Protecting yourself against a cyber attack
From blackouts to identity theft and beyond, the threat of cyber attacks is pertinent in our everyday life – and it only continues to grow.
Fortunately, there are steps you can take to protect yourself. Before you can take those steps, however, it’s important to understand what cyber attacks are and who they impact.
What is a cyber attack?
As defined by the National Institute of Standards and Technology, a cyber attack is an attack conducted “via cyberspace, targeting an enterprise’s use of cyberspace.” These are malicious in nature and serve to disrupt, disable, destroy, or control a network or infrastructure to destroy data or steal information. Other targets include IT assets, intellectual networks, and other sensitive information.
While there are many types of cyber threats and attacks, four are most prevalent:
- Malware: A malicious form of software designed to harm a computer system by stealing, encrypting, or deleting data, alter core functions, or track a user’s actions. These commonly take the form of worms, viruses, spyware, and Trojan horses.
- Ransomware: Hackers take control of and lock a victim’s computer or files for ransom. Most often, ransomware spreads via phishing emails or infected websites.
- Social engineering: These attacks happen when a user is tricked into giving a hacker sensitive information or access to software or data, often by pretending they need help.
- Phishing: A hacker creates a false identity to lure a victim into providing sensitive information, downloading malware, or visiting an infected site. This is the most common type of attack and happens via email, text, and social media.
The effects of these attacks are devastating and range from disrupting phone or computer networks to electrical blackouts or the failure of military equipment. In the event of such an occurrence, it’s important to have the proper preparedness equipment to stay safe.
Regardless of the form they take, a cyber attack always ends in the theft of valuable information and sensitive records. Moreover, the costs are significant: On average, a single cyber attack costs $1.7 million.
Who is targeted in cyber attacks?
Everyone is at risk of being targeted by cybercriminals.
Of the cyber attacks that Verizon investigated last year, 72% targeted large companies and 28% targeted small businesses. Over half (58%) had personal data stolen.
Individuals are targeted as well. In addition to computers, malware now infects personal devices including cell phones and tablets via apps, emails, and more. Studies show that 86% of Americans believe that they have experienced a phishing attack. That’s no surprise, given that just 27% believe that their personal network could be compromised.
Even the most protected agencies in the nation are susceptible to attack. In a 2018 study, the Department of Homeland Security found that 74% of federal agencies were at risk or high risk of attack. This opens the US to the possibility of national security breaches.
How common are cyber attacks?
In a word: Extremely.
In 2020, Verizon investigated close to 160,000 instances of cyber threats and attacks. Two in five involved hacking, and one-third of attackers used social engineering techniques.
Most often, these attacks were financially motivated (86%) and over half were conducted by organized criminal groups (55%).
Cybersecurity risk management
The threat of cyber attacks has never been more prevalent than it is today. According to McAfee, losses from these attacks totaled over $1 trillion worldwide last year.
This is, in part, due to the Covid-19 pandemic. During the pandemic, the FBI saw a 300% increase in cybersecurity complaints, most often phishing emails related to charity, vaccinations, and cures.
In addition, there was a 50% increase in cloud computing use due to remote work last year and the industry is expected to continue to grow another 17% by the end of 2021. Vulnerabilities in cloud computing are the most damaging, and this increase in use creates endless possibilities for cybercriminals.
It’s expected that a new attack will occur every 11 seconds in 2021, but the chance of catching and prosecuting a criminal is less than 1%. This means it’s more important than ever to secure yourself against the threat of cyber attack.
Not sure where to start? We’ve put together a cyber security risk mitigation checklist to get you started.
Cybersecurity for business
The benefits of cybersecurity in business are endless, including that data and networks are all protected.
Protect your processes and data
A good IT department is one that routinely monitors, reviews, and updates organizational processes and reports any disturbances. It also regularly backs up data and stores it in a secure space outside of the company network.
Firewalls should be in place to not only stop hackers but also stop employees from viewing potentially compromised websites. They should be installed on every company device, including cell phones, computers, and tablets.
