With our lives moving increasingly into the digital realm with more and more internet-connected devices, our security needs are evolving. We can think of cybersecurity as “the art of protecting networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information,” according to the Cybersecurity & Infrastructure Security Agency (CISA), a branch of the Department of Homeland Security. Just as you wouldn’t leave your front door unlocked or your windows open to the street, you need to think about protecting your sensitive data – your finances, personal communications, pictures, medical records, and other sensitive information. This requires paying regular attention to the security of your hardware, software, and passwords, as well as taking other practical steps like shoring up your cloud security and application security. Network security is also paramount, whether it’s a home or office network.
The consequences of a cybersecurity incident can range from an embarrassing disclosure of private information to devastating financial losses, or even cyber threats that impact your personal security. Any device connected to the internet can be hacked or hijacked, including your car, baby cam, medical devices, and of course computers and smartphones. Hackers can target you for financial gain or to steal personal data for identity theft, but also for revenge or even for political purposes. Malicious actors may seek out businesses for industrial espionage or ransomware, or attack government agencies for political reasons.
People working remotely may be using personal devices for both business and personal activities, which increases the risk. And security cameras and smart home devices, which are connected to the internet and often controlled with a home security system, can also be hijacked or hacked as a way to get into a home network.
An attacker can strike in any number of ways: stealing your sensitive information, infiltrating your home network, or compromising your credentials for your accounts like email, medical, and social media.
An attacker can strike in any number of ways: stealing your sensitive information, infiltrating your home network, or compromising your credentials for your accounts like email, medical, and social media. All of these raise the specter of identity theft. These problems are compounded if someone hijacks an account and uses it to send out malicious messages asking friends for money or tricking them into downloading malicious software.
You could unknowingly become part of a botnet that allows a hacker to control a network of personal computers that can be used for a broader attack or other criminal activity. The trend of working from home that gained traction during the COVID-19 pandemic has opened up new opportunities for hackers looking for weak points to access corporate networks, according to the consulting firm Deloitte. And by working from your home network or computer, “you might be opening up your computer to the risks your company may be facing,” says Daniel de los Santos, a security researcher with Forescout Technologies. “If there is a ransomware attack on your organization, your files might also be impacted.”
For individuals, theft of your passwords could allow a malicious actor to impersonate you online or take over your accounts, with the potential for loss of your money or personal data. Malware injected into your personal devices could also give hackers access to your friends and contacts, and send out messages that could trick them into downloading the same viruses or trojans.
A malicious actor can be motivated by revenge or politics, or they might simply be looking for a way to steal your money. Attackers might also be interested in your health, personal, and social media data, which may include birth dates, billing information, and more, to be used to build profiles for identity theft. Credit card and social security numbers are sold on “dark web” marketplaces where criminals find buyers for data stolen through a data breach, Wi-Fi hacking, insecure browsing, or other means.
Another risk that can lead to a security breach is ransomware, which encrypts all your data until a ransom is paid. This kind of attack is normally directed at businesses and organizations with the capacity to pay, but individuals can also be victims. Weak security can also open you up to cyberstalking and potential risks to your physical security, especially for women, according to the Marshall University Women’s & Gender Center.
Some people can feel intimidated by computer security, but a few common-sense tips can help. With these tips, you can help avoid becoming a victim of cyber attacks and increase your network security, application security, and cloud security, all of which will go along way toward protecting your sensitive data from cyber threats.
Keep your home network and devices up to date
Start by ensuring you have up-to-date hardware and software for your home network. The most secure Wi-Fi routers have WPA3 (Wi-Fi Protected Access 3), an upgrade from WPA2. This, combined with strong passwords, will help protect against cyber attacks. In addition, your home PC and other devices should have regular security updates and some form of antivirus or security software installed. “If your operating system is out of date, you are essentially vulnerable to attack by hackers who have devised a way to exploit your system,” says John Dickson, vice president for security solution architecture at firm Coalfire.
All the devices on your home network are connected to the internet and should be password-protected.
Be aware that all the devices on your home network are connected to the internet and should be password-protected. That includes your home security system, if you have one, and any smart home devices like video doorbells or garage door openers. Don’t rely on the login provided with your equipment. “People think about computers a lot, but now there are so many devices in your house connected to the internet,” de los Santos says. That includes things like your smart TV, thermostat, robotic vacuum, video doorbell, and maybe even a washer or dryer that can be controlled from your smartphone. These devices also might need updates to software or “firmware” that allows them to connect, which could be more complicated than updating your PC or phone.
Keep work and personal use separate
The lines are blurred between home and work nowadays, but it’s important to maintain boundaries between your professional and personal data to avoid a compromise in one area that affects the other. (See more tips below for working remotely.)
Protect your home security system
If you have a home security system installed, it needs password protection like anything else. For a DIY system, don’t rely on the default password, which can be relatively easy for a hacker to guess. A professional installer can help you create strong passwords and set up two-factor authentication, which sends an alert to a separate device asking your permission to get into an account.
