Unauthorized bank transfers. Identity theft. Fooled by deep fakes. No one is too old, too young or too poor to escape being targeted by thieves.
“Cybercrime affects everyone, and the threats are constantly changing,” warns trusted cybersecurity expert Greg Schaffer. “Criminals know that accessing lots of smaller accounts can add up quickly.”
Surprisingly, Schaffer says cybercriminals aren’t always after money. “Some do it for political gains or activism. Others just want to harass people by signing them up for multiple subscriptions or restaurant reservations. This happens all the time. They count on people just ignoring things they didn’t initiate.”
Schaffer is confident there’s a better way to secure personal information and digital assets.
Most Cybercriminals Prey on Human Nature
Schaffer, a sought-after virtual chief information security officer who works with small and mid-sized businesses, is passionate about sharing advice to help people protect themselves at home and in the workplace.
“Many information security issues cross over between business and personal life. Criminals can take advantage of our natural instincts. Understanding that makes it easier to stay a few steps ahead of them.”
How To Spot and Avoid Five Common Cybersecurity Risks and Vulnerabilities
Risk #1: Deep fakes.
“It’s become easy to fake who is seen on video calls. One businessman, thinking he was on a video call with colleagues, complied with their request to send millions of dollars to what the businessman thought was a valid recipient. But those weren’t his colleagues. They and the recipient were criminals. If something doesn’t feel right, text the other person’s cell phone. If they don’t respond, they may not be who they say they are.”
Risk #2: Phishing.
“This often involves bad guys preying on another’s trust. For example, someone is preparing to close on a house. The criminals hack into emails between the buyer and their banker. Then they wait. At the right moment, they may send the buyer an email, seemingly from their banker, changing the wire instructions. It could result in the buyer wiring thousands of dollars somewhere else.”
He adds, “Other times, criminals rely on immediacy and urgency. For example, if they claim to be law enforcement or the IRS, don’t be rushed into taking action. Always take the time to double-check if a request or situation is legitimate.”
Risk #3: Generative AI, such as ChatGPT.
“One of the biggest risks is entering confidential information. Generative AI can share what is uploaded with the rest of the world. A technology engineer tried to solve a problem by uploading the information into ChatGPT. The engineer got the answer, but in the process, they exposed their company’s sensitive information. It’s also common for people to use ChatGPT to help fix resumés. Never enter any identifying information such as a photo, address or educational background.”
Risk #4: Multifactor identification fatigue.
“Bad guys try to wear people down. They may bombard someone with requests to confirm log-in attempts they didn’t initiate. It’s annoying! It can be tempting to confirm, just to get notifications to stop. Only now, that’s given the bad guys access to their username and password. Maybe a bank account is about to be siphoned. Never accept uninitiated requests.”
Risk #5: Home Wi-Fi network.
Even with doors and windows locked, bad guys can enter homes through devices. “Usually, the place they enter a personal network is not what they’re targeting. They may enter through something as simple as a smart TV. Once they’ve breached the TV, they could jump to a laptop where someone has been working on their taxes. There, they may find social security numbers and other sensitive financial information. That’s a big problem! To reduce this risk, keep firewalls and laptops updated. Segment home networks: entertainment, children, home business, appliances, etc. That way, if one gets compromised, the others won’t. And never share passwords across platforms.”
If a Breach Occurs, Stop and Take a Deep Breath
“One of the worst things to do is panic,” cautions Schaffer. “Not thinking clearly may increase the intensity of what’s happening. Don’t feel pressured into action. Call law enforcement. Enlist cybersecurity experts to help.” MR
Greg Schaffer is the owner and founder of vCISO Services, LLC, an information security consulting business. He also hosts a popular unscripted podcast, The Virtual CISO Moment, to discuss information security topics for small and mid-sized businesses.