To protect sensitive information and critical data, be sure that all data is shared on a strict need-to-know basis. Furthermore, it should be encrypted (business and customer data alike). In the event of a hack, the data will be unreadable and, therefore, useless.
Finally, securing wireless access points and networks will help to nip the threat in the bud. There are several steps you can take to do so, including:
- Make sure the router is set to WiFi Protected Access 2 (WPA-2) with Advanced Encryption Standard (AES) for encryption.
- Your wireless access point should not broadcast its service set identifier (SSID).
- Avoid using Wired-Equivalent Privacy (WEP).
- Make sure any wireless internet access intended for customers is separate from your business network.
If you still don’t feel fully comfortable, consider investing in data center security, which uses virtual components to protect data.
Update your software
Instead of ignoring the prompts for a system or software update, do so promptly. Not only do these updates improve performance, they often include new or enhanced security features that benefit the user.
One important feature that many updates include is the software patch. These act as a “band-aid” of sorts that cover critical security holes that allow hackers to exploit a software vulnerability and infect the computer.
Educate all employees
As businesses continue to pivot to permanently remote workplaces, it’s more important than ever that your employees are aware of cybersecurity threats. Without their help, your business can’t properly protect finances, assets, or data.
There are a few things your employees should know:
- The common marks of a phishing email (e.g. grammar or spelling mistakes, unfamiliar email addresses, no domain emails).
- How to treat and protect business information.
- Who to contact if cybersecurity is compromised.
To help employees protect your organization, provide them with a protected and locked software system while they work remotely to restrict the installation of malicious software.
Should an employee leave your organization, you should take further steps to protect your assets. This includes deleting passwords and accounts across all devices.
Cyber security for individuals
Cyber security is just as important for individuals as it is for businesses. Mistakes such as responding to phishing have devastating consequences, including identity theft, compromised bank accounts, credit card fraud, and more.
Luckily, there are steps you can take to protect yourself.
Use strong passwords
There’s a reason you’re asked to use a combination of letters, numbers, and special characters when creating a new password – the stronger the password, the harder it is for a cybercriminal to hack an account.
With over 613 million passwords stolen, creating a strong, unique password is crucial. Here are a few things to remember when creating one:
The longer, the better. The ideal password is eight characters or longer and uses capital and lowercase letters, numbers, and characters such as !, *, $, and &. Don’t include common words, phrases, or anything related to personal information such as the name of a pet or parent.
Use two-factor authentication for every account. This type of safeguard requires you to provide a second piece of information to verify that you and you alone are accessing the account. However, don’t use a text message or phone call authentication, as these can be easily intercepted.
Don’t reuse passwords. Every account you have should have its own unique password. The best way to remember each password is to download a password keeper app such as LastPass or write them down and store them in a secure location.
Pay attention to data breaches
When a business is hacked and data is compromised, they often send alerts with all necessary information, including what the hackers accessed. When this happens, you need to immediately change your password at the very least and, if payment information was accessed, contact your bank.
Stay ahead of the curve and check periodically for any compromised accounts by using a program like Password Checkup or Have I Been Pwned, which allows you to see which emails and passwords are compromised.
Protect your personal data
By using a virtual private network (VPN), you can help to protect any data you send or receive online, including passwords and bank information. For extra protection, use a VPN on both public and private networks.
Even better, consider investing in a full-service internet security suite. These act as real-time protection against malware (both existing and emerging), including ransomware and viruses. These range in price, but most are between $20 and $100 per year.
Know who to call in the event of a cybercrime
Should you be a victim of cybercrime, there are important steps you should take, even in minor cases.
First and foremost, contact the authorities. This includes the local police and, in more severe situations, the FBI and Federal Trade Commission (FTC). By alerting them to the crime, you may further their investigations and may help them stop criminals in the future.
If you believe your identity has been stolen, you should do the following:
- Contact the companies and/or banks where the theft occurred
- Put the correct fraud alerts in place and check your credit report for any damage
- Report the theft to the FTC
When it comes to cybersecurity, being proactive is the best way to protect yourself. While most of these tips may seem like common sense, they play a crucial role in fighting cyber crime.