The world’s reliance on digital technology is fueling the growth of cyber criminals at an alarming rate. Worldwide, total damage caused by reported cybercrime in 2020 reached $4.2 billion, up from $1 billion in 2015 (IC3, 2020).  With such a dramatic increase, it is imperative to be aware of cyber criminals and their methods for attacking their victims.  Here at The Normandy Group cybersecurity is a top priority and is integrated into our daily operations.  We are proactive in our defense against cyber-attacks.  For an individual or company to defend against cyber threats, it is essential that they can identify the most common types of attacks.  This article introduces 5 common cybersecurity risks and ways to protect against them.

Phishing

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message from someone posing as a legitimate institution.  Their objective is to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords (https://www.phishing.org/what-is-phishing).

Tips to prevent phishing scams:

• Turn on anti-phishing preferences on your internet browser and spam filters on email (these types of defenses may help prevent phishing attacks from reaching your computer/inbox)
• Never click a link/image, or download an attachment in an email (open a new internet browser and search for the company who sent it to you to make sure it is legitimate)
• Always be aware of who is sending the message (verify the identity of the sender and do not interact with messages sent from people you do not know)
• Be vigilant and look for misspelled words and/or grammatical errors within any email or text message (phishing attacks often have grammatical mistakes within the message)
• Be suspicious of messages that state “Urgent” or “Time Sensitive” information (creating a sense of urgency is a common tactic which cyber criminals use to manipulate their victims)
• Report any suspected phishing attack to the Federal Trade Commission (FTC) (spreading awareness of common phishing attempts can help save future victims for falling for the same scam or attack)

Malware

Malware is another name for malicious software and is any type of software intended to access and or damage a computer without the owner’s permission. Examples of common malware include viruses, worms, trojan viruses, spyware, adware, and ransomware. A few ways to detect malware include:

• Performance issues – such as your computer running slowly and or crashing frequently.
• Unexplained computer behavior – If you notice programs running in the background which you did not initiate or changed settings on your machine.
• Pop-ups and spam – From time-to-time reputable companies will send some pop-ups that are safe and may contain information that the company would like to make you aware.  Conversely adware programs can install spyware that can take over your system and capture your personal information.

Generally, the first step to protect your machine is to install anti-malware software that can scan for this type of malicious activity. Be skeptical and do not click on ads or hyperlinks that you don’t know or trust. If one of these malicious software is downloaded onto your machine it may lead to a breach of your personal information.  If there is ever a question, disconnect from the internet, shut down your computer immediately and call a professional tech who can assist in cleaning your machine if it needs it.

Ransomware

Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting your data drive(s), until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever or the ransom increases (https://www.proofpoint.com/us/threat-reference/ransomware).

Tips to prevent ransomware:

• Securely back up your data frequently (maintaining adequate backups allows for the ability to restore systems without needing to deal with the cyber criminals)
• Never pay the ransom (often times the cyber criminals will not decrypt systems after the ransom is paid. Also, by paying the cyber criminals, it motivates them to continue attacking other victims)
• Always keep browsers and operating systems current (maintaining systems with the most up to date software helps protect against potential attacks)
• Follow tips above regarding phishing attacks (ransomware attacks are often deployed through phishing attacks)

Data Breaches / Back Ups

A data breach is a general term for someone gaining access to your information.  This can include your emails, banking information, and social security numbers. In the wrong hands, with your personal information, scammers can wreak havoc on your financial situation. One of the best ways to protect from ransomware when a data breach occurs is to continually back up your sensitive information correctly.  Moving these irreplaceable data files to a safe encrypted external hard drive or a cloud-based service can be priceless.  If a data breach occurs, stay calm and keep your common sense. Attempt to identify which accounts were hacked and if possible, change the password to these accounts immediately. Continue to watch your financial records, if anything seems off freeze your accounts without delay by informing the institution of your situation.  They can and are prepared to help.

Passwords/ Multi-Factor Authentication

One of the easiest ways to protect yourself from an external data breach is to have a strong password. Many people hate having to remember passwords because it is a challenge.  For obvious reasons using the same password and username combination across applications and systems can be detrimental in the case that a data breach occurs. This gives scammers access not only to the account they hacked but potentially to all your other accounts with this same password credential.  A good password should be:

• Long (12 characters is recommended)
• Have upper and lowercase symbols as well as numbers and special characters ($#!*)
• Avoid using common phrases like “password” or personal information that can be easily accessed, such as your birthday

An easy way to keep track of these long unique passwords is through password managers. Many phones have this feature built-in, but there are other programs you can download to your computer to keep track of these as well. This way one password can access all the passwords you use regularly. The last tip would be to utilize multi-factor authentication when you can. This will send you a code or a text to make sure it is you accessing your information. It is like a revolving password that is truly unique every time you use it.

The best time to think about cybersecurity is before you are ever in danger. Being proactive and making sure your systems are updated and secure may further protect you and your family from these fraudsters. A few highlighted tips include:

• Update and create strong passwords
• Keep your electronics updated
• Check to make sure you have a strong anti-malware software
• Back up your data
• Do not trust or click unknown links

Continue to remain vigilant, by following these steps you can help protect yourself and your information from cyber criminals. Please reach out if you see any abnormal activity or receive correspondence that does not seem right. We would much rather spend the time making sure your accounts are secure than to find out the hard way there has been a breach.

Download our free eBook “6 Simple Steps to a More Confident Retirement”: