Ransomware attacks have been getting a lot of headlines lately. Ransomware is a type of computer malware that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid. The perpetrators (the FBI believes many of them are Russian criminals) encrypt the victim’s files, making them inaccessible, and then demand a ransom payment to decrypt them.
It is not only large companies that are vulnerable. Mom and pop organizations and even individuals—like you and me—can also fall victim to cyber-criminals who can hold our data hostage or steal our identities. No one is immune. While it’s impossible to safeguard your information completely, you can reduce your risk by taking these seven simple steps:
1. Keep private information private. Unless you initiated the call and you know and trust who you are talking to, never ever give out private information like your Social Security number, bank account number or credit card number.
2. Never click on unknown links. Avoid clicking on links in spam messages or on websites you don’t know. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected with ransomware or another equally malicious computer virus. In the same vein, never download an email attachment unless you know and trust the sender. And never connect USB sticks or other storage media to your computer if you do not know where they came from.
3. Keep your computer up-to-date. Hackers exploit security “holes” in computer software to infect your system. Regularly updating your computer programs and operating systems closes these holes and helps shield your computer, your data, and your identity from cybercriminals.
4. Use smart password practices. Use strong passwords that are different for all of your accounts. One of the best ways to manage your passwords is through a password manager app. There are many good and free password managers available. Turn on two-factor authentication for every website or account where it is available—that means that something else (such as a code sent to or generated by your phone) is required to log in to your accounts in addition to a username and password. Never use any part of your address or birth date as your PIN or password. Never use numbers or words associated with you like your address or birth date, because these are easy for hackers to guess. Also, never write your PINs anywhere and especially not next to your debit card.
5. Invest in a paper shredder. ID theft prevention experts say: “Don’t toss. Shred.” Did you know that mailings with credit card offers, insurance solicitations, and similar items often-times have your personal information in them? Florida State’s Attorney R.J. Larizza advises that “[c]riminals can physically go into your trash, get mailers out, fill out credit card applications in your name and have direct access to your credit! Shredding your junk mail can be the difference between being the victim of a crime and not.”
6. Back up your critical data. Regularly back up your data to an external storage device (USB stick or external hard drive). You should create a back up on at least a monthly basis (weekly is better) and, if you are creating a lot of new files over a short period of time, you may need to back up every day. After you run your back up, disconnect your external storage drive from your computer and store the back up in a safety deposit box or at home in a fireproof storage container.
7. Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.