If you tried to make a cheesecake at Thanksgiving or Christmas, you might have noticed the empty cream cheese shelf at your local grocery store. It was partly due to American’s insatiable appetite for sweets but also largely due to a cyberattack on the largest cheese manufacturer in the nation. This is one of many cyberattacks this year; you might remember the Colonial Pipeline’s ransomware event earlier this year.
The vast majority of these attacks seem to be happening through compromised email accounts and/or repeated passwords.
Think of all the “junk” websites that you use a simple username and password for. Your news subscriptions, vacation rental site, or even your online scheduler at your salon. You don’t want to bother remembering all of these passwords, so you use a simple one you use for everything else. No big deal.
Until it is.
These “junk” websites are very prone to data leaks as their cybersecurity tends to be much less robust. A hacker gets into your news subscription site, finds out your passwords, and then tests that password out at every banking website or email server in existence. You are bound to use one of them. If you used a repeat password… they are in. Time and time again, this is how the most damaging attacks are happening.
You might think, oh I have nothing to hide, who cares if a hacker sees my personal info? Well, if it’s your company that gets hacked because of your password weaknesses, it could be out of operation for days to weeks… sometimes more. If you are the victim of identity theft, it can take over six months (100 – 200 hours of work) and thousands of dollars to undo the damage.
So, how do you protect yourself from cyberattacks and identity theft?
1) Create unique, secure passwords for all of your sites
You don’t even have to remember all of them. Consider tools like Dashlane or LastPass where you can securely store passwords and even share them with specific individuals. You simply need to remember the one password to access it.
2) Don’t click on links in suspicious emails or texts
Please – just please please do not click on links in weird emails. What do I mean by “weird?” I mean an email from an unknown name or address. One that has poor grammar, spelling, or structure. Or, an email that just feels, well, weird. If you aren’t sure if it’s safe, call the direct phone number of the company who sent it to you. Here are some examples of “weird” emails actually received by members of our team:
In this example, the email address came from firstname.lastname@example.org. That has nothing to do with our Microsoft account, and we would therefore not reset our passwords through them.
This one looks more convincing… but look… it was from an email address of someone who would not normally send me files.
3) Consider freezing your credit
I already wrote about if and when you should consider this option HERE. Freezing your credit can protect you from a thief opening a loan or credit card in your name.
4) Check your credit report
Check your credit report at least annually to ensure no credit was opened fraudulently. You can do so for free at AnnualCreditReport.com. I just requested my own, and it is a simple process that took me less than 5 minutes.
It’s so easy to maintain reasonable online security, and it is so difficult to restore it once it’s lost. Thankfully for us and our New Year’s Eve desserts, the cheese manufacturing was back to producing within a few days, but you might not be so lucky.