The hustle and bustle of the holidays make them an ideal time for cyber-criminals to attack. Cybersecurity firms deal with increased threats during this season, and Silent Sector offers tips to protect your personal data and devices.
Zach Fuller, founding partner of Phoenix-based Silent Sector Cybersecurity Solutions, says: “We've seen a significant increase in breaches. Cyber criminals are compromising email accounts through the major cloud-based services people are used to using, then gaining administrative privileges to other accounts that the email was used to set up.”
Fuller reports that cyber-criminals are taking over cryptocurrency accounts, “changing the login so the owner loses access, then moving the funds to a different account. Due to the confidential design of cryptocurrencies, there is no effective recourse for the original account holder and little chance that they'll ever see their funds again.”
When criminals get access to emails and cell phone numbers to bypass two-factor authentication, they can gain administrative access to company domain names, move them to another registrar, and demand a ransom. This takes down a company's website—or worse, replaces it with obscene messages that damage the business’s credibility.
With email accounts, criminals can access the calendar, so they know when to strike. They’ve been known to hijack cryptocurrency accounts when you are away from your computer, at the golf course or a holiday party.
Silent Sector recommends using hard passwords with 12 or more characters, without common words. While Silent Sector recommends using two-factor authentication, getting texts to a cell phone is not always the safest way. Instead, install an authentication app, such as Google Authenticator. That way, a criminal would need your specific instance of the app to access your accounts. And, if you work outside the office, use a reputable VPN (Virtual Private Network) to encrypt your communications and safeguard your information.
These are simple personal steps, but businesses need to align with accepted cybersecurity frameworks such as NIST or CIS Controls. A professional cybersecurity firm will help develop comprehensive security measures and meet industry requirements. Be proactive and stop attacks before they happen.