Given the prevalence of online communication, never has staying safe while using the internet been of greater importance—or more challenging. As such, an awareness of cybersecurity and how it might be enhanced should be of interest to everyone, a process that begins with a simple review of your online habits and risks, according to Micah Mosher, Client Development Manager at Twin State Technical Services of the Quad Cities.
“A self-assessment of your risks is the first best step,” Mosher explained.
As with other criminals, online malicious actors (or “mal-actors”) often seek out the most vulnerable people or situations to exploit. These criminals will focus on the “easiest target possible,” Mosher noted, which means that only a bit of improved cybersecurity is essential in making someone relatively safe online. One need not be fully protected to avoid becoming a target, but rather should focus on taking incremental steps toward improving their standing. “Think of it as a journey from good to great,” Mosher said.
When considering a person’s cybersecurity and the steps necessary to strengthen it, envisioning a bell curve is useful, Mosher explained, with most people neither well-protected nor at extreme risk.
In the realm of cybersecurity, thinking like a mal-actor is helpful, given the quickly evolving online environment and the need to stay ahead of possible threats. “It is an arms race,” Mosher noted, about the competition between online criminals and those trying to avoid being victimized.
It is also important to realize that the more activity that is done online, the more vulnerable a person becomes. “In that ever-changing landscape,” he said, “more access creates more unlocked doors,” clearing a broader avenue for a potential breach in security.
Once a person has identified their risks, the next phase, Mosher said, is to create a plan to secure your online activities based on your exposure. It is here, as well, that taking easy steps becomes essential.
Among the simplest actions to take are changing passwords frequently, investing in antivirus protection, being aware of what is on your computer or network, and having a recovery plan in place should your hardware be damaged or your files stolen and held for ransom.
Building on these steps, Mosher encourages people to pursue what he called a layered approach, the concept being that one layer of security is good, though any holes it contains will keep you vulnerable. By layering several different solutions on top of one another, however, the weaknesses of each are mitigated, as the layers work together to create one stronger, more comprehensive barrier.
But while implementing these layered solutions brings greater overall strength, online criminals adjust their approach to target a more vulnerable point, which is often the person, themself.
Rather than attempt to breach the various modes of technical security in place, criminals, instead, target people directly, in hopes of preying on their humanity to take advantage of the situation. In that case, Mosher explained, “Mal-actors go straight for the human element” to gain the access they are seeking.
This could take the form of a personal email or phone call, or perhaps even a meeting, through which a criminal could acquire the access or sensitive information they desire.
In describing the human aspect, Mosher used a glazed doughnut analogy, emphasizing the strong outer layer of technical security while also highlighting the more vulnerable inner portion, which he would compare to the people being targeted directly, which may fall outside of typical online security measures.
While online criminals may occasionally circumvent technology, they also rely on it to make their job easier. One way this occurs is through their use of what Mosher called “bots,” by which are meant malicious programs or computer viruses that are released online and monitored by criminals to more quickly and efficiently identify security gaps.
“There are millions of doors on the internet,” Mosher noted. “So criminals use artificial intelligence to see which doors are unlocked.”
A common misconception, one that may stop someone from attending to their cybersecurity, is that they or their business is not worth an online criminal’s effort to exploit. Mosher warns against the notion that “I am too small to be concerned,” in part because the motives of criminals aren’t always financial. “There are lots of reasons for breaching someone’s cybersecurity,” he said, which could include financial as well as political and personal motives.
Mosher also noted that, in numerous cases, a successful cybercriminal enjoys access to their victim’s information for as many as 90 days before they are discovered, providing them ample time to commit their crime.
Awareness of the risks, then, and acting to limit them seem of paramount importance in staying safe online.
“A little bit of knowledge goes a long way to avoid becoming an easy target,” he concluded.