(Fiduciary Trust) Having a simple anti-virus software installed on your computer used to be sufficient protection from cyberthieves. However, due to the increasing sophistication of hackers, anti-virus software alone will no longer protect your confidential information (e.g., passwords, personal account information, etc.). These cyber-attackers now target and exploit common patterns in the way people use their devices and access their personal data. To help you keep one step ahead of Internet saboteurs, keep in mind some of the most common and unexpected “dangers” that could compromise your cybersecurity:
1. Clicking “Update Later”
The Danger: You’re probably familiar with the “update available” notification that only seems to pop up in the middle of something important. The notification window is easily dismissed by clicking “update later,” but putting the update off could leave your device susceptible to malware or a hacker. Malware, short for malicious software, is software designed to disable, access, or damage a device without the user’s consent.
The Damage: Software updates often serve to “patch” critical security flaws within the software. When a developer identifies a security weakness that could be exploited (sometimes called software vulnerability) the developer typically creates a “patch” that modifies the software to prevent the vulnerability from being exploited. Cyberthieves frequently target outdated applications with known vulnerabilities that can be used to penetrate your device.
The Defense: Keeping applications up-to-date can prevent 85% of targeted cybersecurity attacks.1 Update your operating system, web browser, and other applications as soon as you’re able. Browsers and browser extensions (such as Adobe Flash) are the most commonly exploited security holes so think twice before delaying updates to Chrome, Firefox, Safari or Internet Explorer.2 Most operating systems also allow you to turn on automatic application updates so you’ll never be tempted to hit “update later” again. If you use auto-update on your mobile device and are worried about data usage, turning off “Use Cellular Data” will ensure the updates are only downloaded when your device is connected to Wi-Fi.
2. Connecting to Public Wi-Fi
The Danger: Data limits and poor cellular service can make public Wi-Fi tempting, but you could be putting your cybersecurity at risk.
The Damage: Data transferred over a public Wi-Fi network can easily be tracked and intercepted (including login information and passwords). And while it might be tempting to use public Wi-Fi even for just a few minutes, keep in mind that a Wi-Fi attack on an open network can take place in less than two seconds.3
The Defense: Consider using a Virtual Private Network (“VPN”) application which authenticates you and your device to create a secure Internet connection on any network (including public Wi-Fi) so that the information you send and receive from your device is encrypted and secured from others who are using a network. The most common way to access a VPN is to subscribe to an internet-based VPN service.
3. Turning off Password Protection
The Danger: It seems we rely on our mobile devices for just about everything from navigation to health tracking to mobile payments. As a result, typing in a home screen passcode every time you need access to your device can make it tempting to opt for convenience over security.
The Damage: If you left your phone behind at a restaurant, it probably wouldn’t take long for someone to get access to apps, saved passwords, payment details, or social media accounts that may contain personal information such as your date of birth, address, or relatives’ names that could be used to steal your identity. And even if you’re lucky enough to have your device returned by a Good Samaritan, consider that one study found that almost every person who came across a lost cell phone looked up personal information stored on it.4
The Defense: Turn on “password protection” and treat your device like a digital wallet that holds all of your personal data. Where available, set up a password for each application on the device as well so that even if someone gains access to your phone or laptop, the most sensitive information on the device is not easily accessible.
4. Clicking on Untrustworthy Links
The Danger: When it comes to links, curiosity could be killing your cybersecurity. Shortened links and links that obscure the destination page often lure people to click by piquing their curiosity. In one study, over half of the participants clicked links to malicious sites posted to Facebook because they wanted to see the content.5
The Damage: Even if the content on the other side of the link looks legitimate, Internet bad actors often use a disguised link that could put your device or your data at risk. Clicking on a link from an unknown source, shared on social media, or in shortened URL format could cause you unknowingly to download malware, put you at risk of becoming the victim of phishing, or infect your device with ransomware.
The Defense: A good rule of thumb is to be most suspicious of “clickbait” that is designed to lure you into following the link. If you’re suspicious of a link that purports to be from a person or company you know, you can hover your mouse over the hyperlink without clicking to view the link’s destination URL, as illustrated in the example below. Websites such as InternetOfficer.com and WhereGoes.com can show you where a link redirects to help you decide whether it’s a risky click.
The Danger: Ransomware is a type of malware that encrypts all of the files on your device making them impossible to open – unless you pay a ransom, usually in bitcoins (an untraceable Internet currency) to obtain the passwords. Based on recent studies, it’s on the rise – incidents of ransomware attacks have been increasing from five to eight times year over year.6
The Damage: The damage from a ransomware attack can be devastating. Not only are important files held hostage, but you could very well lose your photographs, movies, and other irreplaceable digital information. Because ransomware is one of the most lucrative digital crimes, authorities frequently recommend that victims not pay the ransom in an effort to make the endeavor less profitable for the criminals. And even if you do pay, there is no guarantee that you will even receive the unlock codes.
The Defense: Regularly backup all of your files to a separate location so that you can easily restore information that has been taken hostage. The best way to backup your information is to use an external storage device or acquire an automated service that periodically backs your files up to the cloud.
6. Recycling Passwords
The Danger: Logging in to an online account is faster and easier when you aren’t trying to remember what you set the password to months ago. The frustration of remembering several different passwords leads a lot of people simply to pick one password and use it across all accounts—but the convenience often isn’t worth the risk.
The Damage: Some Internet transgressors write programs repeatedly to guess your password until it accesses your accounts. The programs can often figure out weak passwords in a matter of seconds (Test the strength of your password at https://howsecureismypassword.net). If a cybercrook manages to figure out the password to one of your accounts, how many of your other accounts would be able to be accessed? For people who use the same credentials across several accounts (or worse, use one of the 1000 Most Popular Passwords), then one cybersecurity incident could turn into a wave of account breaches.
The Defense: Never reuse a password. While that may sound impossible, a password manager, such as LastPass or Keeper, can generate unique passwords for each of your online accounts and securely store your login information. Some password managers will even alert you to change the password proactively. In addition to using unique passwords, activating two-factor authentication provides added security for accounts with particularly sensitive information. Two-factor authentication generates a one-time‑use code via an application or text message in addition to a password in order to access an account.
When it comes to cybersecurity, the adage holds true: An ounce of prevention is worth a pound of cure. Cyber attackers frequently look for known vulnerabilities to exploit. Taking the time to make it more difficult for a bad actor to target you could make all the difference.
Disclosure: The opinions expressed in this article are as of the date issued and subject to change at any time. Nothing contained herein is intended to constitute investment, legal, tax or accounting advice and clients should discuss any proposed arrangement or transaction with their investment, legal or tax advisors.
1 United States Computer Emergency Readiness Team Alert TA15-119A (April 29, 2015)
2 IT Threat Evolution in Q1 2016, Kaspersky Labs
3 Extreme Networks
4 The Symantec Smartphone Honey Stick Project, Symantec Corporation
5 Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness, Dr. Zinaida Beneson (July 30, 2016)
6 The 2017 Endpoint Protection Ransomware Effectiveness Report. KnowBe4