If one does not understand where they are vulnerable, they cannot effectively protect themselves. In a mixed martial arts fight, well-rounded competitors must be able to protect against strikes to the head, body, and legs. A complete fighter must also defend the takedown from a wrestler, avoid being thrown by a judo specialist, and guard against constant submission attempts by a Jiu Jitsu expert. If all this seems overwhelming, it is only round one and the fight has just begun.
Our digital attack surface is exposed in a very similar way. The use of work and personal devices, including desktop computers, tablets, laptops, and other smart devices, exposes digital vulnerabilities as the global reach of the internet is accessed. Standing across the cage from an opponent is a dangerous place to be if left unprepared for a fight. However, connecting to the internet from work or home without knowing the dangers that lurk on the other side of the screen can be worse.
Cyber and privacy insurance can act as a referee to decrease the risks of any illegal moves. While many businesses are just beginning to realize the importance of this coverage, others are still learning how easily critical data can be breached.
The most common password used in 2016 was 123456. Security experts have analyzed millions of compromised passwords from prior data breaches and discovered that this was not only the top password of 2016, but also the top password of 2015 and 2014. While hackers appreciate the ease of entry, this trend is not good for users. Having a password compromised can have widespread consequences if used across multiple sites and devices. Once a username and password are compromised, they are cross referenced on the internet through programs to find a match. If someone uses the same password for social media sites like Facebook as well as for banking and paying bills, they are increasing the potential vulnerability. In addition, if an email account happens to be compromised, hackers can log into other critical sites and simply click “forgot password” which will quickly send them a prompt to make a change and lock the person out.
Rise of Ransomware
Security firm SonicWall reported there were 638 million ransomware attacks on businesses in 2016 – a staggering increase from 3.8 million in 2015. More than $1 billion was extorted from individuals and businesses last year, with the most common method of attack being email. Simply clicking on a link or blindly opening an email attachment is all that it takes to lose personal information and important files to a ransomware attack. Once in an individual’s system, hackers will hold all data hostage until the price of the demand, or ransom, is paid. Making the choice to pay off a hacker does not give the user any guarantees, and, because of that, it is important to keep all important data backed up daily.
Payment Card Fraud
EMV (Europay, Master Card, Visa) technology, or “chip” credit cards, were formally rolled out in the United States in October 2015. When this technology was introduced in Europe more than a decade ago, in-store or card-present theft had dropped with fraud migrating to online or card-not-present purchases. Since the U.S. rollout that trend has exploded, with retailers conducting more business online than any other time in history. Roughly 10 million more people shopped online over the 2016 Black Friday weekend than those who entered an actual store location. Javelin Research released a recent study showing that there was a $700 million increase in fraud losses compared with the prior year, and card-not-present fraud exploded with a 40 percent increase. The chip is negated when making purchases online and this trend will continue to increase in the years to come.
Five Tips to Take Back the Power
The public does not have to be victimized. To harness the power of security, individuals should make smart choices, stay informed, and understand the risks. Here are some easy risk management steps that individuals and businesses can take to increase their cyber and online privacy intelligence:
- Do not use the same password for multiple sites. Common passwords make a hacker’s job easy, so it is important to consider using a password manager to create and remember complex passwords. Many basic services are offered for free with premium security services (recommended) offered for a monthly charge.
- Consider cyber and privacy insurance. Business owners of all sizes should be covered as information security is more important than ever. If a business is breached, insurance will cover many of the expenses that could otherwise bankrupt a smaller business, such as legal, credit protection, notification, public relations, business interruption, cyber extortion, and many other costs.
- Do not open suspicious email links or attachments. Email is an incredibly effective way for hackers to attack. If communication was not initiated with the sender, be suspicious. Do not click on links, update personal information, or open attachments if requested. If the email presents a sense of urgency or appears threatening it should raise a red flag. Close out of the email and contact the organization through a separate means, and do not use any phone numbers or email contacts provided within the email.
- Utilize privacy settings on social media. Many people share pictures, personal updates, and travel plans with the general public even though they do not intend to. Settings are automatically set to public, so be sure to make the necessary changes manually.
- Watch out for Smishing. Smishing stands for short message service (SMS) or text phishing. In one variant of this attack, a text is sent with a link. Clicking on the link will result in the phone being infected with malware. Once compromised, cybercriminals may gain access to email, apps, and contacts. Texts can then be sent from the phone, attacking friends and family members and further spreading the malware. To help prevent this, maintain the privacy of the cell phone number and do not provide it openly on the internet.
Protecting privacy and making smart choices online does not have to be an intimidating process. It is important to know vulnerabilities and how to protect against them. Work to proactively monitor bank accounts and credit card statements for fraudulent activity. For mixed martial artists, knowledge, practice, and preparation are critical to success when fight night arrives. The same can be said for protecting privacy and cyber security – with fewer black eyes.
David Derigiotis is corporate vice president and director of professional lines with independent wholesale insurance broker Burns & Wilcox. He has participated in cyber risk discussions with the U.S. Treasury Department in Washington D.C., is regularly featured as a recognized cyber insurance expert, and is a former mixed martial arts fighter. More information about him can be found here.