Well, it’s National Cyber Security Awareness Month, or NCSAM for short. While we’re always up for an excuse to talk about increasing security awareness, we’re super excited that there’s actually an entire month dedicated to helping people become more educated about their digital habits.
For better or worse, our devices dominate our lives. According to Mary Meeker’s 2018 Internet Trends Report, the average person spends 5.9 hours a day online. That means that most people spend about one quarter of their week online. And in those 40+ hours, most people don’t really pay much attention to their security habits. Think about it — it’s no fun to play it safe when you see Facebook ads promising free tickets to anywhere in the world on British Airways. It’s also not so convenient to stop and think before opening email attachments. And who’s got time to read each and every Terms of Service and Privacy Statement?
It’s The Little Things
But it’s little habits like these that can make or break how safe you are on the internet. And considering that cybercrime is set to generate $1.5 trillion in profits in 2018 alone(!), it’s high time for you to take a stand for your own security.
So to help raise awareness, we present to you the top 10 biggest security concerns online today. These are all issues that are rampant and affect everyone, so you really need to keep an eye out for them — all the time. The more you know about them, the better prepared you’ll be to recognize them when faced with them.
The Top 10 Security Concerns Today:
Social Engineering – Social engineering is the psychological manipulation of people, rather than computers or devices. An adept social engineer is basically just a con man who can get people to divulge almost any information, in almost any scenario. Using email phishing, phone phishing (also referred to as vishing, for ”voice phishing”) and even impersonation to trick their victims, these baddies are responsible for more than ⅔ of all cyber attacks. Any time anyone asks you for information, assess if it makes sense to give it over. If you’re not sure, don’t do it.
Crypto Jacking – Crypto jacking, which has been on the rise for the last year, is the unauthorized use of your computer CPU by another entity to mine for Bitcoins or other crypto currencies. Victims become infected by clicking on malicious attachments and links which executes the coin mining code. Crypto jacking has dethroned ransomware as the king of cybercrime as of recent because these attacks are so subtle and they tend to go unnoticed for long periods of time. Though attackers aren’t after your data in this case, mining is very taxing to your CPU resources and will kill your computer far faster than any regular use would. Anyway, no one should be able to access your computer other than you and others with your permission. As mentioned, it can be hard to detect crypto jacking but if you notice a change in your computer’s performance, this might just be the culprit.
Social Media Scams – Who doesn’t love social media? Well, anyone who’s been really burned by a social media scam, that’s who. Social media platforms, from Facebook to LinkedIn to Instagram and everything in between, are riddled with scams intended to help victims and their money or data part ways. Be sure to watch out for scams such as romance/catfishing scams, lottery scams, quiz scams, profile hijacking scams and prize/gift card scams. When you come across them, be smart and keep your distance.
Identity Fraud – Also referred to as Identity theft, this is when someone pretends to be you, using your personal information, such as your social security number and date of birth. The internet has unfortunately made collecting sensitive data easier than ever. As we recently discussed in a past blog post, although some businesses (on and offline) might ask you for it, you should never give it, unless it’s your employer or the IRS. And remember that any email you get from a business asking you for it is probably nothing more than a phishing email — so just chuck it. Identity fraud is highly damaging and the closer tabs you keep on your sensitive data, the safer you’ll be.
Ransomware – While it’s true that ransomware infections took a bit of a backseat to crypto jacking this year, as we mentioned above, it’s still a big threat. In fact, experts say that although the number of new exploits has dropped in 2018, the attacks themselves have been substantially worse than those of the past. For example, look to GandCrab which has had many iterations, each one packing new and terrifying features into its build and SamSam, which cost the city of Atlanta GA, $2.6 million to clean up. Ransomware still packs a wallop, so remain on guard.
The Expanding Attack Surface – Say wha? You may have come cross this term and been quick to dismiss it as marketing hogwash but it’s actually an important point to consider. When experts talk all nervously about “The Expanding Attack Surface”, they are referring to the fact that we are so inextricably “connected” in so many ways that we almost make it easy for attackers to get us. Our phones, watches, tablets and other connected whatever likely have some kind of vulnerability, and the more we have, the more ways we can be hacked.
IoT Vulnerabilities – Speaking of connecting everything, vulnerabilites in IoT devices can become epically problematic. Can you imagine a world where hackers can hack your connected tooth brush? Or your coffee maker? Every device you connect to the internet gives attackers another opportunity to make their way onto your network and cause damage. So stop and think for a moment before you go and connect your frying pan or refrigerator to the internet — do you really want attackers being able to infiltrate your network via your egg holder?
Phishing – Phishing ploys via email campaigns are always on the rise and in 2017, 76 percent of businesses experienced some kind of phishing attack. Moreover, according to phishing mitigation firm IronScales, 90-95 percent of successful attacks start with phishing tactics. The takeaway for you is to carefully consider before clicking each and every attachment and link that gets sent your way in emails, texts and social media.
Mobile Malware – While incidents of mobile malware have decreased from 2017 to 2018, it’s still smart to remain on guard, especially when downloading apps from Google Play or any other app marketplace. Be sure to read app’s Terms of Service (groan!) and Privacy Statements (double groan!), and if your chosen app doesn’t have either of those, ditch it and find a similar one that does.
Online Shopping – You probably do a whole lot of shopping online and though you hopefully know enough to stick with known retailers like Amazon and Walmart, you might be drawn to sites offering goods at lower prices. While some of these sites are legit, a whole lot aren’t. Look for the https and padlock before making your purchase – if there is no “s” or padlock next to the URL, head elsewhere. And even if the site does have those indicators (which means your web traffic is secured and cannot be intercepted by attackers) it’s still a good idea to do research on the site to ensure it’s not a scam.
Today, security is everybody’s problem; The good news is that when you know more, you can do more to help keep yourself and the people you care about secure. And there’s no better time than during NCSAM to create some smarter digital habits going forward.