Recently, I was interviewed by Tyler Gallagher at Authority Magazine. In that interview, he asked:
“Who has to be most concerned about a cyber-attack? Is it primarily businesses or [] private individuals?”
My answer: both.
It may seem that I was hedging my answer, but the evidence supports my conclusion.
Cybersecurity professionals continually preach that people are the weakest link in protecting data and online assets. By using social engineering, cyber criminals exploit human tendencies to trust. There are entire books written on how hackers do not need technical expertise to gain access to valuable data. According to various reports, one form of social engineering -- phishing (fraudulent emails asking for security information and personal details) -- continues to be the most common route to implement a successful cyberattack. Next in line is using brute force attacks to obtain the credentials to social media and email accounts. These brute force attacks have the most success when people use weak or simple usernames and passwords.
· People are duped by social engineering schemes.
· People click on malicious links.
· People use simple passwords that are easy to guess.
· People neglect to update their software.
Generally, individuals are doing a poor job implementing protocols to protect online assets such as their bank accounts, social media, text messages and emails.
More Money, Money Problems
Other than seeking to gain access to a company’s assets, cyber criminals are realizing that instead of targeting people in the lower financial demographic, there is a better chance of a higher payout by targeting wealthier individuals.
Like most regular folk, high-net-worth individuals send sensitive information through email, share their personal lives on social media, and click on suspicious links. Unlike most people, high-net-worth individuals have access to large sums of money.
Targeting wealthier individuals also comes with the added benefit that public records will provide insights into their wealth and property ownership. Hackers then use social media to obtain a plethora of information about these individuals that can be used for social engineering attacks.
Assuming cybercriminals are somewhat smart, it makes sense to target the wealthy.
How to Improve Cybersecurity
People purchase property and life insurance, lock their vehicles, and install home-security systems. Why? To protect their assets. But most people overlook the possibility of cyber-crime. With the idea of protecting assets online, here are some steps that individuals can implement to protect themselves:
Install anti-virus protection and firewalls – a first line of defense in protecting your assets and online profile.
Keep software up to date – helping defend against vulnerabilities identified by hackers, across devices, browsers and apps.
Be wary of phishing scams – this can be via email or phone. Basic principles are to be wary of emails from people you don’t know, inspect links before clicking and review sender details to verify authenticity.
Protect your personal information – information such as name, address, and date of birth can be useful tools to a hacker. Therefore, be careful with the details you share on social media and review your privacy settings.
Use mobile devices securely – keep devices updated, avoid sending sensitive information over text message or email, install apps from trusted sources and don’t use obvious passwords.
Back-up data regularly – if you become the victim of a ransomware or malware attack, having a recent back-up of your data will prove invaluable.
Consider Cyber Insurance – Insurance companies are creating products to mitigate or defer some of the financial risks related to cyber-crime.
Use a Professional - Relying on professionals to protect assets is always sound advice.
~ Florida Cyber Lawyer, Robert Stines, Esq., CIPP
