The Equifax hack and its impacts continue to shake the U.S. and the world. As the latest in a growing list of “blockbuster hacks” – e.g., Target, Home Depot, Sony, the Office of Personnel Management and Anthem – the breach at Equifax has already directly impacted 143 million American consumers and caused millions more worldwide to worry afresh about the possible compromise of their personal information.
Quite frankly, it is an ugly trend with no end in sight. The more we rely on electronic interactions, the greater our digital footprint and the more susceptible we become to compromise.
We have placed our digital lives in the hands of service providers and at some level, we have faith that our data is secure. In reality, cybercriminals can circumvent even the best information security technology, training and oversight mechanism. As subscribers to these service providers, we should come to terms with the fact that our data has likely been or will be compromised in some way – sooner than later.
Brute force and Denial of Service (DoS) attacks are becoming less prevalent. Instead, cyber-criminals have turned to social engineering attacks that ultimately result in some form of financial gain such as payments for stolen personal identifiable information (PII) on the dark web. They also have been using more targeted attacks of specific individuals in the form of ransomware. How do they do it?
- Social Engineering through Phishing or Whaling: For this type of attack, a cyber-criminal emails a request for an individual to click on a specific link or attachment within which an embedded code or website is executed, permitting the cyber-attacker to infiltrate the target’s systems or attain their private data through data-gathering templates.
- Unpatched Systems or Applications: Cyber-criminals leverage known vulnerabilities in software or applications to gain unauthorized access. Petya is one of the more recent examples of this type of activity.
4 Steps to Protect Yourself from Online Hacks
- Learn as much as possible about the evolving social engineering tactics of cyber-criminals.
- Keep your operating systems patched and up to date with the latest security releases. This also includes all software and applications such as Adobe, Java and Silverlight, which all have inherent security risks and should be updated per the manufacturers’ recommendations.
- Maintain insight into your financial portfolio. Review your financial statements, credit card statements, checking and savings accounts, and investment accounts for unusual activity. Monitor your FICO score and annual free credit report provided by each of the credit bureaus to identify any potential anomalies.
- Use advanced authentication and verification services when interacting online with financial institutions and retail vendors. Ensure you interact with vendors who are a taking proactive approach to security.
At the end of the day, the belief that “my data will never be compromised” is cavalier and unrealistic. I have spent my career working with information security and I have been personally impacted by three of the seven hacks I mentioned above. I take the necessary precautions, but am also aware that there is only so much that can be done to prevent my personal information from being compromised. You don’t have to stop using online services, but you do need to be aware of the risks and take any steps possible to protect yourself.