Unfortunately, cybercrime continues to get worse, wreaking havoc on government agencies, large enterprises, small businesses, non-profits, and even families. Nobody is immune from falling victim to cybercriminals. As global exposure and the annual cost of cybercrime keeps increasing, the amount of money being spent to mitigate the threat increases exponentially.

What does it really mean when we continue spending time, resources, and money to fix a problem, but the problem keeps getting worse? It means we aren’t solving the problem. Some might call it Einstein’s new theory of insanity: if most cybercrime incidents could be prevented, why are we not fundamentally addressing these issues?

Paradigm Shift

A paradigm shift is an important change that happens when the usual way of thinking about or doing something is replaced by a new and different way. The cybercrime problem continues to grow, and the current paradigm is to keep spending money on products and/or services hoping they will keep us safe. While this is important and plays a role in protecting us, it’s not enough. We must change our mindset for how we protect ourselves against cybercrime. Let’s begin with some basic truths.

The Four Truths

Scott Augenbaum, a retired FBI Supervisory Special Agent with more than 30 years of experience, found that there were commonalities between all his victims, which he calls “The Four Truths About Cybersecurity:”

• Truth One: Not a single victim ever expected to be a victim; every victim is caught off guard.
• Truth Two: Once cybercriminals steal your money or data, it is almost impossible to retrieve.
• Truth Three: Since most cybercriminals are located outside the United States, the chances of law enforcement bringing them to justice is harder than getting your money or data back.
• Truth Four: Most cybercrime incidents could have been prevented if the victims were armed with a couple of key pieces of information.

Weapons of Cybercriminals

Phishing, text messages, and telephone calls are the weapons of choice for cybercriminals. They have been using social engineering techniques to trick end users to turn over their account credentials and install malware for years. Why does it still work? Why is this the largest cause and vulnerability? It’s because we rely too heavily on technology to provide an “easy fix” and changing human behavior is hard work! Many people think it’s not their problem. Even more, think that products and/or services they purchase will protect them from everything; that they are infallible. They are not. They help, but nothing is foolproof. Cybercriminals are sophisticated and they learn loopholes in these products and services, and they find ways to get through. They then target the weakest links, such as your staff, your children, and the elderly.

It is critically important to continuously provide training to these constituencies. Your first line of defense is becoming your own “Human Firewall.” Think twice before you click and proceed.  

Don’t Trust Public Wi-Fi

We are so used to using our devices everywhere (or so concerned about hitting the data cap from our cell phone provider) that most of us don’t think twice about logging on to the free public Wi-Fi system at the airport, coffee shop, or dentist’s office. Some Wi-Fi connections can’t be trusted; cybercriminals can infiltrate these systems and collect data that is sent through them. That’s why it’s always best to take the precaution of connecting to sites through secure connections or via a VPN connection. Whether traveling for business or personal reasons, if you are not going to use a VPN connection, then use your cell phone’s “hotspot” wi-fi option or get a Wi-Fi jet back from a provider.

Password Reuse is a Cybercriminal’s Best Friend

The dark web is a real place where literally billions of usernames and passwords are bought and sold by cybercriminals. These passwords are obtained through major data breaches. Cybercriminals count on the fact that 66% of the population uses the same usernames and passwords for multiple sites. In addition, 83% of the population does not use a special character or special digits. I’ll bet YOU use the same password for many important sites.

Imagine a cybercriminal that finds one of your passwords on the dark web, and, from knowing that one password, can log onto your financial, work, personal, or cloud accounts. This happens every day to millions of people, and the results are always good for the cybercriminal and very bad for the victims. Do you know which accounts you need to protect? Now is the time to identify those important accounts.

Now that your mission-critical accounts have been identified, you need to make sure you have a strong robust distinct password for each one. A good password should be 12 characters (of course, 15 is much better). I use special symbols, numbers, and upper and lower-case letters. Consider using passphrases to remember your complex passwords.

