Home > Identity Theft > 50 Ways to Avoid (or Deal With) a Cyberattack

Comments 0 Comments

In case you missed it, a major cyberattack swept the globe Friday. Per pretty much every major news outlet here in the U.S., hackers locked computer systems worldwide, then threatened to destroy data if the victim did not pay to be let back in.

In other words, they executed a large scale ransomware attack, targeting companies, government agencies, public institutions and ordinary citizens across continents. The attack comes just one week after Google Docs users were hit by a large-scale phishing scam. Google reacted swiftly to shut it down, but hackers are digital whack-a-moles: There’s no way to guarantee another won’t immediately pop up in your inbox.

Fortunately, there are steps that, taken together, can minimize your odds of falling victim — or mitigate the damages if you do get got. Here are 50 ways to avoid or deal with a cyberattack.

1. Update Your Computer Regularly

The recent ransomware attack exploited a vulnerability in Microsoft Windows servers. But here’s the thing: Microsoft released a security update to patch the vulnerability back in March. The lesson here: Enable updates when prompted. This goes for other devices, like smartphones and tablets, too.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Microsoft president and chief legal officer Brad Smith wrote in a blog post. “Otherwise they’re literally fighting the problems of the present with tools from the past.”

2. Turn on Your Firewall

That’ll help keep malware off your computers by stopping suspicious programs from downloading or accessing the internet, should one get onto your machine.

3. Install & Update Security Software

If you don’t have anti-virus or anti-malware software on your laptop or desktop, change that sooner rather than later. Otherwise, you’re making yourself an easier target. There’s a lot of truth in the statement “it’s not a matter of if, but when” when it comes to hacking and identity theft. Still, it’s best to make it as hard as possible for the scammers out there.

4. Set Software Limits

To block malware attempts, both Microsoft and Apple suggest limiting what software, programs or applications can do to your computer. You can set these limitations via your PC’s User Account Control or Mac’s Security and Privacy preferences.

5. Install Security Add-Ons for Your Internet Browser

There are free tools that tell you the safety of webpages you’re browsing, like Web of Trust or McAfee Secure Safe browsing plugins.

6. Check for HTTPS

When browsing, make sure URLs start with ‘https.’ The s means any data going back and forth between you and the site is encrypted.

7. Heed the Warnings

Google’s Safe Browsing is designed to flag unsafe websites and URLs you happen to stumble upon. Similarly, many providers flag potential scam emails either by sending them to spam or issuing a warning at the top of an email. While it can be tempting to write said warnings off, it’s in your best interest to take them seriously and, if you do proceed, do so with caution.

8. Learn How to Recognize a Phish

Phishers pose as legitimate entities to get users to click on a malicious link in their inbox. Their emails can look legit, but there are often tell-tale signs you’re dealing with a scammer, including typos, misspellings, generic salutations and sketchy urls, which you can spot by hovering over embedded links in the email. (Check out this story about a reader who received a scam email that included his friend’s Social Security number.)

9. Don’t Click the Links …

Even if you don’t readily spot any red flags. Instead, call the company or person sending the email directly to verify legitimacy. You don’t want to unwittingly download malware onto your computer that can spam your friends or hijack any personal information or passwords you type post-click.

10. … Enter Sensitive Personal Information …

In lieu of malware, some phishers simply prompt you to enter info directly on a spoofed website once you click. Consider the request for bank account digits, Social Security numbers or other sensitive data a big red flag. After all, financial institutions and government agencies, like the IRS, aren’t known to conduct urgent business over email. (Note: The IRS reported an approximate 400% surge in phishing/malware incidents early last year, so it’s important to be careful what information you share and where.)

11. … or Download Phishy Email Attachments

They can be yet another way in which the phisher is trying to install malware on your device.

12. Really, Just Avoid Unknown Emails

Even emails that seem safe can be dangerous. It’s common for attackers to impersonate someone you know, and if a contact of yours got hacked, they may unwittingly be spamming their entire address book. If you’re not expecting an email, do not know the sender or are unsure, do some research before opening the email.

13. Unsubscribe From Email Lists

If you aren’t interested in getting emails from certain mass distribution lists, take your name off. This way, your inbox is cleaner and you’re reducing the likelihood you’ll get an email from somewhere that got hacked. (Want to declutter your life even more? Here’s how to opt out of mailed credit card offers.)

14. Review Ads & Emails

Smart consumers never assume an ad or email is from a reputable company. Always verify if the information is legitimate by doing some research online (type the company or product into a search browser along with the terms “review,” “complaint” or “scam”). If something looks shady, it probably is. That said …

15. … Let Yourself Get Suspicious

Seriously, it’s OK to be extra cautious. Delete any emails, texts or anything else you’re not sure about.

