In the wake of rising cybercrime and high-profile attacks against services used by consumers, how can you stay safe online and in the physical realm?
According to the Breach Level Index, over 2,360,000,000 records have been lost to security breaches since 2013, including credit card records, consumer data and sensitive corporate information. The most heavily hit industries are the retail, technology and financial sectors — US retailer Target, the US Postal Service and JP Morgan this year to name but a few.
As cyberattacks are likely to do little but rise in coming years, what can the average individual do to keep their data safe?
"A lot of it just comes down to people having their inbox or their computer hijacked for malicious purposes," says Krebs.
The email inbox, as a direct line to potential victims, has always been a popular target for cybercriminals. Phishing campaigns, containing malicious links, files and software, attempt to dupe the user into downloading attachments that can compromise their computer — from logging keystrokes to recording camera feeds and spying on their activities. On an individual level, this data can be used to siphon bank and account details, and on a corporate level, may be used to break into company networks and steal sensitive corporate data.
If you're not sure, stay away — especially if the email is sent by a financial institution. Many phishing emails will add a time-sensitive disclosure (This offer is only valid for the next hour!) or attempt to instill a sense of panic (Your account has been blocked, you must input your details immediately) to stop victims thinking rationally and immediately hand over what the cybercriminal requires.
In order to keep your online accounts as secure as possible, Krebs also recommends two-factor authentication, such as a linked mobile number.
In addition, "If you didn't go looking for it, don’t install it," — software downloads may appear legitimate, but if you did not ask for it, be wary. Take some time and do your research first, and if you no longer need a piece of software, uninstall it. New vulnerabilities and security flaws are discovered all the time, and the fewer weak links you have on your machine, the less likely you will be affected.
It is just as important to keep your software updated and patched, and to run frequent antivirus scans.
If you manage to keep on top of all of this and resist the urge to open shady emails, you're probably doing well. However, if you conduct risky behaviors online — such as ordering illegal, dodgy items including but not limited to medication and fake goods — you're running the risk of turning your PC into a "tool of spammers," according to the security expert.
Some consumers buy items that have an element of shame or embarrassment around them, such as erectile dysfunction or diet pills, and this not only puts yourself at risk physically by ingesting something you know nothing about the manufacture of, but Krebs says you are likely to put yourself on "every spam list known to man."
Rogue internet pharmacies funnel cash to spam lords, fueling the problem — and so you become part of it.
"The singular job of the spammers is to drive traffic to these sites," Krebs notes. "You're fueling the drug cartels, essentially. If you're buying from spam, you’re putting money directly into the pockets of people who want to hack you and spam you."
Another top tip is to monitor your credit scores. There are companies online that offer consumers real-time reports in return for a subscription, and this can be used to detect unauthorized transactions or use of your personal data as quickly as possible — and is worth investing in. Sadly, data breaches are not going to go away anytime soon, and so any preventative measures we can take are going to become crucial to keeping our identities safe.
Finally, what can companies do to help protect us from crime? Krebs says:
Companies need to understand that you can’t outsource your security to some other company or service. There's no substitute for basically building security with the expectation that the bad guys are going to break in.
How much of our resources on security are we spending on trying to keep the bad guys out, versus how much are we spending on trying to detect as quickly as possible when they get in? I think [there's] not so much of a stigma anymore that comes with being hacked, and that should tell you something right there.