We've been hearing a lot about state sponsored hackers and their criminal activities lately. For example, we recently told you how Russian hackers are targeting U.S. nuclear facilities.
While those types of threats are extremely scary, you're more likely to be affected by cyberattacks closer to home.
Why you should be worried about insider cyberattacks
What we're talking about are "insiders" responsible for digital threats, data breaches or cyberattacks. It could be an employee at your company or an organization that you're a customer of.
Or even a friend or family member. Hopefully, if a friend or family member is responsible for a threat it's because of a careless mistake and not a malicious act. But anything is possible.
Cyberattacks as a result of an insider are much more common than those carried out by state sponsored actors. And much less publicized.
A perfect example recently happened at a leading U.S. health insurance company. An Anthem employee emailed a file containing members' sensitive data, including Social Security numbers, to his personal email address.
The employee was terminated and arrested. It's possible that the suspect sold the data on the Dark Web, exposing thousands of members' critical information.
Another instance occurred last month when thousands of Wells Fargo clients' sensitive information was mistakenly leaked. A lawyer representing Wells Fargo sent a database full of client information to another attorney by mistake. It contained 1.4 gigabytes of files with spreadsheets that included customers' names, Social Security numbers, and banking details including investment portfolios.
How to stay protected
As we said earlier, there are both intentional acts and careless acts that can lead to all kinds of problems. Some examples are data breaches, malware and ransomware.
Security precautions need to be taken by companies and individuals. The best thing companies can do is to constantly train its employees and keep them up-to-date on cybersecurity threats. Also, they need to keep a close eye on employee activity, realizing threats can come from within.
On an individual basis, here are some security steps to follow:
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Watch for typos - Phishing scams are infamous for having typos and grammatical errors. These are things to watch for in phishing emails. Take our phishing IQ test to see if you can spot a fake email.
- Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
- Check your credit report - Your credit report should show if you have been the victim of identity theft. Click here to learn how to check your credit report for free.
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when sensitive information has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Have strong security software - Having strong protection on your gadgets is very important. The best defense against digital threats is strong security software.