Are you playing “chicken” with your computer?

Photo: ILRI. Source: Flikr. CC BY-NC-ND 2.0

Lots of people are playing “chicken” online, hoping that the hackers don’t find them. But cyber-criminals are everywhere. It’s not just banks and pipelines and hospitals. Hacking has become its own industry. Hacking as a Service (HaaS) is the new moniker for an entire universe of dark webs, ransomware, and bought and sold protocols. Large firms contract for penetration tests and social targeting training; smaller enterprises hope they’re off the grid.

But everyone is on the grid. The only un-hackable communication device today is a typewriter. And we can’t buy those anymore. Companies used to see inbound threats and wonder, “Why are they targeting us?” The more relevant question today is “Why wouldn’t they include us in their library.”

Here’s a quick rundown of services offered with their prices, according to SecureWorks, a hacker-monitoring service:

  1. Take down a web site for a day: $400
  2. Drain a bank account: 5%
  3. Siphon 200,000 frequent flier miles: $60
  4. Infiltrate Instagram: $129
  5. Hijack corporate email: $500

There are other services offered as well. Reading the full SecureWorks report is enough to make me want to pull out my old typewriter. But we can’t turn the clock back – at least, not that far. So how can we keep ourselves safe?

  1. Patch patch patch.

The second Tuesday of every month is “Patch Tuesday.” That’s the day that Microsoft releases its system updates to patch the vulnerabilities that they’ve found. As soon as the update is released, hackers will to reverse-engineer the upgrade to find what Microsoft was patching. Be sure to install the updates as soon as they become available. You don’t’ want hackers testing their new-found insights on you.

  1. Multi-factor authenticate.

When you sign into your email or application, have the application ask you for an authenticator’s code. Google uses its own app to authenticate, as do other services. Enable these protections. If the hackers can’t break into your email, they’ll move on to other targets.

  1. Secure your hardware. Lots of hacks are implemented when the hacker gets your phone or computer for just a few minutes. Don’t leave them exposed. Mobile phones are mobile. Keep them with you. Lock your computer when you’re not there – at least lock the screen. And turn off your computer at night.
  1. Use a password vault – one that is protected with multi-factor authentication and a long pass-phrase. Password vaults have become more sophisticated, and they’re honestly the only way to keep the auto-generated passwords straight. There’s a reason sites auto-generate random character strings. They’re almost impossible to hack. But most people don’t use them because they’re impossible to remember. So we use simple passwords and write them down. Not good.
  1. Have a checklist in place of actions to take if you’re hacked: law enforcement, alternative ways to access your email, file backups. Checklists are good – doctors use them, pilots use them. Make one up and print it out.

These are just a few of the tips I’ve gathered over the past few years. Hacking has become a big business. The goal is to make sure that you’re not the product that the hackers are selling. And if the unthinkable happens, you’ve got a plan.