Recognizing 2022 World Password Day, here are four countermeasures to keep you safe from malware and ransomware. Time to level up!
You are not paranoid; cybercriminals really are trying to hack your security and steal your information. And the proof is in the numbers.
According to the 2022 SonicWall Cyber Threat Report, there were 623 million ransomware attacks globally, a 105% increase over 2020. There was also a sharp triple-digit increase in encrypted threats, rising to an astounding 10 million attacks. And as if you didn’t have enough to worry about, cryptojacking is on an upswing with 97 million incidents recorded, a 19% increase year-over-year.
Some people may choose to ignore the data and throw caution to the wind. If they’re lucky, a hack will be a minor inconvenience, and their anti-virus software will stop the malware before it can cause serious damage. However, if they’re among the growing thousands of victims each year, hackers will force them to pay a ransom for their precious data, steal their identity or just wipe out their devices completely.
And you wonder, what could be worse?
One hack of a single individual can lead to a cascade of hacks and much larger problems. For instance, hackers can break into your personal computer without you knowing it, add malware to one of your devices that unpacks wherever you go, bypassing firewalls and other security, straight into your home network, friend’s home, the library, and your workplace.
We all could stand to be a little more careful. A “cybersecure mindset” protects you, your devices, and your data and everywhere you connect your devices. So, when we say, “Be Cyber Smart and Lock It Down,” what we mean is taking personal responsibility for not only how you connect but also actions you take to keep yourself secure.
Here are FOUR COUNTERMEASURES that everyone can use to level up and lock it down:
1. PROTECT yourself.
Start with passwords and lockdown your devices, software and information with strong ones that protect you from becoming an easy hack. There are some basic rules for good passwords. The first is the length – a minimum of 14 characters but 16 is better, with a mix of uppercase and lowercase letters, plus numbers: security experts recommend at least 4 non-repeating numbers. And don’t forget symbols (ex: @ # $), at least one but two is better. Check with your service provider; they may have specific requirements like the length and number, and type of symbols. One very important rule: ensure that your passwords are unique for each use. Avoid obvious sources like your address, recognizable names, dates, and phone numbers. Avoid any information that someone may learn by reading your social media profiles. Another important rule, USE YOUR PASSWORDS and turn on two-step authentication (2FA) wherever you can. Many phones allow biometric recognition to validate you and simplify logging in for each access. There’s more to know about passwords, check out this article we found from Help Net Security.
2. PROTECT your personal identification.
Privacy is a matter of personal choice. We want to open some things for the sake of convenience (shopping and health apps, for instance). However, the privacy settings you set on your devices and apps could also open you up to hacks. Being “smart” about your cybersecurity means knowing how hackers attack devices and steal information from open apps. It also means being aware of where your personal information winds up. Security experts recommend that you set your privacy settings based on actual need for specific tasks. For instance, change your privacy settings when conditions change, like when traveling or using public networks (e.g., coffee shop Wi-Fi, more on that later).
3. PROTECT your data.
Maybe it seems obvious, but your data (photos, reports, accounting, proprietary documents) are your most vulnerable possessions. We also want to take extra care of our social security numbers, bank accounts, and credit card numbers. And all of that is at risk when we leave it in open apps (no password) or send it on unencrypted emails. So please keep it safe and LOCK IT DOWN! And be very wary of phishing campaigns. Hackers use any means they can to break into your devices and network. For example, they’ll spoof organizations you trust, friends, family members, co-workers, or even your boss. Phishing messages can come by email or phone text. Some of these messages look very authentic. We’ll go into more detail about how to detect phishing messages in another post, but you can make a personal policy to never share private information via email or text with anyone.
4. PROTECT your devices.
If you didn’t know already, public Wi-Fi hotspots are not secure. Unfortunately, that means the public hotspots at your favorite coffee shop, restaurants, shopping malls, libraries, and especially airports. With minimal knowledge and equipment, hackers can scan unencrypted data streams that contain passwords and account information that you send and receive. Several years ago, scammers took it further and created elaborate spoof Wi-Fi networks with name and branding marks similar to what people expected. However, there are several things you can do to lock it down:
- Turn off the Wi-Fi auto-connect feature on your devices. Turn it back on when you need it and choose the networks you want to use.
- Use secure wireless networks that have WPA or WPA2 password protection. Unfortunately, these are uncommon for places like the local coffee shop or the airport, so they may be challenging to find.
- Install mobile security software with malware and virus detection for laptops, pads, and phones. You may also install a VPN (a virtual private network) that encrypts your data stream even if the Wi-Fi network does not.
Do what it takes to adopt a Cybersecure Mindset.
Remember that when it comes to cybersecurity, the human element can be the strongest or weakest point in the armor.
Human behavior is without doubt the biggest culprit in IT security incidents. This is evident in email phishing. It deceives people into clicking on malicious links or attachments. This makes it difficult to distinguish between legitimate emails and potential threats. According to a study by Myers-Briggs, a research company based in the UK, 80% of companies believe human factors, such as mistakes or leniency with login security, are a major cause of cybersecurity risk. Therefore, it is vital that we do what it takes to adopt a ‘cybersecure mindset’ to protect our homes, communities and our workplaces.
Being aware is not being paranoid; it recognizes that cybercriminals really are trying to hack our security, steal our property, and do us great damage.