Lock down your phone
With the smartphone at the center of our digital lives, it’s important to keep control of your device and protect against the so-called SIM swap attack, which is when someone convinces your cell phone carrier to switch your phone number over to their own SIM card. This could override two-factor authentication if an attacker gains control of your phone where you receive an access code. “This type of hack is very common,” says Ben Sadeghipour, head of hacker education at the ethical hacking startup HackerOne. To help prevent a SIM swap attack, he advises consumers to set up an additional password with their carrier before a change can be made to their account. “Use a password only you know,” he says. “Don’t use your favorite band that you posted on social media.”
Secure all your accounts
Your social media and financial accounts should also have two-factor authentication so that even if an attacker guesses your password, a second step is required for access. Some online giants such as Microsoft are pushing for “passwordless” access to critical accounts using an authenticator app. Others such as Google are promoting physical security keys for authentication. Apple uses biometrics such as fingerprint or face identification.
Also consider using a password manager that can help you set up unique, strong passwords for all of your accounts without having to remember them. It’s strongly recommended that you keep separate passwords for each of your accounts, so that if one is compromised it won’t affect the others. “The uniqueness of the passwords is important,” says de los Santos. This can help avoid compromises based on “credential stuffing,” or the automated use of stolen passwords to gain access to a person’s other accounts.
Find out what’s already compromised
It’s possible that one or more of your accounts have already been affected by a hack or data breach. You may or may not get notified about these, but there are ways to check yourself using websites like Google Password Checkup, Firefox Monitor, or haveibeenpwned.com. Change passwords for any compromised accounts, and stay up to date on any new data breaches.
Update, update, update
Operating system updates are important for your computer or phone, as they often patch security holes discovered by researchers. But other software needs to be updated as well, including your web browsers, mobile apps, and especially any antivirus software you may be using. “Hackers are always trying to stay one step ahead by exploiting bugs in software, while antivirus companies are always updating their software to catch these new exploits,” says Dickson. “It’s a cat and mouse game. If your antivirus software is out of date, you are essentially unprotected.”
Be vigilant
Many successful cyber attacks can be carried out even if the victims have strong cybersecurity, by tricking people into giving up their credentials or other key information. For example, the Federal Trade Commission notes that hackers can send “phishing” emails that ask for personal information and appear to come from legitimate companies like your bank or colleagues. Some phishing attempts can be identified in email spam filters, but experts say it’s important to verify the origin of the sender and any website asking for login credentials or other personal data. Most legitimate companies will not send links asking you to click through to verify your sensitive information so as not to compromise your information security.
Attackers can be wily about using “social engineering” to dupe people into giving up their credentials. “What motivates people is greed and fear,” de los Santos says. “You need to be careful if there’s a message that says you won a million dollars or that your password has been stolen.”
Use a VPN for any work-related activity on your home network, which provides an extra layer of protection and separation.
Use a VPN for any work-related activity on your home network, which provides an extra layer of protection and separation. De los Santos advises people to keep separate devices if possible for work and personal use. “As soon as you start mixing things, it becomes harder,” he says. Malicious actors know more people are working from home and are taking advantage of potential weaknesses in home networks. “It’s a lot easier to break into a residential home than an office,” Sadeghipour says.
Information security firms have seen more cyber attacks seeking to exploit remote workers during the pandemic. For example, a report from the online security firm Malwarebytes found an increase in malicious spam posing as information regarding Zoom, Microsoft Teams, Slack, and other business applications.
Some people forget that their router – the hub for your home network – has a password as well, which should be strong and “unique,” or not shared by other accounts. Even if your other devices are secure the router may give access to a malicious actor. Don’t rely on the password in the device out of the box, which might be something easy to guess like Admin123. “People from outside can see your router, and that’s where the password configuration comes into play,” de los Santos says.
Identity theft is one of the most dreaded consequences of weak cybersecurity or information security, with the potential for huge ramifications including monetary losses and damage to one’s credit rating. A cyberthief can set up accounts in your name, misuse your social security number, file bogus unemployment claims or tax returns or commit other crimes which could lead authorities to your door. Some victims may be unaware that their data has been stolen until damage has been done.
“Sometimes the smallest piece of information can be used against you,” says Sadeghipour. “It can be your phone number, your address. These are things a bank or credit card company will use to verify your identity.
Bad actors can use data obtained by hacking, but they might also combine this with information you post publicly on social media and from public records. Medical records, credit reports, employment data and more can also be used for identity theft. In many cases, this data can be bought and sold on the dark web by cybercriminals.
Victims can spend months or years dealing with the financial, emotional, and reputational toll of identity theft. Good cybersecurity practices can help limit the risks of identity theft but it also helps to be cautious about the personal information you share. The Federal Trade Commission offers guidance on both prevention and mitigation of identity theft. Commercial services can offer protection and help in remediating identity theft.