October is National Cybersecurity Awareness Month
Cybersecurity refers to the protection of internet-connected systems such as hardware, software, and data from cyberthreats. The practice of cybersecurity is used by individuals and businesses alike to protect against unauthorized access to data centers and other computerized systems. With so much of our business and personal lives online and in “the Cloud,” the importance of cybersecurity is at an all-time high and the benefits of vigilant attention to cybersecurity issues are far reaching.
Major Cybersecurity Threats to be Aware of in 2022
Malware. Malware is software specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Some of the more common types of malware attacks include adware, viruses, worms, trojans, bots, and spyware.
Ransomware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Businesses and larger corporations are especially vulnerable to this type of attack.
Social Engineering. Social engineering is an umbrella term for a variety of tactics that use manipulation to trick users into making security mistakes or giving away sensitive information. An example of a social engineered attack could be an email from a trusted source (via a spoofed email address) presenting a link to click or media to download which then installs malicious software on your device.
Phishing, Smishing, and Vishing are types of social engineering attacks. Phishing is a scam where a user is duped into revealing personal or confidential information, most frequently via email or text message (also known as “smishing”). “Vishing” is the practice of making phone calls or leaving voicemails with the intent to induce a victim into giving up otherwise confidential information.
Accidental Sharing. This type of cyberattack occurs when personal or business data is shared or leaked inadvertently, usually due to human error.
Cryptojacking. Cryptojacking is a type of cybercrime that involves cybercriminals gaining unauthorized use of a device (computer, smartphone, etc.) to mine for cryptocurrency. The motive is profit, as usual, but the treat is intended to be hidden from the victim.
IoT Attacks. IoT Attacks refer to the “Internet of Things” – or, simply put, all of our interconnected “smart” devices, like phones, TVs, thermostats and even refrigerators and toothbrushes can now be connected to the internet and thus vulnerable. In order for these devices to function the way they are intended, users must often create accounts filled with sensitive information. As connectivity spreads, it creates more entry points for thieves to the networks as a whole. Not only is our information more vulnerable, but the ability to surveil our daily lives also becomes a concern.
Connected Cars and Semi-Autonomous Vehicles. With more and more modern vehicles on the road, comes increased software aiming to create connectivity for drivers – cruise control, engine timing, door locking, airbags, and advanced systems for driver assistance, all computer controlled. The Bluetooth and Wi-Fi enabled systems that make these features possible also open them up to vulnerabilities and threats from hackers. Hackers gaining control of a vehicle or using microphones for eavesdropping are growing cybersecurity concerns.
Tips to Keep Your Data Safe and What to Do if it is Compromised
Here are a few tips you, as an individual, can implement immediately to improve the security of your online data:
Stay in the know. Keep up to date on major security breaches that may affect you as well as stay current on cybercrime tactics that are trending. Ensure that your software updates are installed timely, that you have reliable antivirus protection on your devices, and that your home internet connection is private and secure.
Get rid of reused passwords. Do. Not. Reuse. Passwords. A lot of us, in the moment and even if we know better, go to that tried and true “unforgettable” password that’s been used repeatedly across different platforms and accounts. When data is breached, passwords are often compromised – a huge issue for those who use the same password time and time again.
Protect yourself and use a password manager with a complex and unique password to access (even better, passphrases that are easy to remember, such as “I_l0ve_h0rses_s0_much!”) and then have it create random, long-character (at least 14) passwords for each login. The time it takes to accomplish this could be well worth the effort in the event of a data breach.
Apply two-factor authentication (2FA). Yes, it’s an extra step, but it really isn’t optional anymore. Applying 2FA, available on most online accounts and services, requires an additional login credential beyond just your password. This is often a text message or other notification to a separate device. Enabling the option provides a greater layer of security and the benefit of being alerted right away if one of your accounts is being accessed without your knowledge.
Slow down; learn to recognize and avoid phishing attempts. Our lives tend to be hectic. We move quickly throughout our days, jumping from one task to another, switching gears often. Make and effort to slow down and pay attention, especially when answering work and personal emails. It’s easy to fall victim to a phishing scam – many of them look legitimate. If it feels even slightly suspicious, always err on the side of caution, and contact the purported sender via a different method (e.g., calling the bank customer’s service department directly).
Beware of free Wi-Fi. Do. Not. Use. Free Wi-Fi (without using a VPN). Free Wi-Fi is convenient, but anyone with a little bit of technical knowledge and malicious intent can use various methods to access your device if you use public Wi-Fi. Either use a mobile hotspot (which is your private connection) or use a Virtual Private Network (VPN) which is a software private connection to the public network.
Be careful what you share on social media. We all know social media is a great way to keep up with friends and family. However, this window of insight into our lives can be used against us by cybercriminals who can gather enough information to steal our identities or hack into our accounts. Set your privacy controls so only those you know can see your information and keep the sharing of personal details to a minimum.
I’ve been hacked! Now what? If you are the victim of cybercrime, the most important thing you can do is act quickly. The following is a list of actions you may be able to take to mitigate the damage:
- Immediately change the passwords for each and every account you can access and enable two-factor authentication where applicable.
- Create fraud alerts on your credit reports.
- Close any accounts that were created or abused in the process.
- If financial information has been compromised, alert your financial institutions.
- Update your security software, run a scan and delete any malware.
- If your social media accounts have been compromised, alert your friends and family.
- If you believe you’ve also become the victim of identity theft you will also want to file a police report and a complaint with the Federal Trade Commission.
- Contact a Cybersecurity/Data Privacy attorney that can assist with getting things back on track.
Businesses are particularly vulnerable to the threat of cyberattacks, especially small businesses, healthcare related businesses, governmental agencies, financial institutions, and the education sector. Small businesses should take their cybersecurity as seriously as a governmental agency. The following five tips are just the basics, and a great start to keep your business safe from cybercriminals:
Train your employees. All the security practices in the world can’t protect your business from untrained employees. Make sure your employees are educated on the various forms of cyberattacks and the ways in which they may be targeted. Your business should have basic and well-established security practices and policies including requirements for strong passwords, and appropriate internet usage guidelines. Ensure all employees understand how to protect your client or customer data.
Protect your computers. Take steps to ensure you have the latest security software installed on all computers, the most up-to-date web browsers are in use and your operating systems have defenses against viruses, malware, and other threats. Schedule antivirus software scans regularly and take care not to ignore updates.
Backup your data. Make sure critical data is backed up from all computers. This includes word documents, spreadsheets, databases, financial documents and information, human resources related information, and accounts payable/receivable related documents. This process should be automatic, if at all possible to avoid human error. Ensure the backup data is stored offsite or on the cloud.
Control and limit access. Physical access to computers, and specifically laptops, should be controlled by user accounts for each employee requiring strong passwords and separate logins. Employees should only have access to the data and information necessary to perform the duties of their jobs.
If your business is the victim of a data breach the most important thing is to remain calm and respond quickly, ideally with the help and guidance of an experienced Cybersecurity/Data Privacy attorney. The best time to have that assistance is before there is an incident to ensure you are protected as much as possible (crafting a “Data Breach Avoidance Plan”) and, after there is an incident, addressing same in the best manner possible (using an “Incident Response Plan”).
Failing to address a breach properly can not only cost you customers and lost profits, but it can also subject you to Governmental action, including huge fines.
Post a Comment
You must be logged in to post a comment.