Millions of email and password combinations flood the dark web, a place where cyber criminals frequent to obtain access to personal information in hopes of connecting the dots for a payday. While there are measures we can take, like updating computer operating systems and maintaining active anti-virus and firewall software, these attacks are becoming more specific and more complicated to detect.
COVID-19 has presented these bad actors with a new set of vulnerabilities from which to pray off of their prospective victims. In April, the FBI reported that cyber attack complaints increased to as much as 4,000 times per day, a 400% increase from what the FBI saw pre-pandemic. Some of the most common cyber attacks involve methods such as Ransomware & Cyber Extortion, and Phishing & Social Engineering.
A Ransomware attack is a form of Cyber Extortion involving a malware program which locks up the users system and data and demands a ransom, usually in some form of cryptocurrency, in order to release the lock. It’s common for unsuspecting individuals to not realize that their system has been infected with Ransomware, as the malware can remain dormant and undetectable until triggered by the attacker. The FBI has more information on these attacks, including steps you can take to help prevent these attacks, found here.
Phishing and Social Engineering attacks pray on one of our biggest vulnerabilities: how busy we all are. Attackers will often use personal information and/or a legitimate or known email address to trick their targets into providing sensitive information or downloading malware. This can be particularly dangerous during a busy workday, when our guard may be lower to accepting emails from recognizable email addresses. An example of a phishing attack might be a target receiving an email from a seemingly legitimate Facebook administration email that includes their username and password. If the target uses the same username and password combination for their Facebook profile as they do with multiple other online accounts, chances are the attacker found this combination on the dark web but can’t confirm to what account or service this combination belongs to. Best practices to prevent these attacks are to confirm emails from the actual sender if you aren’t expecting the email, and use unique username and password combinations for each account. For the latter, we recommend checking out a password manager software like Dashlane or Roboform.
While our due diligence may ward off most cyberattacks, we are still vulnerable to new forms of data breach. Fortunately, insurance carriers are recognizing the importance of protecting their clients from these risks. Our insurance carriers have policies offering coverage for business clients and some are now offering this coverage to individuals. Chubb is one of our providers that offers cyber protection for your personal assets, and you can read more about this solution below.