There’s been a good deal of talk about cyberattacks as part of the ongoing war in Ukraine. Chances are, there is a small-scale sub rosa cyber war going on right now. So, should you worry?
Rather than worry, I think you should simply be aware that systems can fail and plan accordingly. One day, for example, your ATM network may be down, so carry so extra cash. Another day, a utility you rely on could experience problems. Maybe the water system will issue an alert to boil water, or your electric utility will have an unexplained system outage. Your cell carrier could fail in one or more regions. Websites you rely on for news and information, or even for work, could be temporarily unreachable. Your town or county could get hit by ransomware, disrupting services and slowing police and EMS response.
In my opinion, it’s easier to knock a major city offline by using a backhoe than it is to hack it from thousands of miles away. It’s would also be easier for a small coordinated team with suppressed rifles to cause a massive blackout than it is to bring down the electric grid via an electronic intrusion. Either way, if you are prepared, then attacks like these are just inconveniences. They pale in comparison to a nuclear attack, an EMP strike, or crashing airplanes into buildings. So don’t worry, just prepare.
If attacks worsen, then you may want to start worrying. How could attacks worsen? Instead of disrupting services or taking them offline, a serious cyberattack would corrupt our infrastructure, and no one would know until it was too late. Imagine disabling safety equipment so the computerized tram at the airport doesn’t stop at the end of the line. Or the water purification plant fails to add chlorine and warnings are disabled. Maybe the radar controlling our air traffic control is knocked off line at several major airports. Those are examples of attacks.
That kind of attack is a sign that Russia is no longer trying to hide behind a wall of deniability and is ready to confront the United States not only in cyberspace, but possibly in the skies, on the oceans and on the battlefield. That’s when you should worry. At the first sign of a significant cyberattack, you should bug out or gather your family and bug in.
Protect Yourself and Your Data
As individuals, I think the danger of having your identity and financial information stolen and misused is greater than being targeted in a cyberattack by an enemy actor. There are plenty of criminal organizations that can hack and then sell your personal information, including credit card numbers. Then criminals will place false orders at online stores, buy gift cards at Walmart and other stores, and even apply for loans using your information. They may steal your personal information directly from your account, especially if you use a basic password or the same password for multiple accounts. They could also hack it from an online store, your favorite streaming service, a utility, your bank, a doctor’s office, or other institution that has your credit card data and personally identifying information.
The best way to protect your self is to use a good antivirus and always connect to the web via VPN. (Change the server, city and/or country through which you connect a couple times a day.) It’s also a good idea to block ads, turn off location services, and reject all cookies whenever possible. Then delete your cookies every couple of days or always surf using a private or incognito window, which should not to retain cookies. Most importantly, stay off social media, especially when using your phone. Your best bet is to remove any social media on your phone and either never use it or have a dedicated tablet you use just for social media.
It’s also important to change the default password on your network and network enabled devices, from your ring doorbell to your fancy new refrigerator. If the default password and username on your router is still Admin, you are asking for trouble. Changed it to something much longer and more complex using the tips above. Then create a guest account for your WiFi so you don’t have to share the main password with guests.
Build Better Passwords
Weak passwords are like leaving your front door open and an invitation to hackers. Here are two ways to create strong passwords:
Keep a large book handy. I have one that is more than 1,500 pages. Open the book to a random page and find a word near the beginning of the left-hand page that is at least five characters long. I just turned to page 404 and selected the word “burning.” Then turn to another page and repeat the process, starting at the bottom of the right-hand page and working backwards. I picked the word “Mallory” and the page was 1109. This gives me Burning404Mallory1109. I’ll fill in some non-standard characters and get Burning40$malLory!109. No one will guess that password, and it will also resist a dictionary attack.
Another way, which I like less but has its uses, is to use a familiar phase and add some numbers and characters. For this to be successful, you must use a long phrase. Let’s say we are going to use “row, row, row your boat, gently down the stream.” We’ll throw out the first part because of repetition. Then we add numbers in a progression. I’m going to pick 13 and also use a progression in capital letters. That gives us the following password: Gently13dOwn26thE39strEam52. The advantage is that you can remember Gently 13 and use that queue to recreate your password far easier than you can remember Burning40$malLory!109. You could even write down Gently13 and if someone found this cheat code, it’s unlikely they could use it to generate your true password.
This approach also works with passages from your favorite book, a lyric from a favorite song, a line from a meaningful poem. The key is to use a phrase you will not forget, but someone else is unlikely to guess. Also, avoid counting by single-digit numbers like two or five. A number like 47 is more useful.
Two Factor Authentication
When your bank texts you a six digit code, this is called two factor authentication, or 2FA. You may think it is secure, but that’s not really the case. It does not prove the identity of the person logging on, it just proves they have access to your phone. If someone is intent on hacking you, they can clone your phone or steal your number, giving them access to all your 2FA-protected accounts. It is far better to use an authenticator app or a secure ID, both of which generate a new 6-digit secure code every 60 seconds.
It should go without saying that you should protect your phone with at least the same level of intensity you would use to protect your debit card or wallet. Always use at least a six digit password and set your phone to delete its memory if someone tries the wrong password too many times. If you think someone, be it a criminal or law enforcement, is going to take your phone, try to turn it off. That forces them to use the passcode, not your finger or face to unlock it.
The Online Threat Factor
Yes, cyberattacks are real and could get worse, but they are unlikely to target you personally. The normal preps you have made should protect you if Russia or another group attacked cyber systems in your area.
Hackers, on the other hand, may target you or at least steal your data. Surf safely, do what you can to obscure your online identify, minimize your use of social media, and use robust passwords to protect yourself.