It’s a Tough World Out There!
Lately, I have been hearing more and more stories of hacking and its effects. This week I had a friend relay to me a traumatic experience she had with a popular meeting platform and being subjected to graphic images of child pornography during a webinar. It is unfortunate that people seem hell bent on disrupting other peoples lives. And the effects can be very disturbing. I know my friend is having a tough time dealing with what she saw when the meeting was bombed by a sick individual.
As a society, we have to deal with the effects of hacking. It is big business. Billions of dollars are lost each year directly and indirectly to hacking schemes. The direct effect could be loss of your money. Business have had huge sums of money stolen from them using a variety of different approaches. Sometimes, they get it back. But, for the individual, often the attempt to get the money back is frustrating and fruitless.
I read a white paper several years back that stated it quite bluntly. The major risk to cyber terrorism is the ordinary person who has a computer at home. These days, they have become like another appliance in our homes. We have them, but we don’t really understand them.
Organizations spend a ton of money on personnel, software and equipment to protect themselves. Even then we see headlines about companies being hacked and information being stolen which often used for nefarious purposes. The smaller the organization, the worse it is because they don’t have the money to devote to protecting their information assets. And, don’t kid yourself! Information is an asset that needs to be protected.
Information has become the new currency in the digital society we live in. If you have it you can get a leg up on your competition. It helps organizations to be more effective in pursuing their primary purpose whether that is making money or spending it more effectively.
The big question you need to answer is “How much are you spending on defending your computer from external attacks?” Many people don’t take the threat seriously until it is too late. And, once the hackers have you, it is too late. All you can do is deal with the consequences.
How bad can it get?
I will give you another example of a friend who worked for a small company. They thought they were doing the right things to protect themselves, but one day they fell victim to a ransomware attack.
What is a ransomware attack? Well, it is an attack vector that has become popular in the last few years. Companies of various sizes have fallen victim. All it takes is a moment of carelessness by one person in your organization and the hackers have you.
Ransomware seeks to infect machines and encrypt the information on them. The computer typically locks up and displays a message telling you that you are a victim and attempts to extort payment from you to obtain a key for decrypting your machines. The cost can run into the thousands. And here is the kicker, just like a typical ransom, you pay it and there is no guarantee of your data being restored.
What happened to my friend? They basically reformatted everything, restored data from backups and attempted to address the weakness that let the hackers get in. It cost them time and money to recover from something that was potentially avoidable, but hard to achieve when you only have so many dollars to spend on IT. In the end result, they recovered their data and re-entered transactions to get up to date. They were lucky, it could have been far worse. They were a company with only a dozen or so employees. They only lost a week or so of productivity. But, imagine a company with 100’s of employees.
What Can I Do?
There are so many things you should do, that it becomes overwhelming. I will attempt to provide a list of the top actions you can take:
- Use better passwords
Simple passwords are like using skeleton keys for the front door of your house. We used to do that but when criminals got smarter and we needed to get smarter to keep them out. If you are not using passwords that at least 12 characters long with a combination of letters (upper and lower case), digits and special characters, then you are asking for someone to walk through your cyber door and take whatever they can find. - Use different passwords.
It would be great if we could rely on 1 key to access all the doors in our lives, but that is very risky. We sometimes do it at home, but you would not feel safe if everyone on the block had a door which opened with the same key. Same should be true of passwords you use on the Internet. For highly sensitive sites, like banks and credit cards, use different passwords that are as random as you can manage. If it gets overwhelming, then use a password manager to help you out. Less sensitive sites may not require as much diligence, but you should still make the passwords follow the guideline of no less than 12 characters with a mix of characters. - Implement Multi-Factor Authentication wherever possible.
What is that? Well, it is like having a key to open your door and then a second mechanism that proves you are who you say you are. For example, a lot of us have Microsoft Accounts because we installed Windows 10 and it recommended we use one. A Microsoft Account has the ability to turn on Two-Factor Authentication. That means that you will need your password and one other thing to actually log into any site where access is controlled by a Microsoft Account. Microsoft has an app for your phone called Authenticator that you can install and link up with your account. Every time you log in using your account and password, your phone will ding and a question will come up asking you to verify it is you logging on. To make it more secure there is a code provided that should match what you see on the screen. If not, then say no to the request. The worst thing that can happen is you have to sign on again. Many of the major sites provide this feature. Use it when it is available to protect yourself from hackers. - Install a Good Anti-Virus and Firewall program.
Your first line of defense is a good offense. There are lots of AV / Firewall vendors on the market. Find a reputable one and pay the renewal fees every year to keep protected. Check with your Internet provider. They may have a free option available for their customers to use. As long as you feel comfortable. Best is to find one that can protect all your devices: desktop and mobile. - Security Starts At Home!
Most of us have a need / desire to provide Internet for everyone in our home. That probably means you have a WiFi router installed on your premises. Make sure that you get help to set it up as securely as possible. This is a common attack vector where someone sits outside your house and gains access to your WiFi and then uses that access to plunder the devices on your network or worse to attack other people and when the authorities come knocking on your door to arrest you for hacking the planet, you can look totally surprised. Limit who uses your WiFi to people you know very well and trust completely. Don’t give out the passcode for your network unless you know the person using it. - Think before you click that link!
A lot of the attacks that hit people are a result of emails with links in them that take you somewhere to do something that will ultimately harm you. For example, I got an email that looked like Netflix was asking me to sign in and update my credit card information. However, when I examined the link they provided, it looked very hokey. The from address on the email was also off. If you get an email with a link in it, first of all be suspicious. Be very suspicious! Many large companies will not send you an email asking you to do something sensitive. Often these are attempts at phishing for information by hackers. It may be as simple as obtaining your email address and password. If you use the same password on multiple sites then you have just given the kids the key to the candy store. Hover your mouse over the link and then see what it says in the popup text. Even if it looks close, practice the motto of close only counts in horseshoes and hand grenades. Don’t get sucked in. - Beware of too good to be true offers.
If it looks too good to be true, it probably is. Crooks only need a small number of people to fall for their scheme to make it profitable. Often you buy in and then never receive the merchandise. And, you hope that is all that happens because they potentially have your credit card details. Be very careful with credit cards. Only use them on reputable vendor sites. Fly by nights are dangerous in real life and even more so on the Internet. You never know where that company sits. And, many countries in the world are safe havens for cyber criminals. Good luck getting any money back! Хорошего дня! (Have a nice day! in Russian)
These are a few key items that you can do to protect yourself. Will it guarantee that you never get hacked? Nope! But, it will make it a lot harder for someone to do it. And, the hard truth about the Internet is that cyber criminals work on volume. If you represent too much of a challenge hopefully they move on to the next victim.
Protect yourself! If you don’t nobody else will. It will cost money and sometimes you need to pay to have an expert help you out. But, in the end, it will be cheaper than living with the consequences of not doing it.
Glenn Walker
the dotConsultant
dotConsultant 