October is National Cybersecurity Awareness Month, so we’re going to take this opportunity to post a few articles on this important topic. Here’s the first one.
We understand. Like so many others, you think, “It can’t happen to me.” Until it does, and then it’s too late.
Of course, we’re talking about malicious cyberattacks, the frequency and severity of which is increasing at an alarming rate. It’s no longer large corporations, wealthy people, and celebrities that are at risk. Anyone with an Internet connection is now part of the pool of potential cybercrime victims.
Consider the case of Mat Honan, a tech journalist and contributor to Wired.com. He’s not a celebrity, nor is he wealthy, and he’s probably more tech savvy than most people. But that didn’t stop a creative hacker from utterly destroying his digital life in less than an hour, made possible, ultimately, by Mat’s lax security practices. By his own account, “In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc.”
But there’s more to it than that. Sure, Mat should have taken more care with his home computer system, but that’s only part of the problem. The other part, the bigger part as Mat explains, is that, in the name of customer service, many large companies like Amazon and Apple have allowed their own security procedures to become increasingly simple. According to Matt, all the hacker needed was his billing address and the last four digits of his credit card to get into his system and seriously disrupt his life. That’s because that’s all Apple required to issue a hacker, posing as Mat, a temporary password. Armed with that, they were able to totally take over every aspect of Mat’s digital existence.
And why did they do it? It wasn’t for money or for fame. It was to take over Mat’s Twitter account and post horrifically racist and homophobic content under his name. Yeah, they said it was to identify exploitable holes in online security, but in the end, it was all just an unpleasant prank, one with real consequences for Mat. Worst of all, Mat thought that he had lost all his photos of his baby’s first year, an irreplaceable trove of memories. fortunately, he was able to recover those and most of his data, but not without a fair amount of time, effort, and money.
So, what are the takeaways from this? The first, as mentioned earlier, is the realization that it can happen to you or your business or the company you work for. No one is immune. Especially with so much content residing in the cloud, the overall attack surface is wider than ever. The lesson here is that everyone needs to take cybersecurity seriously.
The other takeaway, supplied by Mat in retrospect, is to enable two-factor authentication to make your accounts harder to hack. Had Mat done this as he knew he should have, chances are his attackers would have been locked out. Not a guarantee, of course, but he would have had another level of security to rely on.
So in this month of Cybersecurity awareness, consider your vulnerability to cyberattacks, and do something about it.