With billions of web users, and more coming online every day, cyber-crime has been skyrocketing. You have heard of high-profile hacks and stolen data on a regular basis, and the frequency of attacks is unlikely to slow down anytime soon. Hackers are now using very sophisticated tools and thousands (if not millions) of hacked/infected computers to automatically probe computers like yours for potential vulnerabilities.
It is not a matter of “if”, but of “when” you will be the target of a security probe which may result in a data breach. Most likely, you have already been subjected to some level of attempted hacking in one form or another, and you did not even know about it.
The important point is to be aware of the threat, and organize your data to (digitally) survive a hack. There are many common attack vectors, and here are some that you are very likely to bump into:
1/ Plain Old Deception: Phishing
It’s fair to say that although hacking has evolved, computer security has done so as an equally rapid pace. However, all hackers agree that the user is the ultimate weak link in the security apparatus. That is why deception is a favorite tool, which can come in many forms, the most dangerous of which is Phishing.
This is a term that is used to describe a deceptive practice which often consist in sending emails that seem to come from a legitimate source (your bank, email hosting company, official entity, etc…) with a message that will entice you to click on a link, install a software or log into a website using your login and password. Your login information will be stolen when you do so.
This is particularly dangerous because many people are fooled by the trustworthy appearance of the phishing message which seems to come from a trusted source. But it is actually very easy to impersonate an email sender because decades ago, the email protocol was not built with this level of threats in mind.
Once hackers have the information they seek, they can impersonate you, and steal further information or money. If successful, the information theft can be used for identity theft, in which hackers could even make a loan in your name.
When in doubt, it is preferable to go directly to your bank or other sites, without clicking on the email links. Don’t open files or install apps from sources you cannot identify with certitude.
2/ Brute-Force: Password Guessing
We know all well that passwords are not the most secure way to secure access to your online data and services, but they are convenient and the web is more or less built upon their usage.
The downside is that millions of people use very weak passwords because they are easy to remember (especially the worst passwords that should be avoided). Unfortunately, this leads to incredibly bad passwords that can be easily guessed by a robot that wants to break-in by attempting many log-ins using huge lists of commonly used passwords.
Once in, thieves can do further damage because it’s likely that the same person uses the same login in different websites, which could all fall like dominoes once the first password has been cracked.
With high-profile companies like Sony or even the U.S government being victims of hacks, the challenge is daunting for an average computer user. But you should take comfort in the fact that the kind of resources used to hack these entities won’t be applied to hacking a regular person because the potential gain would not justify it.
By being aware and educated about the main attack vectors, it is possible to drastically reduce the odds of being a victim of hacking. Most of it has to do with making it a little harder, so that the amount of work required for a hack would not be worth it.
What we know for sure, is that preventing hacking is much easier than recovering from it. I think that we can all agree on that.