threats. You can reach us at one of our convenient offices listed on the Contact Us page.
Look for additional articles on this topic.