With all of the media centering reports on cyber attacks and hacks, it’s important to protect yourself while on the internet. According to the Identity Theft Resource Center, data breaches increased 40 percent in 2016, with a total of 1,093 reported breaches. The trend continued in 2017, with over 1,120 cases reported by October. Every day, more than 1 million people become victims of cybercrime. Learning about cyber attacks and how to prevent them, can help you protect yourself from security breaches.
Cyber attacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware, and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information, financial assets, and corrupting data, or causing operational disruption or shutdown.
Both third parties and insiders can use a variety of techniques to carry out cyber attacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.
Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by clicking on a malicious link. According to historical claim data analyzed by Willi Towers Watson, 90 percent of all cyber claims stemmed from some type of individual error or behavior. The high-profile Equifax, Snapchat, and Chipotle data breaches were all caused by employee error or behavior.
A breach in cyber security can lead to unauthorized usage through tactics such as the following:
- Installing spyware that allows the hacker to track internet activity and steal information and passwords
- Deceiving recipients of phishing emails into disclosing personal information
- Tricking recipients of spam email into giving hackers access to the computer system
- Installing viruses that allow hackers to steal, corrupt or delete information even crash the entire system
- Hijacking a company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers
Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.
The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.
Cyber Criminals look for weak spots and attack there, no matter how large or small the organization. Small business, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyber attack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.
With cyber attacks posing such a prominent threat, it is essential for businesses and individuals to create a plan to deal with this problem. Consider implementing the following suggestions from the Federal Communications Commission:
- Install, use and regularly update anti-virus and anti-spyware software on all computers
- Download and install software updates or your operating systems and applications as they become available
- Change the manufacturer’s default passwords on all software.
- Use a firewall for your internet connection.
- Regularly make backup copies of important data.
- Control who can physically access your computers and other network components.
- Secure any Wi-Fi networks.
- Require individual user accounts for each employees.
- Limit employee access to data and information, and limit authority for software installation.
- Monitor, log and analyze all attempted and successful attacks on a systems and networks.
- Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.
- Use strong passwords (combinations of uppercase and lowercase letters, numbers and special characters), change them regularly and never share them with anyone.
- Never repeat passwords
- Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email
- Don’t open suspicious links and emails; an indication that the site is safe is if the url begins with https://
- Scan all external devices, such as USB flash drives, for viruses, and malicious software (malware) before using the device
Gone are the days when contact names and phone numbers were the most sensitive pieces of information on your phone. Now smartphone’s or tablet’s can be used to gain access to anything from emails to stored passwords to exclusive data. Depending on how you or your organization uses such devices, unauthorized access to the information on a smartphone to tablet could be just as damaging as a data breach involving a traditional computer system.
The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.
Most importantly, stay informed about cyber security and continue to discuss inter safety with your family, employees, and places of work.
According to the Department of Homeland Security (DHS), 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. IN addition to the listed tips, the Federal Communications Commission provides a tool for small business that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
A data breach could cripple you, your small business, or fortune 500 company. This could cost you thousands or millions of dollars lost. Contact The Buren Insurance Group to make sure you are properly protected. Whether you are a business owner or not, “We’re with you from What If to What Now.”