According to IBM’s annual Cost of a Data Breach report, the average cost of a data breach to an organization in 2021 was 4.24 million dollars. That’s the highest average figure in its 17-year history. Most of these breaches were the result of compromised user credentials (where an attacker is able to gain unauthorized access to an account) and are often more costly where remote working is involved.
These breaches aren’t just costly for large enterprises, though. Many small organizations fail to recover from a serious data breach (where the average cost is just under $700,000), with 60% of them going out of business within 6 months of an attack.
But of course, we can also fall victim to cyber attacks as individuals, and the cost to us can be significant, too. If you’ve been unlucky enough to have been a victim of a data breach, or (worse), identity theft, you’ll know that you can lose eye-watering and potentially crippling sums: this hacking victim lost over $13k in 2020.
But when we talk about the cost of a cyber attack to an individual, we’re not talking simply about financial losses.
How to Avoid a Cyber Attack
Psychologically, the after-effects of a cyber attack can be damaging. The feeling that you’ve been manipulated by a stranger (and your personal data has been ‘invaded’) can be deeply unsettling. It can lead to a serious loss of confidence, and make you increasingly wary of trusting others. It can cause embarrassment, too, as a victim of a hack can be made to feel as if it’s their fault.
In the most extreme cases (where a cyber attack has led to a significant loss of funds or even the loss of a job) the effect can be even more harmful, leading to stress, anxiety and even depression. Whatever the financial cost of an attack, the emotional cost is often far more significant in the long run.
Fortunately, there are a number of steps you can take to secure your data and ensure you’re aware of the threats you might face while online.
Check If Your data Is at Risk
Without knowing it, your data might have already been involved in a breach. A breach usually occurs when a hacker gains access to the database of a service or company which contains users’ private information, including (but not limited to) usernames, passwords, email addresses and, in the worst cases, bank account details. If you’ve been involved in a data breach, some of your personal information might have been made public without you realizing, which could put you at risk of identity theft.
But don’t panic. You can check if your email address or phone number has been exposed in a data breach by going to Have I Been Pwned. If any of your accounts may have been compromised, change those passwords immediately, and make sure you’re not reusing the same passwords across multiple accounts.
Use Strong Passwords
Speaking of passwords, nearly a quarter of Americans have admitted to using a password like “password” or “123456”. These should clearly be avoided, as they’re easily guessable and won’t take long for a hacker to crack. The longer and more complex a password is, the stronger it is. You can check the strength of your passwords at Security.org.
Using a “passphrase” (a series of unrelated words with spaces in between) is often more effective than using a simple combination of letters and numbers, as these can be harder to crack. This can help to protect your accounts from threats like brute-force attacks, in which attackers will submit vast numbers of possible passwords in an effort to guess correctly.
Protect Your Website(s)
This action may not apply to you, of course — but if you happen to run a website (for a small business, perhaps, or even just a hobby such as blogging) then your personal information is inextricably linked to it, and it can be a huge point of vulnerability. If someone gains access to it through a CMS exploit or a comparable weakness, they can learn your passwords, uncover private information, or even hold the site hostage in an effort to extort you.
Keeping extortion efforts at bay is largely a matter of investing in technical safeguards. Top managed hosting platforms are particularly good at keeping ahead of potential attackers, and some (e.g. Cloudways with its 2022-launched Cloudflare CDN integration) are investing in native features that make it all but impossible for run-of-the-mill hackers to gain access. Overall, though, the biggest thing you can do is refrain from storing any sensitive information on your website. Anything intended for public viewing inevitably makes a bad storage vault.
Beware of Suspicious Emails
One of the most common ways individuals fall victim to cyber crime is through phishing attacks, a type of ‘social engineering’ where an attacker sends a fraudulent email to an intended victim enticing them to click a suspicious link or hand over personal information. Phishing emails often appear as though they’re from a legitimate organization (like your bank, for example) but there are some classic signs to look out for.
Check the email domain (the bit after the @ symbol) to see if it looks legitimate. If it’s misspelled (or a public domain like gmail.com) it could be a scam. Next, check for poor spelling and grammar in the body of the email, as phishing attempts are often shoddily written. If you have the slightest suspicion that the email may not be legitimate, do not respond or click any links in the email. To ensure you’re aware of the telltale signs, IT Governance has produced a handy guide on the ways to detect a phishing email.
Update Your Software
Cyber threats are constantly evolving, with hackers developing newer, more sophisticated ways to gain access to our devices and our personal data. That’s why it’s so important that our operating systems and software programs are always updated to the latest available versions. These newer versions will fix previously discovered vulnerabilities and offer greater protection against emerging threats.
If you’re still using an outdated operating system, for example, it may contain weaknesses that can quite easily be exposed by an attacker, especially if those weaknesses are public knowledge. Use a tool like Soft4Boost to check for out-of-date and potentially vulnerable software, and update to the latest supported versions where necessary.
Secure Your Devices
It’s also important to protect our physical devices, as a lost or stolen device could present an easy opportunity for an attacker to gain access to your personal data. Ensure a password or PIN is always required to access the device (and don’t use anything easily guessable like 0000 or 1234). Many devices now enable facial recognition or fingerprint access, so enable these functions where possible. When you’re not using your device, make sure it’s locked.
Backing up your data is essential, too, so that it can be recovered in the event of a data breach. Most computers will include a backup facility, while mobile phone data can usually be backed up using cloud storage. Finally, beware of unsecured public Wi-Fi networks (where no password is required for access) as these are often prime targets for an attacker, and disable your Bluetooth function when you’re not using it.