Do you believe you’re safe from cyber attacks?
Most people do. They believe that hackers won’t target them because hackers go for the “big fish”. Most people are wrong.
The truth is: not even small businesses are safe from cyber attacks. In fact, perusing through Barkly’s 5 cybersecurity statistics every small business should know in 2018 will show that not only are cyber attacks on small businesses possible, but they’re also quite common.
Likewise, not even individuals are 100% safe from cyber attacks. Hackmageddon’s June 2018 cyber attack statistics even show that 20% of cyber attacks are aimed at individuals.
These statistics are particularly worrisome especially when you factor in the average cost of recovering from cyber attacks -- not to mention the loss of invaluable credibility and goodwill in the eyes of consumers and contacts.
Now, while cyber attacks should never happen to anyone, there are certain reasons why targets become victims of these attacks. Below you’ll find the most common ones as well as what you can do to avoid being targeted.
1. You Trust Default Security Software
“Prevention is better than cure.”
This should always be the case for cybersecurity. It’s always better to prevent an attack from happening rather than rely on a fool-proof recovery system. In the latter scenario, the damage would’ve already been done despite the ability to immediately recover. Prevention simply costs less in the long run.
That being said:
Most people often trust their computers’ or devices’ “out-of-the-box” security to be adequate. This is obviously a big mistake because default security software often lacks the sheer capability of dedicated third-party security software.
Hackers will often look for networks that allow them to make FTP or telecom connections to exploit the computers in that network. Once inside, there’s no telling what damage these cyber criminals can cause.
You can prevent this by installing a firewall. Basically, a firewall works by preventing unrequested data (like malware) from entering your network. If your network were a building, then the firewall is the guard at the gate checking people’s credentials and whether or not they have a scheduled appointment within the building.
You can also use software called Fail2ban (Linux), wail2ban (Windows), and fail2web (Mac OS) -- although you may find it easier if you simply modify Fail2ban’s text files for Mac OS. This software prevents hackers and bots from trying to enter a network by repeatedly trying to authenticate using different credentials. Fail2ban bolsters a firewall by making it ban addresses that have unsuccessfully attempted to log in a certain number of times.
Now, while a firewall prevents malware from coming into your network, what can you do about malware already on your hard drive? Simple: look for the best antivirus software. A good antivirus software will seek and destroy any and all malware that has infiltrated your hard drive. Even better is the fact that the best antiviruses today already have a built-in firewall!
Virtual Private Network
Saving the best for last, install the best VPN you can find. VPNs are renowned for their cybersecurity capabilities whether in the home or even for big businesses. VPNs work by hiding your true IP address and encrypting your online data.
You see: your online data is usually in the form of data packets. These packets contain plain text that’s easily readable by someone who knows what they’re doing -- like cybercriminals, your government, and even your ISP. Once a hacker finds and records your online data, they then trace it back to your IP address and that’s when they’ll make their move.
But with a VPN active, the only thing these hackers will find in your online data packets will be encrypted jargon. Also, they won’t be able to trace who this data comes from since your true IP address is masked by the VPN.
That being said, not all VPNs are trustworthy. Avoid “free” VPNs as they’ve been known to sell user data. Instead, look for trustworthy VPN reviews to find the best VPN for you.
2. You Don’t Change Default Passwords
Did you know that devices and software often come with default passwords?
These default passwords are set so that users can easily guess them and they’re often the same, or similar, for all devices/software from the same manufacturer -- and that’s the problem. Hackers know or can easily guess these default passwords and will use them when trying to attack targets.
This is why you should immediately change a default password into a strong one. Note the word “strong” because Preempt has stated that 35% of users have weak passwords. A strong password should not only be a long one but should also contain a mixture of upper and lower case letters, numbers, and symbols (if allowed).
You may, however, find it hard to remember strong passwords. In that case, you can simply use a password manager app. These apps also have the added bonus of generating strong passwords for you which makes them even more useful.
