Cyber Attacks are a Growing Threat
No matter which news source you read, watch, or listen to, you're likely to get the same message about cyber attacks: they're on the rise. If you haven't yet been a victim, consider yourself lucky.
Examples of Recent Attacks
One cyber attack that was widely publicized took place at Yahoo. In September 2016, the company announced that at least 500 million users had their information stolen in 2014. Names, email addresses, phone numbers, birthdates, passwords, and security questions were all compromised by what Yahoo called a "state-sponsored actor."
With one billion monthly users, Yahoo is one of the most-used online services for email, photo storage, and messaging. Yahoo recommended that users change their passwords and security questions, as well as those that might be similar for other sites. This attack was dangerous not just for Yahoo users and their family and friends, but also to connected services such as bank accounts and social media profiles.
Another much-publicized attack on retailer Home Depot also took place in 2014. Hackers got a hold of 56 million customers' credit card numbers. Employees within the company revealed that management was resistant to implementing defensive strategies and used outdated software to protect its network.
The following year, 2015, saw a continuation of the hacking trend. Anthem, a large provider of health insurance in the U.S., holds sensitive personal information in addition to medical data. The hackers involved in this cyber attack gained access to around 80 million records that included social security numbers, birth dates, addresses, emails, and employment and income information. Like Home Depot, Anthem failed to take the appropriate steps to protect this data.
Why Attacks Keep Happening
Unfortunately, the very structure of the internet may be part of the problem. When the internet first got started, users were primarily interested in the ability to transfer data as rapidly as possible. Security was an afterthought in response to hackers seeking and readily finding vulnerabilities within various services. Government agencies were at particular risk because they were often stuck with out-of-date systems due to budget constraints.
Initial defenses included firewalls and antivirus software, but as hackers have stepped up their game, IT professionals have had to do the same. Newer defenses include monitoring software that picks up unusual network activity and two-factor authentication, which requires users to enter a secondary password when logging in from a new device. However, the only real way to keep data secure is to encrypt it, making it unreadable — and therefore unusable — to hackers.
The FBI Responds
Hacking is a threat to national security, which is why the FBI has updated its technological and investigative capabilities and partnerships in recent years.1 New strategies include the following:
- A cyber division at FBI headquarters
- Specially trained cyber squads
- Cyber action teams
- A computer crimes task force
- Enhanced partnerships with other federal agencies including the Department of Defense and Department of Homeland Security
The FBI's efforts include action against identity theft, online predators, and ransomware. The organization has described its recommendations for ransomware, which starts with the victim receiving an email address with a link. When the recipient clicks the link, they're directed to a website that infects their computer with malicious software that freezes access to their data. Then they receive messages alerting them to the attack and telling them they can no longer access their data until they pay a particular sum.
The FBI recommends that victims of this type of attack not pay the ransom, because it's no guarantee they'll regain access to their data. Instead, individuals and businesses are urged to use strong prevention methods such as ensuring anti-virus and anti-malware programs are up to date, backing up data regularly, and disabling macro scripts from office files transmitted via email.
Read more about the FBI's efforts against cyber crime at fbi.gov/investigate/cyber.
1FBI, "What We Investigate: Cyber Crime," https://www.fbi.gov/investigate/cyber.
Russia Suspected of Cyber Attacks in the U.S.
When Yahoo said a 2014 data breach was performed by a "state-sponsored actor," it didn't specify which country it was referring to. But many observers believe it was Russia, which has been accused of other recent cyber attacks as well. According to a recent Hackread article, "A Russian hacking group is suspected of targeting around 85 high-profile US tech firms," the companies include Apple Pay, Amazon, American Airlines, McDonald's, PayPal, Pizza Hut, Dunkin Donuts, DropBox, eBay, Uber, Match.com, Office Depot, AT&T, and Wells Fargo.1
But that's not all. In September 2016, the World Anti-Doping Agency said Russian hackers stole medical data of Olympic athletes including gymnastics star Simone Biles and tennis great Venus Williams. Experts have accused Russian President Vladimir Putin of ordering a hack into the U.S. Democratic Party's databases during the 2016 presidential campaign.
1 Carolina, Hackread, "Dark Net Researcher Says Russian Hackers Attacking Big Companies in US," https://www.hackread.com/dark-net-russian-hackers-hit-us-firms/.
How to Protect Yourself From Hackers
With so much hacking activity happening, it may feel like it's only a matter of time before you become a victim (if you haven't already). Fortunately, there are many things you can do to protect yourself. Here are some ideas to get you started:
Follow Up After Attacks
If a service you use is hacked, the first thing you should do is change your password. If you use the same password on other accounts, change them as well. Then, check the account to see if anything looks amiss. If it does, contact the service to see how they can help; depending on the type of service, you may also want to shut it down. Check your financial statements and credit report carefully to ensure your private information hasn't been used to break into other accounts.
Use Good Password Hygiene
When creating new passwords, use a different one for each service. Be especially careful not to use the same passwords for bank accounts, email, and ecommerce accounts. Change your passwords at least once a year, on a date that's easy to remember, such as January 1. Consider using an online password service like LastPass or Dashlane to conveniently and safely track passwords.
Freeze Your Credit
If you're the victim of more than one breach, you might want to freeze your credit, which involves disallowing anyone from viewing your credit reports, making it more difficult for anyone to open an account in your name. To learn more, visit the Federal Trade Commission section on the topic at consumer.ftc.gov/articles/0497-credit-freeze-faqs.
Log In the Right Way
More companies are now using two-factor authentication, which requires you to use a secondary password if you log in from an unrecognized device. If you have the option to use two-factor authentication on a service, do so. In addition, always check for the padlock icon next to the URL to ensure the services you use are secure.
Protect Your Computer Network
Set your computer to update your operating system automatically, which prevents hackers from taking advantage of vulnerabilities in outdated programs. Likewise, make sure your anti-virus and anti-malware programs are always up to date. When setting up Wi-Fi in your home, be sure to protect it with an encrypted password and update your hardware every few years.
Don't Forget About Your Phone
Remember that your phone is a computer too, and hackers can get a lot of personal information from it. Phones are easily lost or stolen, so if yours has a way to be locked, use it! Develop a numeric code with the highest number of digits allowed (four is great, six is even better) or use the fingerprint sensor if your phone is so equipped. Remember, hackers can't use what they can't see, so keep your data behind closed (cyber) doors.