The recent news that President Donald Trump and the first lady Melania Trump have tested positive for the novel coronavirus seems to cap off an onslaught of bad news for the year 2020. Americans keep asking each other, “How can it get any worse?” and are only slightly surprised when reading the next headline about a natural disaster, a fragile economy or a worsening pandemic. It will certainly be unsurprising to many that the FBI has reported that the number of cases of cybercrime-related to the coronavirus has surged fourfold in recent months.
The Bureau’s Internet Crime Complaint Center has stated that it is receiving between 3,000 and 4,000 cybersecurity complaints daily, a significant increase from its normal average of around 1,000 complaints a day. But not all targets of cybercriminals have been entities related to COVID-19 research, other cybercrime has increased as well. Many people are now working from home as a precaution to limit the spread of COVID-19 and criminals are attempting to take advantage. It seems like a malware attack is reported every few days that have used some sneaky new way of stealing data.
Although cybercrime is increasing, there is no need to panic. There are simple things that can be done to help protect yourself and your family from becoming victims. Most successful cybercrime incidents involve methods that are not new. Studies show that just by being more aware of possible cyber threats leads to increased vigilance and decreased successful attacks. The month of October is National Cybersecurity Awareness Month. The Cybersecurity and Infrastructure Security Agency created the event to help the public be more aware of the importance of cybersecurity. There are many aspects to consider when trying to make your information online more secure. Passwords are probably the most common way that we secure our data. The days when a hacker sitting in a dark basement wearing a black hoodie tries to guess your password by trial and error are over. In today’s world, passwords are cracked using computers that make millions of calculated guesses a second. With computers that fast and powerful, how are we able to protect ourselves? Luckily, there are people working constantly to make things safer.
Meghan McGrath is a design lead at IBM, one of the world’s largest technology companies. A more accurate title for her would probably be a cybersecurity ethnographer. She studies the way that people use and interact with computers to develop more intuitive ways to integrate security. In one of her recent interviews, she spoke with a woman who works on cybersecurity in one of London’s largest banks about their password habits. The woman explained to Meghan that the bank followed very strict password policies, requiring that entire sentences be used, with numbers, special characters and that the password be changed every month. This is a great security strategy, everyone knows (or at least should know), that passwords’ length and content matters. Meghan found out that the real problem wasn’t that the passwords weren’t complex enough, it was that everyone at the bank ended up writing their passwords on sticky notes next to their workspace because the passwords were so complex. Additionally, the workspace was visible from the ground level through the windows. Anyone walking down the street with a little effort might be able to see the sticky notes. It’s true that we need a strong password, however, we also need to make sure that we secure them appropriately. While Meghan is working on the evolution of security and attempting to merge its real-world application with security design, we can consider how to practice strong security with simple habits.
Make sure that your password is updated regularly and that you use multiple different passwords for different devices and services. With how many devices, services and platforms are requiring passwords for access in our technology integrated world, it’s getting nearly impossible to keep track of them all without writing them down. If you write them down, keep it somewhere hidden or somewhere you only have access to, such as a safe. Do not keep them on a sticky note where anyone walking by might see it. A method that rising in popularity is using a password manager. A password manager is a service that digitally stores your passwords and protects them using encryption. Another layer of protection that can help protect you is to make sure that two-factor authentication is enabled. This will ensure that even if your password is comprised that it won’t be useful without your phone or access to another email account.
Password length and content matters. Writing several words that make up a sentence is an often-suggested method. Remember passwords are cracked using computers that make millions of calculations a second and the longer and more complex the password is, the harder it is for the computer to crack. Lastly, be skeptical of the communications you receive over email, text and other mediums. If something seems strange or too good to be true, your gut is probably right. Just being a little more cautious and a little more vigilant can go a long way when comes to protecting yourself.
This article was written by Mike Pond as a part of a series for the month of October for National Cybersecurity Awareness Month. Mike Pond is a cybersecurity analyst at The National Information Assurance Training and Education Center at Idaho State University. Mike has worked in law enforcement, finance, insurance and broadcasting before working in cybersecurity.