SAVANNAH, Ga. (WSAV) – October is National Cyber Security Awareness Month and if you think you could never be a target, you are probably wrong. The hackers are out in droves.
“This has now become an industry, it’s no longer just a bunch of people sitting in a basement somewhere and hacking in from some third-world country,” said Ed Peters, a cyber security expert, and chief innovation officer at Panzura.
“This now a full supply chain based industry with access brokers who will see lists of accounts they found access to and got passwords for that others can buy on the dark web,” he said.
While many of us have heard of the recent hacks of large institutions, including hospitals, where ransom demands are made, Peters says crooks still go after average people.
“Actually, they find that individuals are probably less sophisticated in this and therefore easier to attack,” said Peters. “These attacks are going on at all levels right now, and 75 percent of the scams occur through email, and they tell you that there’s something wrong with one of your accounts or there’s a business transaction issue and get you to click on an attachment.”
If you click on that strange attachment, it can help a hacker infiltrate your computer and capture passwords to things like your bank account.
Peters estimates “less than 10 percent” of consumers are prepared for cyber threats.
He says we use technology for convenience and sometimes don’t want the inconvenience of doing things like changing passwords or figuring out to use a password manager system (which he recommends) or making sure we don’t use the same passwords for a number of accounts.
“Install hard passwords, rather than just using something you can easily remember, and don’t use the same passwords for multiple accounts,” Peters said. “The hackers call that ‘credential stuffing’ and once they find one password, they’ll try that on a number of your account and see which one works.”
If hackers do get a password that you use for several accounts, they may get your money, too. Peters reminds all of us that if you get some kind of message about how urgent it is to respond, be cautious.
“When you hear that something has to be done right away (which is normally sending someone you don’t know money) just stop and look at it again,” Peters said. “And if an email says call a number, don’t call that number. Look up the number on your bank card, for example, and talk to them directly.”
Peters also says:
- Make sure to change passwords on smart devices as well because they hook in to your home network.
- Be aware that phishing scams can also target you at your work computer with the purpose of trying to infilitrate the network there
- And once again, use strong passwords and different passwords for accounts
Attorney General Chris Carr advises Georgians to know how to keep their sensitive information safe from cybercriminals.
“This is an ideal time to prepare to defend yourself from hackers and identity thieves that are trying to infiltrate your computer and your wallet,” said Carr.
Here is advice from Carr’s office:
- Install Reputable Security Software on Your Computer. It is recommended that your computer have anti-virus and anti-spyware software, a pop-up blocker, and that the firewall is enabled. For lists of security tools from legitimate security vendors, go to this website.
- Update system and software frequently. Computer and software companies frequently update their programs to include protection against new security threats. Simply updating your operating system and software whenever new versions become available gives you an added measure of security.
- Create Strong Passwords. The longer the password, the tougher it is to crack. Mix letters, numbers and special characters. Don’t use your name, birthdate or pet’s name in your password. Use a different password for each of your accounts so that if one account is hacked, the perpetrator cannot take over all your accounts.
- Be Wise with Wi-Fi Hotspots. Open public Wi-Fi is often unsecured, so your information and device are more accessible to hackers. Limit the types of business you conduct in this environment, being certain to avoid those that involve your personal or financial information, such as banking, credit card transactions or doing your taxes.
- Know Who You’re Dealing With
- Don’t download programs or share files with people or businesses you don’t know and trust.
- If you receive a text message or email from a sender you don’t recognize, be very wary of opening any attachments or clicking on links, as these might download a virus or malware onto your device. If a message looks suspicious, it is best to delete it.
- Beware of business email compromise scams and phishing emails. Cybercriminals may try to steal your money or identity by posing as a legitimate business or government agency and asking you to send money or provide personal or financial information. If you are unsure of whether an email is legitimate, do not reply to it; instead, contact the business or institution directly by looking up the actual web address or phone number.
- Backup Important Data. No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.
- Lock your phone. Use at least a 6-digit passcode on your device, or use the pattern lock or fingerprint scanner. Set the device to lock when not in use.
- Protect yourself in the event that you lose your mobile device:
- Install and turn on Find My iPhone (iOS) or Find My Device (Android). These apps could help you locate your device if you lose it. If your phone is stolen, these apps also let you remotely issue a command to erase your device – even if an identity thief turns it off.
- Alert your wireless provider as soon as you know your device is missing. They can permanently or temporarily disable the SIM card to stop someone from using the device for calls or the internet.
- Change passwords for your accounts. Many of us set our devices to remember passwords – which could mean that someone who gets your phone could get access to your accounts and personal information. So, if you lose your phone, create new passwords right away for your email, social media, online banking, shopping and other online accounts.