With each advancement of technology comes the evolution of hackers and cyber criminals. Today, hackers are becoming more and more creative with the ways they access their victims data. Through mobile phones, emails, routers, and other modes, hackers are more of a threat to your business than ever. In unsecure accounts and networks lead to a data breach, it could cost your client’s and company’s trust, thousands- or millions- of dollars in damages, and your company’s reputation.
Don’t risk jeopardizing your business’s sensitive data. Here is how cyber criminals are targeting you, and what you can do about it:
Your email is one of the most valuable digital assets you maintain control over. It interconnects to all your digital accounts, from bank accounts and social networks (LinkedIn, Twitter, Facebook, etc) to cloud services (Google Drive, iCloud, Dropbox) and online shops (Amazon- where you most likely saved your credit card details). Your email provides access to your personal and corporate sensitive information; it’s the hub for the majority of your online accounts. By simply breaching your email account, a hacker can gain access to all of this- and they have the skills to easily do just that. According to Heimdal Security, “One in four emails accounts today are hacked”.
The most common way emails are hacked are through phishing schemes. Usually, phishing tactics include sending out legitimate looking emails that send users to a website to enter credentials and answer security questions to “verify” information which is then stolen. This is an extremely simple and affordable tactic that has proven to be very efficient for hackers- and they’re usually almost impossible to spot. Some may claim immediate action is required to renew a subscription or account; others promise free prizes in exchange for a small fee. But all require giving up personal information. Even internet giants like Facebook and Google have lost over $100 million through email phishing schemes.
Man in the Middle Attacks
Another popular tactic, Man in the Middle Attacks (MITM), takes place when a hacker secretly relays information between two people who believe they are communicating directly; it’s basically like a mailman reading your bank statement before delivering it. One example of this occurred in 2015 when 49 spies positioned throughout Europe were arrested on the suspicion of using MiTM attacks to intercept payment requests from email. Within a very short time, the hackers had accumulated $6.8 million from the scheme, tricking people into paying them directly while simultaneously paying the bank.
The best way to prevent this from happening to your business is by encrypting your email and ensuring your recipient's email is also encrypted. Make sure your WiFi connection is secure when sharing sensitive information- be wary of public connections in coffee shops or airports. If either party has an unsecure email, the message can be intercepted by a hacker mid conversation. An easy way to decipher if an email has been compromised by MITM is if you receive an email from someone that is in cleartext. Any email received in cleartext should be treated as a security liability, especially if you deal with sensitive data in your day-to-day correspondence.
We often assume the only people who can reach our phones are those we’ve given access to. Therefore, messages from banks, government institutions, or representatives from online accounts are often recognized as legit. This gives cyber criminals the perfect hacking opportunity through a tactic called smishing. Smishing is basically phishing done through SMS texts. A hacker will send a text from a seemingly legitimate source requesting urgent action to click a link, call a number, and ultimately give up personal information. This is an extremely dangerous tactic because people are much less cautious concerning cyber attacks while using their mobile devices. Many people either assume their smartphones are more secure than their computers, or they have yet to realize the change in trends hackers have adapted to. However, smartphone security cannot fully protect users from smishing threats. Just like with email phishing threats, mobile users must learn to recognize potential smishing texts. Ultimately, awareness is the greatest source of protection against these type of attacks.
DNS Changer Attacks
Most people rarely associate their computer routers with security breaches. However, hackers are using tactics such as domain name system (DNS) changer attacks to gain access into home or business routers, which ultimately gives them access to the center of your wireless network. This process includes two stages, both of which involve the victim, you, clicking on ads or images:
- First, you visit a webpage and click on an ad. What might look like a regular ad was actually placed there by a hacker group and contains malicious code imbedded in it. By clicking on the code, you give the malware permission to be installed on your devices. All devices connected to the router are directed towards less legitimate ad agencies that provide your router and wireless network with security vulnerabilities.
- Second, once the malware is installed, you will be redirected to different websites than the ones you want to visit. The false websites that you are directed to contain even more ads that contain even more dangerous malware, which in turn gives hackers a second-level payload.
What You Can Do About It
While the threat of hackers can be scary, taking simple security precautions can severely reduce your chances of being hacked. Here are five simple tips on how to protect yourself:
- Download mobile phone virus protection to your device- Free virus protection is readily available and a smart and easy way to protect your phone from outside threats. However, it is still important to take time to review app ratings and user testimonies to verify that the app is legitimate. It’s possible that apps containing malware can assume access to your location, contacts, and messages in the fine print of the terms and condition. Apps such as Lookout and Avira Mobile Security have proven effective in protecting both iPhones and android phones against schemes like these.
- Update your OS and other software frequently- This prevents hackers from accessing your computer due to software or program vulnerabilities. Additionally, consider retiring particularly unsecure software such as java and flash.
- Password protect all devices- Use basic security measures such as passwords for all devices including phones, laptops, desktops and tablets. Additionally, make sure to use different passwords for different accounts. If the password for one account is compromised, it is important that a hacker cannot access other accounts through the same password.
- Practice smart emailing- Be aware of phishing tactics and do not click on any suspicious attachments or links. Hover over links to see if they are actual URLs rather than hyperlinks and if you are unsure whether an email is legitimate, verify email is really from the person or company from which it is sent.
- Use creative answers for security questions- Easy questions such as “what elementary school did you attend” can be easily guessed with a simple google search. It is important to come up with unique security questions and answers that prevent your account from being compromised by hackers.