Hollywood has helped create an image that instantly pops into our minds when we hear the term “cyberattack.” Many of us think of a group of devious hackers led by the likes of Hans Gruber from “Die Hard.” While people like Gruber really do exist, most cybercriminals are simply common thieves looking to rip people off.
Names, email addresses, usernames, passwords and credit card information are some of the prime pieces of information criminals steal in data breaches. Tap or click here to learn about the biggest security breaches of 2019. The dangers are real and threats could be closer than you think — like right in your home or office.
Common pieces of equipment or technology might serve as the unsuspecting threats hiding right under your nose. Let’s go over six unexpected data breach dangers that might be lurking inside your office or home.
1. Unsecured connections
Despite the fact that it’s invisible, Wi-Fi is all around you. It only takes a quick glance at your phone’s list of available networks to see just how many signals are broadcast in your area alone.
Each of these networks provides a gateway to the internet. The bad news is if you connect to Wi-Fi, anyone on that network can find detailed information about you, and potentially steal anything you’re sending and receiving.
The internet connection at your home and office should be alright, but you really need to watch out for public Wi-Fi networks. If there’s no getting around it, you should use a VPN.
A virtual private network is a layer of protection between your devices and the internet. It hides your IP address and your location, and it encrypts your data after it leaves your device and travels to whatever website you’re visiting.
By accessing the internet through a VPN, you can keep all of your most sensitive and personal information private and, more importantly, protected. We recommend using our sponsor, ExpressVPN.
Protect your privacy with ExpressVPN. Get three months free when you sign up for one year at ExpressVPN.com/Kim.
2. Charge (or transfer) smarter
If your iPhone runs out of juice at work, it can cause serious panic. It could cloud your judgment and lead to you doing something rash — like plug your phone into a random cable found in the office.
A white-hat hacker known by the moniker “MG” recently revealed his latest project: A proof of concept for a malicious lightning cable he’s dubbed the “O.MG Cable.”
From the outside, the accessory appears identical to an ordinary Apple-branded cable; however, inside lies an advanced array of Wi-Fi equipment and malicious payloads that can completely compromise any phone it’s plugged into.
Unlike traditional security exploits for Apple devices, the O.MG Cable is a bait-and-switch that relies on the user to compromise their own phone. The accessory is so covert that even your computer can’t detect that the cable has been altered.
It’s only when MG activates the Wi-Fi receiver inside that the O.MG Cable truly comes to life. Once inside, he’s able to remotely control a phone as if he were holding the device — making it an extremely dangerous threat.
Since MG is a white-hat hacker, he says he won’t make the malicious cable available to the public. But, if he was able to create one, someone with not-so-good intentions could as well.
Needless to say, you should avoid charging cables you didn’t bring to the office yourself. Even at home, if you find a random charging cable and you have no idea where it came from, don’t use it. It’s always better to be safe than sorry.
3. That little drive could pose a threat
Another piece of tech that seems harmless is the standard thumb drive. You may use one to upload and transfer files without giving it a second thought, but it’s a bad idea. Here’s why: someone could have loaded the drive with malicious code that can infect your device with malware just by plugging it in.
It doesn’t necessarily have to come from bad actors within the company or from a visitor who “accidentally” left it at your house. A few years ago, IBM warned customers it mistakenly shipped some USB flash drives that contained a malicious file. Tap or click here to find out how it happened.
Another threat that could be loaded on a thumb drive is keylogging software. Keyloggers are hidden programs that can be installed on computers to record keystrokes.
Legitimate uses for keyloggers do exist. Businesses might install them on employees’ computers, especially if they deal with highly sensitive information; however, malicious keyloggers could be used to steal your information or a company’s data.
4. Did your boss really ask you about that?
By now you probably know all about phishing attacks. This is when you receive an email from a criminal trying to trick you into clicking on a malicious link or open a corrupted file that will infect your device.
In the early days of phishing, scammers were really careless with their messages. Most were packed full of typos and bad grammar. Fast forward to today and they’ve really upped their game. They use tools to spoof company logos and websites that make their messages look real.
Now, some of these crooks aren’t just targeting the average Joe. Instead, they’re going after companies and their employees in what’s known as a Business Email Compromise scam (BEC).
Scammers don’t just know where you work, but also what you do there. They might even use some of your personal information to keep your guard down.
Popular BEC scams include when a crook pretends to be the company’s CEO and contacts employees with access to the company coffers. They’ll send an email requesting a money transfer for a client or other company, and say it has to happen as soon as possible.
You might quickly look up at the email address before carrying out the instructions, but there’s a good chance it’ll look real. The account where you’re supposed to send the money might even look familiar, but with a couple of character changes, it will send money to the crooks’ account.
Another scam is when they pretend to be HR and ask you to update your direct deposit information. Then there’s one where your boss wants you to quickly go out and buy hundreds or thousands of dollars worth of gift cards (with your own money) under the guise they’re last-minute gifts for clients and you’ll be reimbursed.
There are more types of BEC scams to watch out for. Tap or click here for more examples and ways to spot phishing emails at work. So the next time you receive an email from your “boss,” make sure to confirm with them by starting a new message or calling them — never reply to the email.
5. Are your printers connected to the internet?
Everyday smart appliances, such as printers, webcams and routers, can be used as tools by cybercriminals. Internet of Things (IoT) devices can easily be hacked simply because they’re connected to the internet.
They are typically used as a botnet in distributed-denial-of-service (DDoS) attacks against websites. DDoS attacks occur when servers are overwhelmed with more traffic than they can handle, causing one or more websites to crash.
However, some printers have been found to have flaws that are even more serious. Here are some of the malicious things hackers could do if these flaws are exploited:
- Steal sensitive information – Criminals could remotely steal information from the documents you print.
- Shut down or hijack networked printers.
- Capture passwords – These printers could be used as an entry point to steal network credentials.
- Malware – hackers could infect your printer with malware.
- DDoS – They could also be used in the traditional example as a botnet to take part in a DDoS attack.
6. Huge mistake when getting rid of old equipment
Does your company own all of the equipment used around the office, or does it lease? Either way, think about all the sensitive information things like desktop computers, laptops and even printers hold.
Now, imagine that data getting into the wrong hands. The device doesn’t necessarily need to be stolen, either.
When a company’s lease of a desktop computer ends, they typically return it for a newer model. The same goes for printers and laptops. If the equipment is owned by the company, it will most likely donate or sell it when it’s time to upgrade.
But are they wiping the equipment’s memory before getting rid of it? If not, that could be disastrous! Before letting office equipment go, you must permanently erase sensitive data. This should be done with your personal devices, too.
Don’t know how to erase the data? Tap or click here and we’ll walk you through the process of erasing data from a Windows PC, Mac, iPhone and Android devices.
This is great advice for your personal equipment at home, too. Donating and old computer or selling a used smartphone is nice, but you don’t want to hand over sensitive personal information. Remember to wipe all of your old equipment before getting rid of it.