During the third quarter of 2022, global cyberattacks increased by 28% compared to the same period in 2021, according to Check Point Research. A lot of companies also fell victim to ransomware attacks and suffered data breaches, while many individuals inadvertently shared sensitive information to threat actors through phishing scams.
And as we enter a new year, we can expect cybercriminals to develop new and more sophisticated ways to steal sensitive information from unsuspecting victims. Thankfully, there are many things you can do to stay safe online this 2023. Let's take a look at some of them.
1. Use strong and unique passwords
It's important to use strong passwords to secure your online accounts. By doing so, you can reduce the risk of falling victim to brute force attacks, or a trial-and-error method used by cybercriminals wherein they use commonly used passwords to guess an account owner's login credentials.
One way to create strong passwords is to use passphrases, or strings of unrelated words that you use as a password. Because they're comprised of words, they are easier to remember compared to typical passwords that contain random numbers, letters, and symbols. For instance, it will take about 2,563,379,452,772,621 centuries for a threat actor to guess the passphrase "mushiness uncut washcloth lividly," according to Useapassphrase.com.
Finally, make sure to use a unique password for all of your accounts. This way, even if one of your accounts gets compromised, threat actors won't be able to access your other online accounts. If you have trouble remembering your passwords, you can use password managers like Dashlane and 1Password. Password managers can generate and store your passwords in an encrypted vault that can only be accessed using a master password. Just make sure to create a secure master password so you can avoid the risk of having your account hacked.
2. Use multifactor authentication (MFA)
Passwords can only go so far when protecting your online accounts. MFA improves your accounts' security by requiring you to enter two or more factors to verify your identity when you log in to your account. These authentication factors could be a one-time PIN (OTP), facial or fingerprint scan, or physical key. By enabling MFA, even if a cybercriminal gets a hold of a your username and password, they won’t be able to infiltrate your account if they can't provide the other authentication factors.
As much as possible, however, avoid using SMS-based authentication, as it is not a secure authentication method. For instance, cybercriminals can engage in SIM swapping, where they impersonate you and tell your mobile carrier that your SIM card has been damage. They will then ask the carrier to transfer your mobile number to a new SIM card. This will grant them access to OTPs and password reset links sent via text messages. Former Twitter CEO Jack Dorsey fell victim to such an attack back in 2019, which resulted in his Twitter account getting hacked.
3. Install security updates as soon as possible
Device and operating system (OS) updates don't just introduce new features. They also often provide important security patches that can prevent cybercriminals from exploiting vulnerabilities to access your sensitive information. As such, make sure to install security updates for your OS as soon as you can.
4. Protect yourself from phishing scams
Phishing is a type of cyberattack wherein threat actors pose as a reputable entity like a bank or a trusted friend and send legitimate-looking emails to trick users into divulging personal information, such as names, email addresses, passwords, and credit card data.
Phishing is one of the most common cyberattacks today. Cybercriminals have also improved their tactics, as they are now leveraging text messages and voice calls to victimize people.
To protect yourself from phishing, be careful when clicking on any links, as threat actors can pass off a URL like "pay-pal-login[.]com" as a legitimate URL. Don't download any attachments from unsolicited emails as well, and never give out personal information to anyone on the internet. Legitimate organizations will never ask for such information via email, text message, voice call, or social media.
5. Back up your data
Many years ago, if you get infected with ransomware, you can easily recover from it by restoring from a local backup. However, threat actors have upped their game and made it difficult for victims to recover their data using this method.
This is why it's important to store your backups in a separate location, such as an external hard drive or flash drive. You can also use a cloud storage system like OneDrive or Google Drive, which allows you to store your data online. Externally backed up files will not be affected even if your system gets encrypted by ransomware.
Do you have any cybersecurity tips to share yourself? Let us know in the comments section below.
Gloss