High net worth individuals are soft targets and face a constant onslaught of cyber threats
Most people know better than to take a stroll down a dark alley at night, or to travel alone through bad parts of town. The risk of getting mugged, attacked or even worse is far too great. Yet in the digital world today, individuals (especially those with significant wealth) are under constant threat. It’s gotten so bad that for many business executives, doctors, lawyers and others with high net worth, it’s not a matter of if they will be attacked, but rather when.
While hackers continue to target large enterprises and corporate networks, increasingly hardened and holistic corporate defenses have made the prospect of a successful direct attack on the enterprise increasingly difficult. As such, many cyber criminals have turned their attention towards individual people.
A recent report by Photon Research entitled “A Tale of Epic Extortions” illustrates just how big a problem targeted attacks against individuals have become. What they found was a little shocking. Hackers are being recruited by cyber criminals with offers starting at $360,000 a year to compromise executives, doctors and lawyers, with compensation nearing $1 million per year for experienced extortionists. With incentives like that, it’s a safe bet that more attackers will increasingly start turning their attention towards exploiting individual people.
Faced with these new personal cyber threats, high net worth individuals need protection now more than ever before. However, protecting yourself and your family from targeted attacks requires more than the generic consumer-grade information security and privacy protections currently available. Protection from targeted attacks requires the same kind of diligence that enterprises with mature cybersecurity programs show. You need to take your devices, online accounts, networks and digital identity into consideration in order to deploy adequate protections. Whether a hacker attempts to exploit your connected home A/V system to take over your home network or installs malicious software on your mobile devices to track your location, you need holistic cybersecurity capabilities to ensure that all threats will be identified and remediated regardless of the attack path used. In other words, you should take some of the best cybersecurity practices that are helping to defend corporations and deploy modified versions for your own personal protection.
Personal Security Best Practices
For most people, getting a handle on everything digital that can be used against them is a daunting task. It involves all traditional attack vectors like personal email accounts, the smartphones used by your children and the cloud service provider where you backup your photographs. But it also includes devices and services that don’t immediately come to mind when looking at personal cybersecurity. Is your Alexa search history safe? What about documents in your printer cache? Even things like your garage door opener or your Outlook calendar can potentially put you at risk.
With so much to consider, no list of best practices is probably ever going to be complete, and not everything will apply to all people. But by looking at a few key areas, you can improve your personal cybersecurity to the point where it might cause a frustrated hacker to move on to someone with a little less personal protection. Just as corporations protect their enterprise networks, system accounts, devices and communications technologies to provide defense in depth throughout corporate IT environments, you too can deploy a holistic set of capabilities to protect what matters most across your personal digital life. This highlighted best practices below is by no means a complete list, but can go a long way in protecting you, your assets and your family.
Home Network Security
Internet of Things (IoT). The devices that make your modern connected homes comfortable, efficient, and safe are also a common entry point for hackers. IoT devices such as home assistants, internet connected coffee makers, home theater and entertainment systems, and even security cameras can all be compromised. Your home network should have the ability to: block attacks, allow connections from only known devices, and monitor traffic to identify compromised devices.
Network Segregation. You probably have a password on the Wi-Fi network in your home. Hopefully, you changed that password from the default that the router shipped with. Unfortunately, most of us don’t configure our home network to keep family and guest devices separate. Without this kind of segregation any device connected to your network can see (and potentially compromise) all devices on your network.
Personal Device Security
Device Backup. Recovering from a cyber attack is often just as important as protecting against one — especially given one of the most damaging forms of attacks these days, ransomware, encrypts victims’ computers and holds their data hostage unless a ransom is paid. Maintaining a complete, protected backup will enable you to get things back to normal with only limited disruption or any data loss should the worst happen. This can be done at your home manually using an external hard drive, or with an automatic cloud-based backup system.
Device Updates. One of the easiest ways for an attacker to compromise your personal devices is if they are running old operating systems with known vulnerabilities. These have probably long since been patched, but if you are still running an older version, you are still vulnerable. All of your phones, tablets and computers should be set to automatically update their operating system. Additionally, you should update all the software and apps running on your devices whenever updates are available.
Encryption. Many attackers are trying to steal data off your devices. And if that data is stored in plain text, it makes it that much easier for them. All current devices that run MacOS, Windows, iOS, or Android, allow the user to turn on full-device encryption. This setting ensures that if your device is lost, stolen, or otherwise compromised, the data will still have a robust layer of protection that makes it inaccessible.
Account Security & Privacy
Two Factor Authentication (2FA). Sometimes referred to as two-step authentication, this secondary challenge is the most effective means of protecting online accounts from targeted attacks. 2FA is often deployed using a smartphone or other security device that receives or generates a random code which must be present (in addition to a username and password) during account login. 2FA should be used for every critical account and online asset, from email to banking.
Password Manager. Due to the limitations of memory, it’s tempting to use the same password on multiple sites. But that means that hackers who compromise one site gain access to many more. Having a password manager that stores an encrypted version of all your access phrases instead enables you to make passwords comprised of long nonsensical strings of codes and letters, as opposed to your child’s middle name or your mom’s birthday. Even more importantly, password managers allow you to use a unique password for every account. Stop remembering passwords, let a password manager do it for you.
Configure Privacy & Security Settings. Properly configured social media and other online accounts are necessary to avoid the accidental disclosure of sensitive information or the compromise of personal privacy. The default settings on many sites share information such as your location, purchase history, interests, and internet browsing patterns. The leakage of this information can be sharply curtailed by simply reviewing your account security and privacy settings.
Identity and Reputation Monitoring. Are there people out there already pretending to be you? Is your personal brand at stake? Monitoring for problems like this can quash them in the earliest of stages, before you are critically hurt.
Using a Virtual Private Network (VPN). Data is often most vulnerable when it’s in transit, and subject to prying eyes that know how to capture it. Creating a secure connection, or tunnel, between your personal computing devices and any other network or service that you use can prevent man-in-the-middle type of attacks where hackers try and capture data being sent through public channels in the clear. Most next generation firewalls these days also offer VPN tunneling, so try to only interface with remote devices that enable those kinds of connections.
Encrypted Messaging, Calls and Video. Hackers have been known to directly target individuals by cloning smartphones and sim cards, or redirecting texts and phone calls. Instead of trusting text messages and unencrypted calls, use an application that provides end-to-end encryption for messages, calls and video.
As hackers will always look for the path of least resistance, it is all the more important to ensure that there are no weak links in your cybersecurity armor. Ideally, all of these best practices are linked together in a holistic approach, which is both automated and monitored so that they are maintained and reinforced on an ongoing basis.
And don’t feel like you have to go on this quest for personal security alone. Just like there are hackers specializing in attacking individual people, there are also companies and organizations that now support people by protecting against them. In fact, finding a good protection partner with a holistic approach to cybersecurity can be the very best weapon in your personal security arsenal.