The Quick answer is YES!

When discussing security issues with clients, family, or people we meet while networking, the common reaction we get is, “Why would anyone want to hack me?” or “What are they going to gain from my info?”  Each malicious actor has some sort of end-goal in mind.

Cyber-criminals, for example, are primarily looking to make as much money as they can.  By casting a wide net, usually Internet-wide, they hope to syphon you from your hard earned cash and do so in different ways.  A malicious program that gets installed on your computer can be used to collect passwords, gather data, encrypt your files and hold them for ransom, or even run a crypto-miner program (an application that uses your computer processing power to create crypto coins such as bitcoin, which in turn gets converted to other currencies). The passwords collected can be used to log into bank or investment accounts and transfer money, or use your social media information for identity theft. New methods and outcomes are being thought of all the time.

The other kind of malicious user could be they are specifically targeting someone. You may think, why would they target me? Well, its possible it’s not you, but someone you know or are connected to.  These, typically more sophisticated, actors are inclined to take their time and work their craft to get to the specific information to attack the specific person they are interested in. Motives could still be money but are likely high-value items from business or government.

Let’s assume for a minute that you agree with me that you are a target (hint: you still are), how can you protect yourself?

I’m all set, I have Anti-Virus and a Firewall

As, Gary Gulman, likes to say “yeah…no”

Antivirus isn’t enough, neither is your firewall. I’m not saying you shouldn’t have them, but a criminal armed with common social engineering tactics can sneak around most defences.  If we learned anything from the great 80s classic movie, The Lost Boys, you never invite the vampire into your house. Social engineering techniques trick us to opening the door for our would-be attacker to come into our environment, bypassing any protections we may have.  Also, many times, these solutions are only looking for bad things they can identify.

We also have to be vigilant and we can.

  1. Be very suspicious of phone calls, emails, even text messages that look a little off. It may seem like its coming from someone you know even, but the wording isn’t quite right, it doesn’t sound like the person. If someone you know asks you to do something, pick up the phone and call them;
  2. Use long passwords (i.e. like a whole sentence) and different ones for different websites and services;
  3. Keep your computers and mobile devices, and all the software running on them up to date to ensure they are covered for the latest known flaws

Security doesn’t have to be hard but our adversaries are tricky and are coming up with new tactics, new phrasing, and new malware all the time. Watch out, be mindful on your computers and mobile devices and protect yourself.