It is not so much “if” you will suffer a cyber attack, but “when”.
There is an old saying in the industry that goes, “The only safe computer is a ‘dead’ computer.” Basically, this means that the only type of system that is truly safe from a cyber attack is one that is completely disconnected from the internet. If you have a digital device with internet access, chances are, if it has not been attacked, you will be. And with the advent of IoT devices, the cyber threat continues to grow. A cyber attack may come from a random phishing scam, malware installed onto your device, or even from an actual hacker breaking into your system. But you can take measures to protect yourself.
You may be savvy, but remember that you will always be at risk.
While I was living in Denver, I knew someone who fell victim to a tech support scam. After subscribing to a security service which provided both anti-malware and live tech support, somone leaked his information during a data breach. An individual claimed to be a representative and called to say that they detected a threat. The caller claimed that he needed to run a full system scan. The caller gave him verified credentials, so he granted the caller access to his computer. Two days later, he noticed unusual activity on his system. He discovered someone drained his bank account. He lost thousands of dollars as a result.
After calling back and speaking with a different representative, he found that they do not call their customers in such a manner. He realized he had fallen victim to a cyber attack scam. But this was no ordinary guy or average user. He is a retired electrical and systems engineer with years of computer and development experience. However, he was still fooled by a talented social engineering hacker using a technique called vishing. This shows that hackers can fool anyone.
There are ways to protect yourself from a cyber attack.
The first line of defense is to question everything. If you get an email requesting sensitive information, do not click on any links until you have verified that the email is legitimate. The same goes for a website. Double check the URL to confirm it is legitimate. Often a fake URL will lead you to a spoof site. If you receive a phone call, you should hang up and call the company yourself before giving out any information. This allows you to verify that the person calling is in fact a representative and that they do this type of business over the phone.
If you believe your computer is infected with some form of virus or malware, stop all activity. You then want to either run a system wide scan using anti-virus software or consult a reputable computer repair technician to perform the scan and removal. Even text messages can be a scam. Never respond to messages from unknown senders or click on any links.
Another method of protection is to regularly backup your data to an external hard drive. This allows you to restore your computer in the event of infection or data loss. Always use secure passwords or passphrases, unique to each account. Do not recycle passwords. Do not use obvious passwords, like names and dates. A password manager can help you keep track of multiple complex passwords that may be difficult to remember.
Hackers are getting smarter every day, and social engineering is still the most popular cyber attack. But despite the many threats that exist, you can better protect yourself by always being cyber-aware.
Tags: Best cybersecurity practice, Cyber-attack, Cybersecurity, data breach, Malware, Phishing, Scams, social engineering, Threats, URL, Vishing, Vulnerabilities