Hacks, Outages, Ransomeware – It’s Becoming Personal

Ransomware attacks and computer hacks used to be something that happened to someone else unless you were unlucky enough to have your personal data compromised. They were newsworthy because of the companies or government agencies targeted, and because the culprits were often criminals operating out of Russia, if not governments themselves. However, because the Colonial Pipeline incident resulted in skyrocketing gas prices and lines to match, it became personal for so many people.

The same is true for power outages. We have been hearing about crumbling infrastructure for years, not to mention the vulnerability of our power grid to potential attack. Most of us have suffered through short term outages, but it wasn’t until freezing weather in Texas shut down electricity for millions of people for several days did infrastructure become a personal problem.

Then there are internet outages and slowdowns, from the short-term annoyances we’ve all experienced during our year of working from home, to this week’s service disruption of major global news organizations because of a glitch at a cloud services provider. Fortunately, it was brief.

The news isn’t good. Experts expect there to be more for reasons, both financial and political, for these events to continue to happen. Until the FBI just proved otherwise by reclaiming most of the ransom paid out by Colonial Pipeline, hackers thought their use of cryptocurrency made them invulnerable to being caught.

The irony is it is often individuals who trigger the attacks by innocently downloading malware into their company’s system. If we pay attention, we may be able to prevent some of the attacks.

The FBI’s Mike Christman, who ran the bureau’s cybercrime unit, offered hints on preventing a ransomware attack on 60 Minutes:

  • Use two-factor authentication. Two-factor, or dual-factor authentication, adds a layer of security to online accounts by requiring two ways of proving your identity. One common form of two-factor authentication is entering a password, then receiving a one-time numerical code via text.
  • Backup your data offline. Use an external hard drive to secure important information.
  • Use internal firewalls on your network. That way, if a malicious actor accesses your computer, he cannot move laterally through the network and lock up the entire system. Experts liken it to preventing one person’s case of the flu from turning into an epidemic.
  • Regularly update your password. Cyber criminals looking to hack into a system sometimes purchase stolen passwords on the dark web.
  • Remote access creates an additional set of vulnerabilities. Understand the risks, including the possibility of stolen passwords, and how to prevent them when allowing employees or IT staff remote access to networks.

We all know to be aware of the phishing emails, but do we regularly update our computer’s software? Are we vigilant enough about our passwords? We all need to play our part.

* * *