16. Read the Privacy Policy

Don’t click “agree” and ignore the policy — take time to read it, as it will explain how your personal information is collected and used by the site. You’ll find out whether your information is shared with third parties and how that data is accessed. If something gives you pause, consider taking your business elsewhere.

17. Be Careful When Downloading Apps

Like we said, read privacy policies, including those lengthy permissions before you download an app to your device. Think about all you do and say on your devices — do you really want a scammer to have access to that?

18. Channel Your Inner Ron Swanson

No one expects you to go fully off the grid (even Ron caved and got a cellphone), but remember every time you sign up for a new service or share your information with another entity, you’ve presented cyber criminals another way to get to you. Consider keeping some aspects of your life off the internet, apps and devices.

19. Don’t Overshare on Social Media

Past addresses, the names of people living in your household and photographs are useful to identity thieves. They can help thieves bypass security verification questions or create new accounts in your name. Always think before you share something online.

20. Know When Your Social Security Number Isn’t Required

Just because there’s a line on a form for your Social Security number doesn’t mean you have to fill it in. Here are five places you should never give your Social Security number.

21. Don’t Blindly Fill Out Forms at the Doctor’s Office

If you’re at a doctor’s office and aren’t sure if they need some of the personally identifiable information they’re asking for (like your Social Security number), ask about it. This is an especially smart move because medical providers are a big target for data breaches. Here are four things your doctor doesn’t need to know.

22. Safely Dispose of Personal Information

Disposing of a computer or smartphone isn’t as simple as tossing it in the trash bin. With computers, be sure to use a program that overwrites the hard drive. Before you throw out a mobile device, check your owner’s manual or the manufacturer’s website to learn how to save or transfer information to a new device before doing a hard reset. Be sure to remove the SIM card and things like your contacts, search history and photos.

23. Get the Team on the Same Page

Whether it’s a quarterly refresher course or something everyone does once a year, making sure all employees are on the same page about digital security can help prevent everyone from getting hit by an attack.

24. Tread Lightly With Open & Public Wi-Fi

Free internet in public spaces like coffee shops and hotels is great to have, but you don’t know the other people sharing the connection. Someone else could be “eavesdropping” on what you’re doing, so limit your internet use on public networks. For example, using online banking while you’re on an unsecured Wi-Fi is a bad idea. (We get it, though — free stuff, like these 50 things, is great. Just make sure you’re responsible about it.)

25. Be Selective About Using Shared Computers

Sometimes you have to get online on the computer at the library or FedEx. If that happens, make sure you log out on any sites and wipe your browser history before you go.

26. Be Careful With Data Share Folders

Cyber attacks aren’t limited to sketchy links or emails. Hackers have found ways to take over your system right from file share programs. It may be easy to leave these logged in constantly, especially if you’re using them for work, but logging out may save you in the long run.

27. Turn Off Your Computer

While leaving your computer on “Sleep” mode makes it easy to get back to work, constantly leaving your computer on makes it more susceptible to viruses. Turn your computer off when it’s not in use.

28. Remember to Log Out

Whether or not you share your computer or device, logging out after each use is a good practice.

29. Don’t Save Your Login Info … 

It’s so much easier to let your browser and apps save your login credentials, but it’s not just easier for you — you’re making thieves’ jobs easier, too. A lot of cybersecurity decisions require choosing between convenience and safety. If you choose convenience, be prepared for some potentially unpleasant consequences.

30. … Or Your Credit Card Details

It may be easier to click once and your order is on its way, whether it’s from your favorite online store or the local pizza delivery place, but storing your credit card information can leave you vulnerable.

31. Lock Up Your Phone …

It may seem inconvenient to enter a passcode or have your finger scanned to access your messages and apps, but if you ever lose your phone, having it locked could be the difference between shelling out for a new phone and shelling out for a new phone and trying to find the person who drained your bank account and hacked your social media accounts.

32. … & Your Laptop

Experts recommend keeping financial information on your laptop only when necessary. It also helps not to use an automatic login feature that saves your username and password so it’s harder for someone to get at your personal information if your laptop is stolen.

33. Use Built-In Biometric Authentication When Possible

Some thumb drives require your fingerprint to access the information stored on it. This is a great way to deter criminals and keep your data extra secure.

34. Create Strong ‘Phrase Passwords’

If you’re using a generic password like “Password123” or your dog’s name and your mailing address, it’s time to up your game. Have a favorite lyric, phrase, quote or poem? Use it. 2BorNOT2B is a lot harder to guess, and is still super easy to remember. (Not sure if you’re using a strong password? To start, make sure it isn’t on this list of 25 passwords you should never use.)

