Just about anyone knows that if you turn on the 5 o’clock news after a long day of work, you’re bound to see at least one story of something crazy that happened to someone. Maybe you saw a story with 17 cop cars and a helicopter chasing a car down the interstate or perhaps a local apartment building fire in your community.
While the first thought in your mind is most likely sympathy for the person and their family, the second goes along the lines of, “I bet something like that would never happen to me.” And while this may be true, what if something did happen?
I have a close friend who recently had this same line of thinking and didn’t think taking precautionary steps towards his personal cybersecurity was important. He was then roped into a cyber scam and had over $2,500 stolen.
While he received his money back, the lesson was clear. Cybersecurity is quickly becoming one of the most prevalent issues in modern times, and being vigilant and taking proactive steps to secure our personal information on the internet is more vital than ever.
The Age of Technology
In my 20-year lifetime, I have grown up in the age of technological advancements, and don’t know a world without technology. I have experienced first-hand the transformation of Apple from a company that sold portable music listening devices to a multi-trillion-dollar company. As I sit in the Iowa State Campus library right at this moment, I can look around and count eleven Apple laptops in a 20-foot vicinity, including my own. That’s not even counting the phones. The simple fact is this: technology surrounds us.
According to Dr. Stanley Fawcett, a professor at Brigham Young University, over 90% of the data on the internet has been created in the past three years. And by the year 2025, the average connected person will interact with an IoT (Internet of Things) device every 18 seconds.
IOT devices consist of any object connected to the internet through sensors, software, or other technology. IOTs include not only typical internet devices, but also smart factory and farm equipment, smart appliances or home security systems, and much more.
According to Steve Schult, the senior director of product management at LastPass, the average person has 27 different accounts and online logins for things like emails, social media, and financial accounts. Several ways exist to protect these passwords and safeguard personal information, but the first and foremost step in this process is to recognize the most common cybersecurity attacks used by hackers today.
Most Common Cybersecurity Attacks
The number one most common type of cyberattack is malware, software designed by hackers to disrupt, damage, or gain unauthorized access to a computer network. One of the nastier malware variants is called ransomware which is just what it sounds like: it blocks access to a computer system until a certain sum of money is paid to the hacker.
Denial of Service Attacks (DoS) operate similarly to malware and ransomware attacks; the attacker uses software to block access to a computer system. Both DoS and malware attacks can be executed by gaining access to systems through phishing attacks and password theft.
Phishing, as the name implies, happens when hackers “fish” for information via technological scams. Attackers send fraudulent emails from supposedly reputable companies in order to induce individuals to reveal sensitive personal information. Phishing is the most common method used by hackers to initially gain access to sensitive information including passwords, classified identity documents, and finances including credit card details.
Another common way hackers can access information is through password theft, which is as simple as it seems. Hackers can use “brute force” programs to run numerous password options through your system, or they can simply guess your password. Weak passwords that are commonly used are the most vulnerable because they are easily guessable.
Let’s face it. As wonderful as technology can be, the growing number of cyber threats can be overwhelming and worrisome. Luckily, a variety of uncomplicated precautions are available that ensure much stronger personal cybersecurity.
Top 10 Actions to Enhance Personal Online Security
1. Avoid using common passwords.
A simple fix that will immediately improve your cybersecurity is making your passwords unique to both you and your accounts. It is the best practice to have a different password for every one of your accounts and to make them as uncommon as possible.
Tim Schau, Syverson Strege’s IT Specialist, says that some of the most easily guessable passwords are ones like “summer2021” and “fall2021.” Schau also notes that using personal information like home addresses as a password is also guessable because hackers can easily find someone’s home address online. For a list of the most common passwords to avoid, click here.
2. Use “passphrases”: the more characters, the better.
According to Tim, “12 characters or more is very secure when it comes to creating a password.” And, “if you can use a phrase you can remember, something really long like ‘Iliketowalkoutsideinoctober’ is very hard to crack.” A good personal rule when creating passwords is to try and get the character length close to the limit the company allows, while also making it something unique you’ll remember.
3. Securely store all of your passwords in a safe location.
You’ve done the first two steps and now you’re sitting at your kitchen table with a list of several long passwords for each different account, and you think to yourself “what now?”
