In recent years, we have witnessed a rapid transformation as more of our finances have come online. The growth of digital banking accelerated during the COVID-19 lockdowns out of necessity, but this added convenience led to a new set of challenges related to cybersecurity risk. With more at stake, criminals have become more cunning in their approach to accessing our information.
The ongoing war being waged in Eastern Europe has also raised a new set of questions about the influence of state actors in cyber attacks and whether we should be thinking about risk differently in these contexts.
The most important psychological principle of cybercrime is human engineering, or the idea that criminals take advantage of fear and basic human empathy to elicit an emotional response that leads us to act. This is why many criminals pose as charities asking for donations or a boss asking for a favor: people are generally less skeptical of organizations that claim to do good and are more willing to go to great lengths for them. a person of authority.
This background helps explain why phishing attacks are the most prevalent ransomware delivery method, as the risk is minimal and the reward can be immense if the right person clicks a malicious link, opens a corrupted file, or reveals some key component of your personal information. . Such a ransomware attack is particularly deadly because, in theory, an employee could open their entire corporate network to the attacker. This was the case when Colonial Pipeline fell victim to a ransomware attack last year, when criminals were able to gain access to its network by stealing a password. What this tells us is to always stop before clicking on a link to ask yourself, “Is this request in line with what this person has asked me for in the past?”
Despite the Russian invasion and threats against the West, February data shows that nearly three-quarters (73%) of current security events are related to cybercrime, compared to 7% of events related to cyber warfare. During this period, there were 16 events related to finance and insurance, and only one was an act of war. All of this is to say that financially motivated crimes continue to be the most frequent driver of cyberattacks and that the steps required to defend against them are consistent, regardless of whether the attack is financially or politically motivated.
Cyber security checklist
The uncertainty of recent years has taught us the importance of taking precautions and prioritizing preparation, and the same perspective must apply to cybersecurity. The following steps can limit the probability of being the victim of an attack:
Strengthen passwords. It is obvious that using the same password on many accounts would create a huge security risk if criminals got their hands on it. In addition to using unique passwords, it’s even better to use longer passphrases. Sequences of more than 15 characters, with very specific words, characters and spaces make it much harder for criminals to guess. For help managing different passwords/passphrases, you can use a password manager. They are designed to store credentials in a secure place. Then, when you visit a website or open an app that you need to log in to, the password manager will automatically fill in your credentials, saving you from having to remember your various passwords.
Set up multi-factor authentication. You’ve probably experienced using multi-factor authentication to access your company network, but it’s just as important for protecting your personal accounts. Setting it up requires you to provide two or more verification factors to access an account. This includes something you know (ie a password), things you have in your possession (ie a smartphone), or a feature of personal significance (ie fingerprint biometrics). The last two factors present a much greater challenge to criminals, even if they have your password to hand.
Update your software. While it sounds simple, updating your computer software as security patches are rolled out is a very easy yet important way to avoid cyber threats. When software updates are released, details about software vulnerabilities are usually disclosed and criminals can take advantage of these identified weaknesses to target victims who may not have updated their software yet.
Connect to the Internet securely. While you shouldn’t hesitate to connect to the Internet at home, accessing the web from public Wi-Fi networks in parks, airports, and cafes can present a security risk, as it would be difficult to verify how secure the connection is. If possible, avoid using these networks, especially if what you need to do involves accessing sensitive information, such as verifying a bank account.
Take advantage of security tools. Many tools have been developed in recent years to help prioritize cybersecurity as more and more important information is stored online. Browser reputation tools like Web of Trust, for example, are plugins that alert you to the anticipated safety of every website that completes a browser search. Similarly, alternative browsers like Mozilla Firefox and Brave Browser have fewer exposed security vulnerabilities than more commonly used browsers like Google Chrome and can promote privacy by limiting data mining.
As digital finance continues to evolve and new technologies emerge to simplify our financial lives, practicing regular cybersecurity “hygiene” to protect our information and assets will ensure that bad actors do not succeed.