While on the subject of passwords, you should always turn on 2FA (2-factor authentication). Google reported that less than 10% of Gmail users use 2FA and that’s a bad sign. 2FA prevents hackers from accessing your accounts even if they’ve gotten a hold of your credentials if they can’t provide the second authentication via security number.
3. You Ignore Updates
Let’s be honest: sometimes we ignore software or app updates.
It’s nothing to be ashamed. Those updates just come at inopportune times and they slow down your device’s performance so you hold them off for later. But what if I told you that that’s exactly what hackers are hoping for.
As you may know, updates often come with updates to security. This means that the manufacturer just recently found, or was made aware of, certain vulnerabilities in their product. Hackers know this and will swiftly race to find users of that product who have not yet updated their version of the software or app. Once they find one, they simply exploit the vulnerability that should have been solved by the security update and work from there.
This is why you should never ignore updates, no matter how untimely they may be. Additionally, you can simply turn on auto-updates to make them more convenient.
4. You Click Random Links
“If it’s too good to be true, it most certainly is.”
Have you ever heard the story about the Nigerian prince who’s looking for someone they can give their vast wealth to?
I bet you have. I bet you’re also aware that unbelievable stories like that are just that -- unbelievable. These stories were early examples of cyber attacks called “Phishing”.
Phishing attacks use social engineering and psychological tactics to get targets to click on a malicious link. Once clicked, these malicious links can contain anything from viruses that damage your computer to malware that cryptojack your whole network. One innocent click is all it takes.
The problem is hackers are really good at social engineering. They can even use AI to make phishing attacks for them.
You can try to avoid phishing attacks by learning to identify a phishing attempt. You can also avoid phishing attacks by using a fake email for websites that require it.
A better (more convenient) alternative, however, would be to use Open DNS. This is by far the best way to filter Web content and prevent access to malicious websites on your network.
It works by blocking websites known for attempting to infect visitors with malware or Command and Control Callback, preventing you from unknowingly visiting phishing sites via a phishing site database that’s updated daily, and by blocking suspicious websites that use IP addresses reserved only for internal networks.
5. You Connect to Public Wifi
This applies to individuals and the people running an enterprise.
Do you often go to the nearest coffee shop and connect to their wifi during your breaks? If you do, you’re unknowingly setting yourself up for a MitM (Man-in-the-middle) attack.
A hacker performs a MitM attack by exploiting an unencrypted network’s vulnerability. They then use this vulnerability to monitor the information traveling in and out from the users of that network. They can then use the login information or online shopping data they attain to get your banking credentials or credit card details.
Another danger of using public wifi are rogue hotspots. These hotspots pretend to be the legitimate hotspot by imitating the latter’s name. The problem is you never know who has set up these rogue hotspots and what data they monitor and record.
If you must connect to a public wifi (such as in the event of an emergency), make sure your laptop or device has a VPN which encrypts your data. You will still have to worry about the downtime before your VPN does connect.
Better yet: set your VPN to activate automatically every time your device goes online. This way, you won’t have to worry about the downtime before the VPN actually connects. You will find a noticeable drop in Internet speed, but this is a small price to pay for online security.
Recap and Final Thoughts
Never think that you’re 100% safe from cyber attacks. No one is too small to become a target. To lessen the likelihood of being the next victim, follow these steps:
- Bolster your defenses with dedicated third-party security software.
- Immediately change default passwords into strong ones. Use 2FA.
- Install updates as you receive them. Turn on auto-updates if you can.
- If it’s too good to be true, it most often is. Learn to detect phishing attempts or use Open DNS.
- Beware of public wifi unless you use a VPN.
Now, after saying all of the foregoing, it’s always a good idea to have a backup plan -- and that’s exactly what you need. Regularly make backups of your data and test restoring from those backups.
This way, you’re not only preventing a possible cyber attack, but you’re also prepared if it ever happens.