The next step is to download a “password manager”, a third-party app that will securely store all of your passwords. One commonly used by employees of Syverson Strege is LastPass. You can find a list of other good password manager apps in this Cybernews article.
If you choose to use a password manager service though, Schau cautions against using Google Chrome’s password manager service simply because it isn’t as secure as others. If someone can hack into your home computer, they can hack into Google Chrome’s password management system. And the last piece of advice: make sure your password to get into the password manager is extremely strong!
4. Verify the validity of email addresses and website links.
If you are unsure about whether you have received a valid email, one of the easiest ways to tell is to make sure that the email was sent from a legitimate email domain. Check for any inconsistencies and misspelled words in the email address.
For example, if the email is from Amazon, but the address says firstname.lastname@example.org, Amazon is spelled wrong. Furthermore, if there is a link to a website within the email you are unsure about, simply hover over the link with your mouse. This will allow you to see the actual website address the link will take you to before clicking on it.
5. Always use multi-factor authentication if given the option.
One of the biggest breakthroughs in cybersecurity in recent years is the invention and widespread use of two-factor authentication. This technology sends users a separate authentication piece when their accounts are being logged into. A unique code is sent to the user’s phone or email address, which is then needed in addition to the password to log in to an account. If you are given the option of multi-factor authentication, use it!
6. If you purchase something online, don’t save your payment information.
It’s a Sunday afternoon, and you’re looking to purchase the perfect gift for your granddaughter’s birthday. You open up Amazon on your desktop, and you find the cutest little wax melter that would be a perfect addition to her kitchen.
You go to check out, and Amazon asks you if you want to save your card information. Do you? According to experts, it is best practice not to save your payment information while online. Even though many shopping websites like Amazon take several security measures to prevent hacks like this from happening, it’s one more way to protect your personal information while in the cyber world.
7. Avoid unnecessary downloads on unfamiliar websites.
The easiest way for hackers to install malware or ransomware onto an individual’s computer is through viruses that are downloaded without the user’s awareness. The easiest way to avoid this is to be 100% certain that what you are downloading is from a reputable company and to make sure the site you are downloading from is legitimate and secure.
8. Install anti-virus software.
Purchasing anti-virus software from reputable vendors will put another block against this type of hack. Firewalls are also worth reading into and being aware of, but many computer systems like Mac and Windows have firewalls already built into their software.
9. Back-up your valuable data.
If all else fails, and you are hacked, backing up your data can ensure that you still have your uncorrupted personal data on hand. The only way to restore your systems after a malware or ransomware attack without giving in to the demands of the hacker is to erase your systems and start fresh with your backed-up data. Data can simply be backed up with a USB port, an external hard drive, through the cloud, or an online backup service like Carbonite.
10. When in doubt, ask a trusted professional.
Remember, cybersecurity is a rapidly-changing field as technology becomes more and more prevalent in our everyday lives. What’s new and innovative today can be replaced by something even newer tomorrow.
As you go about your daily lives, the best advice we can give you regarding cybersecurity is if you have questions or concerns, be sure to reach out to a trusted professional who can help.
As much as we hate to admit it, getting hacked CAN happen to anyone. Just remember the cautionary tale of my dear friend. Luckily for him, the story ended well. He received his money back from the bank and went on to put these simple security steps in place to make sure he was protected from future potential hacks.
But unlike my friend, you don’t need to wait until you’ve been hacked to put these measures in place. Maybe you block out an afternoon this week to sit down and make sure that your personal information is secure. Maybe you create differing passwords for different accounts and download a trusted password manager to keep them safe for you. Or maybe your next step is to simply do some further research on cybersecurity and how it affects you. Whatever this next step is for you, I encourage you to make it a priority in the coming weeks.
Additionally, be on the lookout in the next few weeks for the second part of our cybersecurity series: cybersecurity in the workplace. We will be diving into how corporations keep their important data safe, and even what Syverson Strege does specifically to keep company data as secure as possible.
This is the first of a two-part series on cybersecurity written by Lauryn Woerdeman, student at Iowa State University, and fall intern at Syverson Strege. Lauryn also interned for the marketing and communications department this past summer assisting with website projects, social media, and other marketing projects. Lauryn is a Business Management major. In her spare time, she enjoys playing the piano, reading, running, the outdoors, and time with friends and family.