The last several years have been good for criminal hackers and bad for consumers. From last year's unprecedented string of major retailer breaches to the massive JP Morgan hack and Sony's epic debacle, hackers have been almost unstoppable. So what should consumers expect for 2015?
Cyber attacks on major US companies and financial institutions aren't likely to slow down this year, which means consumers will continue to find themselves targeted by increasingly brazen cyber-criminals. Of particular concern are the growing sophistication of "crimeware kits" used in phishing attacks, and the widespread distribution of "ransomware" and banking Trojans.
Many people mistakenly believe cyber attacks are beyond their ability to prevent, and they instead rely on the vague hope that big corporations will do all they can to protect their information - or make them whole again after a breach. But this certainly isn't advisable. Once a person's identity is stolen, it can create problems for years or decades down the road. Additionally, some financial institutions won't always cover stolen funds resulting from a hacked computer - and this is particularly true for people who own small businesses.
Going forward, it's critical for consumers to take a much more active role in protecting themselves from hackers and identity thieves. While no one can be safe 100% of the time, there are a number of easy and inexpensive steps people can take to dramatically reduce their risk of getting hacked.
Here's a basic questionnaire every consumer can use to evaluate their personal 'hackability.' Add up your 'pwned' score to see how at risk you are:
- How strong are your passwords? (10 points) - People often make basic mistakes with passwords, like writing easily cracked/guessed ones (ex: 'password123'), keeping default passwords, reusing the same password for multiple accounts, etc. Hackers also have tools at their disposal to crack passwords - like dictionary attacks and rainbow tables. Score Yourself: If you write complex passwords (10+ characters long, combination of letters, numbers and symbols), use unique passwords for each online account and take advantage of two-factor authentication when available, give yourself 10 points. If you don't do all of these things, 0.
- Do you back up data? (10 points) - Cyber-criminals are increasingly using "ransomware" to victimize consumers. Since these attacks render personal files (documents, photos, videos, music, etc.) and computers unusable, the best way to protect against it is by regularly backing up data to an external hard-drive, thumb drive or cloud-based account. Score Yourself: Those who back-up data at least once a week have a +10. Those who don't, 0.
- Do you use a Mac or PC? (5 points) - Because more people around the world use Windows-based PCs rather than OS X or Linux-based systems, cyber-criminals typically write malware that is specifically designed for this operating system. As a result, consumers who use Macs or Linux devices will generally be less exposed (but that doesn't mean they're immune) to malware than Windows users. Score Yourself: If you use a Mac or Linux device, give yourself a +5. If you use Windows, 0.
- Do you use antivirus? (5 points) - Admittedly, antivirus is no silver bullet - and it's going to miss a lot of dangerous malware. But consumers still need to run it on all of their devices and keep it updated, because without it you're even more at risk of infection. Score Yourself: If you use an antivirus product like Symantec, McAfee, Kaspersky or Sophos on all of your devices (whether PC, Mac or Linux), give yourself a +5. If you don't, 0.
- How do you browse the Internet? (10 points) - More attacks now come through the web browser (drive-by downloads, cross-site scripting, man-in-the-browser, etc.), so it's important for consumers to surf the web carefully. That means: add script-blocking security plugins to your browser (ScriptSafe, NoScript, Adblock Plus, etc.); never click on pop-up ads or alerts; don't visit a sign-in page from a link sent via email; and use separate browsers for shopping and surfing the web. Score Yourself: If you do all of the above, 10 points. If you don't, 0.
- Do you bank from your home PC? (10 points) - At some point, almost every computer that browses the web will pick up malware - and the worst-case scenario is a banking Trojan. If consumers should protect one thing, it's their online bank account. The best way to do this is to have a dedicated computer (such as a cheap netbook or Chromebook) that is only used to login to your online bank account. Score Yourself: If you have a dedicated laptop that is only used for online banking, give yourself +10. If not, 0.
- Do you use public WiFi? (10 points) - If you use public WiFi, you're just begging to get hacked. There are a number of free or inexpensive hacking tools online that make it easy for almost anyone to hack an open WiFi connection. Score Yourself: If you use public WiFi at least once a year, give yourself 0. If you never use it, 10. If you never use public WiFi, but do use password-protected WiFi at your home and you live in an apartment, condo or townhouse, subtract 5 points.
- Do you visit naughty sites? (10 points) - This isn't a personal judgment, but if you're someone who occasionally visits adult websites or file-sharing sites where users swap bootlegged movies and music, you're increasing the potential of exposing yourself to a variety of Trojans and malware - and your computer may become unsafe to use. Score Yourself: If you visit these sites, 0. If you never do, +10.
So ... how did you do?
Unless you scored 60 points or higher, you're not very secure at all and it's time to change your ways. And if you scored 35 points or less, watch out because you're an extremely easy target for hackers and the only thing keeping you safe is dumb luck. Chances are, you may have already been compromised in one way or another, whether you know it or not.