Trojan horses and secret-selling, pirates and plundering: Today’s threats to cybersecurity sound more at home in history books than in headlines.
Security analysts say the war against hackers and online criminals can never be truly won, but there are steps small-business owners and individuals can take to protect themselves from becoming easy targets for digital marauders.
“One thing overall that’s important is to be aware of risks but not be overly paranoid,” said Jonathan Katz, computer science professor and director of the Maryland Cybersecurity Center at the University of Maryland. “Criminals look around and try to find an insecure network. They’ll go for the weakest link by scanning hundreds of commercial sites. You don’t want to be one of the weak ones.”
According to the Privacy Rights Clearinghouse, more than 4,200 data breaches jeopardizing more than 820 million digital records have been recorded since April 2005.
One of the threats to individuals and small-business owners are breaches of personally identifiable information, said Randy Marchany, the university information technology security officer at Virginia Tech. That includes Social Security numbers, credit card numbers, passport information and driver’s licenses.
“There is definitely a black market for that information,” Mr. Marchany said. “If I had a credit card number, or a bank account number, I could do a lot of damage in a short amount of time.”
When it comes to being cybersecure, individuals and small businesses have to take responsibility on their respective sides of the computer.
For the average consumer, Mr. Marchany said, “you want to definitely make sure you have an encrypted connection between you and a website.”
With wireless becoming the mode of connection, Mr. Marchany said, it’s much easier for hackers to access information sent between computers. Before wireless technology, hackers needed a plug-in, he said. “Now you just need an antenna.”
Even when a connection is secure, computer users need to be aware of how they share information.
“There’s no reason for anyone to ask for your password,” he said.
Even if a request or instructions seem legitimate, he said, it’s still a good idea to call the company’s help desk before sharing information such as a credit card number or Social Security number.
“Call them back,” he said. “Don’t do it over the computer.”
As for passwords, Mr. Marchany said, use a long phrase, song lyric or quote that is easy to remember. These types of passwords are harder to break than a single short word. Rather than trying to remember a bunch of different passwords, simply add at the beginning, middle or end an associated word such as “GreenEggsAndHamAmazon” or “GreenEggsAndHamVisa.”
The site where your password is saved, particularly where important personally identifiable information is stored, should be responsible enough to not store that password unencrypted, Mr. Marchany said.