Our world has become a connected web of electronic devices. Nearly everyone has a phone, an email account, computers, credit cards, medical records and so on. Everything is connected. In fact, the only way you can escape this massive interconnected world of ours would be to bury all of your electronics into the ground and seal it with cement. Not practical, I know. Now comes the scary part. All of your digital information is vulnerable. Let me say that again. Every bit of digitized information that you possess is vulnerable to attackers we so fondly refer to as hackers.
Thankfully, there are ways to protect yourself against the big bad hackers waiting to steal your information.You must have the proper security precautions in place. Cyber security is the practice of protecting your digital identity by detecting, preventing, and responding to attacks. Try to visualize ‘cyber security’ as a bouncer at a club. He stops the riffraff at the door and makes everyone within the club feel safe and secure with his presence.
One of the best ways to protect yourself from cyber threats is to arm yourself with knowledge. Hackers like to go after individuals who are blissfully unaware of the many cyber threats on the internet. Take email attacks for example. Known as phishing, email predators email unsuspecting users links to non-legitimate websites that steal your information. These sites are made to look like they are legitimate businesses to the unsuspecting user. User beware, if you click on a suspicious link you may end up downloading malicious software such as a keylogger (a program that records your keystrokes and reports to the bogeyman on the other end). If you’re unlucky enough to download a keylogger your passwords, credit card information, and anything else you end up typing on your keyboard may be compromised.
Always be mindful of the most common kinds of threats that lurk in the digital world:
- Attackers using your computer as a launching pad to initiate attacks against foreign targets.
- Attackers attempting to disseminate information from you such as a social security number or other compromising personal information to steal your identity.
- Attackers attempting to steal your credit card information and making unauthorized purchases.
The threats are endless. You should make it your responsibility to arm yourself with the proper knowledge to combat these threats to the best of your ability. Now, keep in mind that if a hacker is determined enough, no amount of preparation will stop them from obtaining your information. However, you can still prepare yourself as best you can.
Protect Yourself Against Cyber Threats
It’s not enough to just know how to protect yourself against cyber threats. You always have to be aware and take actionable steps to protecting yourself and your information.
Set up a strong password
It's vitally important that you have a strong password in place for all of your accounts. Once a hacker has obtained your username, believe it or not, the first thing they may attempt to do is guess your password. Too many people find password management to be tedious and tend to get lazy, so they use the default passwords that come with an account or use other easy to guess passwords such as "12345" or a birthdate. Always avoid passwords comprised of birthdays, dictionary words, pet and family names, addresses and other personal information. The problem with these kinds of passwords is that they're not only incredibly simple, but they're also very common. Common enough for an attacker to take an educated guess and gain access to your account(s). The best way to keep your password relatively safe is to use a combination of numbers, spaces, special characters, upper and lower cases and make it at least 8 to 12 characters long.
Take care when connecting to unsecured Wi-Fi
An unsecured WiFi network is a network that isn't password protected. You’ll most likely run into unsecured networks at businesses like Starbucks or McDonalds. Hackers have become very good at intercepting messages on these unprotected networks and stealing information. Here’s a bit of a ninja tip: if you’re ever sitting at a coffee shop and you notice two WiFi signals with the same exact SSID (name) that’s a huge red flag. One of those networks might have been generated by a hacker with a wireless hotspot on their phone. Now, when you connect to the fake network, you’re on their network. I don’t think I have to tell you that’s not a good thing. You’re practically handing over all of your personal information on a silver platter.
Utilize anti-virus/anti-malware software
Viruses are a major threat that hackers use to mine your personal information. Keep your eyes out for these keywords when avoiding viruses:
- Malware - software that is intended to damage or disable computers and computer systems.
- Ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid.
- Spyware - software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
- Trojans - any malicious computer program which is used to hack into a computer by misleading users of its true intent.
Malicious software can be utilized by hackers to steal your personal information which in turn can be either used by the hacker themselves or sold online. One of the most common ways that hackers infiltrate an unguarded computer is through links or attachments sent through an email that may seem innocuous.
Knowledge is still the key to protecting yourself online. You want to be aware of the kinds of attacks out there.
Man in the middle attack (MITM) – imagine that you’re chatting with someone on Facebook. “Hello” you type. “Hi!” responds your friend. Unfortunately, that response very well could have been a person who has conveniently placed themselves in the middle of your conversation. A man in the middle (MITM) initiates by gaining access through a non-encrypted access point (essentially a network that doesn’t have security in place such as WPA and WPA2). The attacker can steal the session and claim to be your friend while simultaneously posing as you to your friend. At this point, the man in the middle will dictate the conversation and will typically attempt to derive your personal information, ask for money or any other sensitive data that you wouldn’t have a problem telling a close friend or family member.
Denial of Service (DoS) Attack - the purpose of a DoS attack is to interrupt the services to a network by bombarding it with a high volume of traffic or data. Every network has a limit. Eventually, if it takes on too much data and/or traffic at once, it can overload and crash. The most common form of DoS attacks are Distributed Denial of Service (DDoS) attacks. This involves using a network of infected computers or other devices (called botnets), such as printers, routers, and even security cameras to bombard a network with requests until the server becomes so overloaded that it crashes. Some of the largest DDoS attacks have used literally millions of compromised devices to bombard a single target. You can read more here about an attack launched in October 2016 using hacked IP cameras and digital video recorders.
You can have the most secure system in the world, but the one thing that you can’t eliminate is the human element. Social Engineers specialize in ‘hacking people’ so to speak. They use a variety of techniques to glean your personal information through the use of psychology. Would you trust someone who called and claimed that they were your electric company? Would you trust the man in the Edison uniform doing electrical work in your home? Would you trust an email from someone who claims to know your mother? These are all social engineering techniques. To cover all of the social engineering attacks can be an entire article in itself, so we’ll just touch on just a few:
Pretexting - using a fabricated scenario that requires an individual to give up certain pieces of information such as a social security number to confirm their identity.
Quid Pro Quo - a promise of benefit in exchange for a favor or information (such as exchanging a candy bar for a password…yes, that’s a real-life example).
Baiting - the promise of a good in exchange for your information (such as offering a free MP3 download in exchange for login credentials to a particular website).
Lastly let’s touch upon one of the most common cyber-crimes out there: identity theft. First off, you need to understand what identity theft is. Identity theft occurs when someone accesses your personal information, such as your social security number (SSN), and commits crimes while using your identity. To stay safe, try a few of these best practices:
- Never share overly sensitive information on social media
- You won’t believe some of the information some people are willing to post about themselves online. Never post personal information such as passwords, social security numbers, birth place, birth date, phone numbers, or any other identifying personal information.
- Beware of dumpster divers
- Take care when you’re throwing away old financial documents. Dumpster divers, or people who dig in the trash of a target to find personal information, are a very real threat. If you have any old bank statements, bills, or other documents with sensitive information, it’s highly recommended that you shred them before disposing of them.
- Monitor your bank and credit statements regularly
- Stay vigilant and check your accounts to make sure that your accounts remain in good standing. If you start noticing fraudulent charges popping up, there’s a good chance that someone has stolen your information. Many people have had their lives literally flipped upside down because of identity thieves ruining their credit.
If you're a participant in this digital world of ours, cyber security should be at the forefront of your mind at all times. Always stay vigilant and never give away sensitive information unless you can verify that the source is legitimate.