35. Don’t Reuse Passwords

Just because you’ve come up with a great phrase password doesn’t mean you should use it for your email, social accounts, bank app and everything else. Try to make a unique password for each of your accounts. At the very least, make sure your financial account passwords are different than your social media passwords.

36. Use a Password Manager

A password manager can generate strong, complex passwords to make hacking your accounts harder. Managers like LastPass can also store and remember them for you. (You can read this for more on remembering passwords.)

37. Update Your Passwords Often

The information exposed in a data breach may be old, but that won’t be much comfort to you if you’ve been using the same password for the last three years. Get in the habit of updating your login credentials every six months or so.

38. Use Two-Factor Authentication

If a service you use offers two-factor authentication for logging in, take advantage of it. This usually requires entering your password, then entering a confirmation code that will be sent to you by text, phone call or email. If someone gets their hands on your password, chances are they don’t also have your cellphone, leaving them locked out of your account.

39. Answer Security Questions Creatively

Sometimes it’s OK to lie, especially when coming up with answers to security questions. This way, a crook can’t guess their way into your finances. Don’t get so creative you can’t remember the answer, and create a cheat sheet to help you keep track. You can store it on an encrypted thumb drive. On that note…

40. Store Your Personal Information on an Encrypted Thumb Drive

Important documents and login information (for those who don’t use password managers) should be stored on an air-gapped device, such as the thumb drive. Experts recommend keeping one at home and storing the other in a safety deposit box or a safe.

41. Make Sure You Trust That Thumbdrive

We get it — sometimes curiosity can get the best of you. But if you find a USB or external hard drive, think twice before just putting it in your computer.

42. Don’t Forget About Old-School Back-Ups

A cyberattacker can’t get into your filing cabinet, and there are some things you really don’t want to lose. Consider keeping a hard copy of important documents like your last few years of tax returns, mortgage paperwork, student loan documents and insurance policies, so you still have the records even if digital forms have been compromised.

43. Backup Your Data Externally …

If something happens to your computer or other device, knowing your files are saved elsewhere can reduce the headache.

44. … & Then Backup Your Backups

Remember, no system is ever completely secure. Make it a habit to copy important files, especially financial documents you need for things like mortgages and student loans. Place the data on a removable disk or backup drive and store it somewhere safe.

45. Take a Deep Breath

It’s understandable to freak out if you’ve been hit by a cyberattack or are being asked to pay a ransom for stolen files, but try to stay calm. Disconnect from the internet, and call someone for help, whether that’s your work’s help desk or a reputable cybersecurity firm familiar with the technology you’re using.

46. Report the Problem

In the wake of the Google doc scam, the tech giant urged users to report suspicious email and content to it directly. You can report scams to your local attorney general and the Better Business Bureau to help prevent others from similarly falling prey.

47. Consider a Credit Freeze …

Fell for a phish? Consider freezing your credit reports so scammers can’t use the personal information they pilfered to open fraudulent credit accounts in your name. You can learn more about credit freezes — and when to use them — here.

48. … or Request Alerts

A credit freeze can be cumbersome, particularly if you’re in the process of applying for a loan yourself. If you don’t believe a thief scored any seriously sensitive info, you could at least request that the credit bureaus put a fraud alert on your credit report. That’ll prompt creditors to take extra steps to verify your identity before extending credit.

49. Accept That You May Not Get Back What You Lost

In the case of ransomware, you may be tempted to pay what the thief is asking so you can have your files back. Some experts recommend against paying because it further incentivizes ransomware attacks, and you may not get your files back even if you do pay.  

50. Monitor Your Credit

Haven’t spotted any cyberattacks recently? It’s still a good idea to regularly monitor your credit for signs of identity theft. You can pull your credit reports for free each year at AnnualCreditReport.com and view your free credit report summary, updated every 30 days, on Credit.com.

Image: jacoblund

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other sponsored content on Credit.com are Partners with Credit.com. Credit.com receives compensation if our users apply for and ultimately sign up for any financial products or cards offered.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Our Owners

Credit.com is owned by Progrexion Holdings Inc. which is the owner and administrator of a number of business related to credit and credit repair, including CreditRepair.com, and eFolks. In addition, Progrexion also provides services to Lexington Law Firm as a third party provider. Despite being owned by Progrexion, it is not the role of the Credit.com editorial team to advocate the use of the company’s other services. In articles, reporters may mention credit repair as an option, for example, but we’ll also be sure to note the various alternatives to that service. Furthermore, you may see ads for credit repair services on Credit.com, but the editorial team isn’t responsible for the creation or implementation of those ads, anymore than reporters for the New York Times or Washington Post are responsible for the ads on their sites.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team