If you’ve been paying attention to the news the past year or two, you’ve no doubt read headlines about organizations having their computer networks infected, encrypted, and held hostage by hackers seeking a ransom. Ransoms have reportedly ranged from thousands of dollars to millions of dollars, sums hackers know to seek from organizations that have large quantities of money available (or available via cyber insurance policies). Consider, too, that many ransomware infections go unreported, as the organizations hit by ransomware never make the news due to preferring to keep things quiet, pay the ransom, and go about their business without alarming customers and shareholders.
Ransomware infections, though, aren’t isolated to businesses. A ransomware infection on your personal computer could result in huge damage to your finances:
- Stolen passwords to banking and financial web sites
- Stolen documents containing sensitive data (i.e., tax forms, investment statements, bank statements, etc.)
- Encrypted financial documents: In layman’s terms, this means that you won’t be able to access these documents if you don’t have a backup (that doesn’t get encrypted, too!) until you pay a ransom and *hopefully* have the hackers honor the ransom and decrypt your data
- Potentially having to pay hundreds or thousands of dollars to a criminal in hopes they’ll help you decrypt your computer.
How can you protect yourself?
Here’s what you can do to minimize the likelihood of a ransomware infection, minimize the risk you face if you are infected, and minimize your downtime if your computer is infected.
1. Practice good email hygiene
How often: Daily
- Do not click on links in emails
Rather than clicking on links in email, type the address you want to visit instead. Links in emails can mislead you by saying one thing and leading you to a different web page. This different web page can do any number of malicious things, like impersonating a legitimate page (for example, impersonating your bank’s login page) or installing malware on your computer or phone.
- Don’t open attachments in emails you aren’t expecting.
Hackers often attach malicious files to their emails, so being extra cautious and taking time to consider whether you should open that attachment is very important. Opening a malicious attachment could execute malware that encrypts your files, rendering your data inaccessible until you pay a ransom in exchange for, hopefully, the hackers decrypting your data.
In case you make the mistake of opening the wrong attachment and infecting your computer…
2. Back up your data
How often: Monthly
Many businesses that have been infected with ransomware have been saved by having data backups. By having data backups available, businesses have been able to delete ransomware from their networks and simply restore data, which removes the need to pay hackers for their decrypting “services.”
Having backups of your important spreadsheets, documents, and other important files will provide you with an insurance policy, too. Important: After you take a backup, keep it separate from your computer. Unplugging the USB drive where you keep backups will prevent that USB drive from becoming infected when your computer is infected. Of course, if your computer is infected, do not plug in your USB hard drive to the infected computer prior to your computer being wiped clean. Similarly, if you use an cloud-hosted backup service, don’t connect to it to restore your data until your computer is clean or you may inadvertently infect and encrypt your cloud-hosted backups.
3. Don’t Reuse Passwords
How often: Whenever you set a new password.
As a cybersecurity professional, I routinely see hackers take advantage of “password dumps,” huge lists of compromised user names and passwords. You’ve likely received numerous emails from given web sites and cloud-hosted services indicating your password was stolen in a data breach, and these data breaches typically result in a password dump being sold or posted on the internet. Once hackers get a hold of these password dumps, hackers test these user names and passwords on other web sites, knowing that most of us have a bad habit of reusing passwords.
- Recommendation: Use a password manager to generate unique passwords.
Password managers can securely store your passwords and also generate random, complex passwords for you. The upside is that when a web site is compromised, the password you use with that web site isn’t used on other web sites. The danger of reusing your banking or investing passwords in other locations is significant, and it’s very risky. There is technology, though, that acts as insurance against hacked passwords…
4. Use Multi-Factor Authentication (MFA)
How often: Set up MFA once, then use MFA when you log in.
Multi-factor authentication (MFA) is technology that requires you to verify your identify not only with a password, but also with either something you have (i.e., your smart phone) or something biometric (i.e., your fingerprint). The advantage of MFA is that a hacker can’t log in with only a stolen password.
- Recommendation: Enable MFA for all banking and investing web sites.
By enabling MFA on banking and investing web sites, you add one more layer of security to your assets at these companies and you make it more challenging for hackers to access your money. If by any chance you have reused a password on your banking web site that is used elsewhere, and if this password has been stolen in a data breach elsewhere, MFA will prevent a hacker from logging into your bank using this stolen password. Of course, as I already mentioned, please don’t reuse passwords.
5. Update, update, update
How often: Monthly
Updates released by software providers, phone manufacturers, and other device manufacturers often address security vulnerabilities, and it’s these security vulnerabilities that hackers seek to take advantage of. Hackers depend on businesses and individuals to be lazy in updating their computers, devices, and software in order to take advantage of them. One way hackers take advantage of vulnerable software is by emailing you with a link to a web site that will infect your computer. Another way hackers will take advantage is by emailing you an attachment that, when opened, depends on insecure software to install something malicious.
- Recommendation: Install updates frequently
Keeping your devices and software updated provides an additional layer of security, so I highly recommend you update frequently. This is challenging due to how frequently updates are released (typically monthly and sometimes more frequently), but it’s a core aspect of security I practice as a cybersecurity professional. When you install updates, keep in mind the many places where updates should be installed: Your computer’s operating system, software on your computer, internet browsers, smart phones, tablets, and internet connected devices.
By following these five steps, you’ll increase the security around your finances and will make yourself a much tougher target. If you have any questions about these steps or want clarification, comment below or email me via my email address listed on the Contact page.