I get asked a lot about how to safely store all these unique passwords – there are so many of them! I personally have a unique password for every single site that requires one. Here is the trick I use. I create a password using something from that website, such as the name, but I spell it backwards and then I add a phrase or number sequence that has meaning to me. There may be a song that contains a number sequence or use a favorite movie quote, for example. Let’s say I am creating a password for a Google account. I might do something like this:

• elgoog#8675309 (Google backwards and # sequency from the 1981 song Jenny)
• Mooz@weneedabiggerboat1975 (Zoom backwards and then a famous line from the movie Jaws, which was released in 1975)

Then, if you must keep things written down, write them in code.

• Google # Jenny
• Zoom @ Jaws

Your Best Friend: Two Factor Authentication (2FA)

Even with a strong robust password for all your mission-critical accounts, cybercriminals can still get access to your password. That’s why two-factor authentication (2FA) was created. Think of it as a second lock (deadbolt) on your front door. The password is the first key for entry, but you need the special six-digit code (that you obtain from an authenticator app or directly from the website host via text message) to gain complete access. This is such an important control that everyone needs to install this right away, wherever it is available.

Largest Threat: Business Email Compromise

Understanding and preventing the “Business Email Compromise” is critical, as this remains the single largest cybercrime threat, and it tricks end users to either send money or sensitive information, as the victim believes the email comes from a trusted source. The Business Email Compromise is a scam that takes full advantage of unsecured emails. Even if you embrace all the strategies herein, you must remember that your family, friends, co-workers, and vendors will most likely be subject to an account takeover at some point. When this happens, expect an email.

Scariest Threat: Ransomware

Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyber attackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. There are more than 4,000 ransomware attacks that occur every day.

What would happen if you found out that a cybercriminal locked up all your important files and you couldn’t get them back unless you paid a ransom? And then, to make matters worse, you discover that you don’t have a workable backup. Can your day get any worse? Yes, it can, as now you found out the cybercriminals also stole all your data. This is not a new issue, and unless you are properly prepared in advance, the outcome will not be good. Be sure to have offline backups of all data and systems.

Keep Your Family Safe

Odds are you wouldn’t disclose personal details, like when you’re planning to go on vacation and leave your house empty, to a random stranger on the street. But many people happily post that sort of information on their social feeds for millions of people to find — and if you’re not divulging your family’s schedule (and secrets) online, your teens just might be.

Children, teenagers, and even young adults may not understand the exponential risks of the online world. It’s up to parents, teachers, and mentors alike to teach the dangers of sharing photos and personal information online, like vacation routines or daily schedules — information that could be used by others to cause harm. It’s also good practice to avoid downloading apps from obscure or untrustworthy developers and playing games or taking online surveys that ask for personal information.

Credit card fraud, identity theft, embezzlement, and more, can all be, and are, being perpetrated online. Seniors are particularly targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them even more attractive to scammers.

Seniors are considered easy targets by cybercriminals because they might not know how to report cybercrimes against them. In some cases, seniors can experience shame and guilt over such scams. They may also fear that their families will lose trust in their ability to continue to manage their own finances.

Even though it can be difficult to reach out to the seniors in your life and ask them how they protect themselves from online scammers, it’s highly beneficial to help educate them on what they may experience, and what they can do to significantly limit their risks.

Basic Cyber Hygiene

Whether for your professional life or personal life, at the very least, remember the basics of cyber hygiene, which are the easiest and most common-sense ways to protect yourself online. Steps include:

1. Implement multi-factor authentication on all your accounts to make it much less likely you’ll get hacked.
2. Update your software. In fact, turn on automatic updates.
3. Think before you click. More than 90% of successful cyber-attacks start with a phishing email.
4. Use strong passwords, and ideally a password manager to generate and store unique passwords.
5. Change your passwords routinely.

As technology advances, people will continue to incorporate it more into their daily tasks, and naturally, their personal information will be more and more at risk. Cybercriminals aren’t going anywhere, and as technologies get more sophisticated, so will they. It is important to understand how they work and gain the knowledge and tools to protect your data as much as possible. Everyone is at risk but taking these fairly simple but effective steps will help you and your organization be safer in this digital world.