When using the internet, we all want to believe that we're taking adequate precautions to protect our financial and personal data from hackers.
However, the nonprofit Identity Theft Resource Center estimates that 1,862 corporate data breaches occurred in the U.S. alone last year, affecting close to 300 million people. According to earlier University of Maryland investigations, an attack is launched every 39 seconds on average.
Understanding how hackers operate is the first step in learning how to fend against such online "threat actors" before they have access to your data and financial accounts. Because of this, some businesses seek Kevin Mitnick's cybersecurity guidance.
Mitnick, a computer hacker, was found guilty of wire fraud and other felonies in 1995 and sentenced to five years in federal prison. He has worked as a computer security consultant for the past 20 years, and his company, Mitnick Security Consulting, provides guidance to Fortune 500 corporations like Microsoft as well as government agencies.
According to Mitnick, personal cybersecurity frequently involves striking "a compromise between security and ease." The majority of people are aware of some of the fundamental precautions they should take to protect their data, but as soon as those precautions become difficult to maintain, individuals start to slack off, potentially opening the door for hackers.
According to Mitnick, "the more security a consumer desires, the more inconvenient it will be."
The cybersecurity expert offers several tips for the average person looking to strengthen their online security and prevent getting hacked, ranging from basic strategies like better managing your long list of account passwords to more complex ones, like one that Mitnick claims could increase your chances of evading hackers by 98%.
Where to start: Manage your passwords
The first place where consumers who lack technical expertise or information security professionals make mistakes is while creating their passwords, according to Mitnick.
You're not alone if you think you have a never-ending number of passwords to remember. According to online password organiser NordPass, the average person has more than 100 different online accounts that require passwords.
In particular, if you often reuse passwords across numerous accounts and have ever had personal information released online in a data breach, the simpler your passwords are for you to remember, the simpler they are for hackers to guess.
Consequently, adopting a free password management programme is "a must," according to Mitnick, who recommends LastPass or 1Password. All of your passwords can be safely stored in the app, and it can even generate new ones. It can only be accessed with a single master password.
In light of this, you ought to choose a master key that is exceptionally challenging to decipher. According to Mitnick, the password for your master password should be at least 25 characters long.
Consequently, adopting a free password management program is "a must," according to Mitnick, who recommends LastPass or 1Password. All your passwords can be safely stored in the app, and it can even generate new ones. It can only be accessed with a single master password.
In light of this, you ought to choose a master key that is exceptionally challenging to decipher. According to Mitnick, the password for your master password should be at least 25 characters long.
Try using a straightforward, complete statement, like "Today, I Went To The Beach," with spaces between each capitalised word and punctuation at the conclusion (perhaps a number). It's simple to remember, according to Mitnick. Furthermore, he emphasises that it will be challenging for an attacker to compromise using brute force.
Password managers can also serve as a reminder for you to cease using the same passwords across many accounts, which Mitnick claims can offer hackers an advantage in gaining access to your data.
According to him, "attackers find credentials in data breaches." The threat actors will then try that password or variations of it because individuals have a tendency to reuse passwords, and you can typically figure out people's password-choice tendencies and guess people's passwords that way.
More advanced options: Multi-factor authentication and physical keys
A world without passwords is being developed by several major IT firms. One of them is Apple, which has enhanced its Passkeys function to allow you to access apps and accounts on numerous Apple devices using a fingerprint or facial recognition.
You may also be acquainted with multi-factor authentication, which is already utilised in some capacity by the majority of financial institutions and tech firms. In order to confirm your identity when you log in, your bank will then send you a number via text message or email.
According to Mitnick, authentication procedures are still vulnerable. Hackers may be able to view your texts and emails thanks to malware, and straightforward phishing scams may convince you to hand them your account details.
Mitnick suggests employing encryption tools like FIDO2 or WebAuthn for two-factor authentication that cannot be "phished." They are compatible with a physical security key called a Yubikey, which plugs into your computer and looks like a USB drive. The physical key and the PIN are required to unlock the encryption, which is exclusive to you and your device.
The "highest security level" for logging into your internet accounts, according to Mitnick, is physical security keys. Numerous well-known tech platforms and services, such as Google, Amazon, Microsoft, Twitter, and Facebook, already allow the choice.
However, it isn't always error-free: If you don't have your security key with you, such sites nonetheless often let you log in using different procedures, like multi-factor authentication.
An even more advanced option that ‘raises the bar 98%’
Mitnick advises purchasing a second computer or tablet just for login into your financial accounts or other sensitive accounts and data if you're very serious about protecting your financial information from hackers and you're ready to invest extra time and money to do it. Additionally, he advises utilising a unique password manager for that device.
You can also make use of a reasonably priced tool: According to Mitnick, Chromebooks are currently more secure against malware and other infections than the majority of devices and start at roughly $250.
All of this is quite "inconvenient," says Mitnick. However, taking such drastic measures does improve your odds of thwarting hacking attacks.
You're like 98% upping the bar, he remarks.
Your best tool: Awareness
Your ability to spot when a hostile person is attempting to steal your account information from you may be your strongest line of protection against being hacked.
"Phishing assaults are the most common technique that criminal actors infiltrate targets. They're also highly intelligent, says Mitnick.
For corporate clients, Mitnick's company routinely simulates phishing attempts to make sure that staff members are conversant with the most recent and common techniques. Some popular phishing scams make the misleading claim that they are from a bank or IT service you subscribe to and demand that you respond immediately or else face serious penalties. Your account details and passwords could be requested, and if you do, you risk unintentionally giving them to a hacker.
Your ability to spot when a hostile person is attempting to steal your account information from you may be your strongest line of protection against being hacked.
"Phishing assaults are the most common technique that criminal actors infiltrate targets. They're also highly intelligent, says Mitnick.
For corporate clients, Mitnick's company routinely simulates phishing attempts to make sure that staff members are conversant with the most recent and common techniques. Some popular phishing scams make the misleading claim that they are from a bank or IT service you subscribe to and demand that you respond immediately or else face serious penalties. Your account details and passwords could be requested, and if you do, you risk unintentionally giving them to a hacker.
Be cautious and enter information or click on links only if you are positive that doing so is safe, advises Mitnick.
The guidelines should state that you should "never download anything unless you're expecting it or you ordered a piece of software" and that you "never click a link and put your username and password in something that you didn't initiate." "That's a basic set of rules that individuals ought to follow."