How to Stay Ahead of Cybersecurity and Privacy Concerns

Cybersecurity and privacy are deeply connected; at its core, cybersecurity is about protecting information from being seen, used or exploited by anyone who is not authorized to do so. When these protections are broken, it can feel chaotic, dangerous and sometimes scary. On the organizational level, there can be repercussions that reverberate into the business (e.g., loss of money, time and resources). For individuals, having your sensitive information attacked is a blatant violation of privacy and can be deeply unsettling.

The more you know about cyber and information security, the better you can protect yourself and your organization from bad actors online. Get to know some different types of cyber threats in the following blog post, then follow best practices for keeping yourself safe.

Types of Cyber Threats

Cybercriminals are evolving with new technologies and trends. Stay aware of the following security risks when using digital devices, and especially wherever you store personal information.

Malware

According to the Cybersecurity and Infrastructure Security Agency, malware is “any software used to gain unauthorized access to IT systems in order to steal data, disrupt system services or damage IT networks in any way.”¹ Malware can take many forms: phishing, ransomware, worms, bots and more. Once malware is installed in its victims device, it can hide and/or duplicate itself to perform various nefarious functions, such as stealing and deleting data.

Ransomware

Ransomware is the most prominent type of malware used in cyber attacks, especially those on high-profile organizations. Ransomware attacks use encryption to make an organization’s internal data and files inaccessible to its owners, thus effectively holding the data at ransom. Usually, hackers will demand a payment or sensitive information to provide the key to unlock the encryption and access the data or system again.

Phishing

You’ve likely heard of or experienced a phishing campaign, as it’s one of the most common ways that cyber attackers exploit data security vulnerabilities. Hackers use botnets to send emails containing a malicious link or attachment, often loaded with malware. Once the recipient clicks on the message, a ransomware virus is installed on the user’s machine and any machine connected to the network, creating a ripple of defects.

Smishing

Smishing, a combination of the terms “SMS” and “phishing,” is a type of cybercrime that uses deceptive text messages to manipulate victims. Just as with phishing emails, the goal of smishing is to trick individuals into revealing private information that can be used for identity theft, financial theft or other fraudulent activities. Given how popular text messaging is today, smishing has become a significant concern in cybersecurity.²

An example of this would be a text message from what appears to be a delivery service telling you that you missed a delivery. The message will usually have a link that, when clicked on, takes you to a page that asks you to put in your personal information or pay a small fee to have the package delivered.

Denial of Service (DoS) Attacks

Distributed Denial-of-Service (DDoS) attacks are one of the oldest cybersecurity threats and have been around since the early days of the internet. There are many DDoS attack types, but they all follow a similar structure: malicious forces flood their hosts with heavy traffic to shut down email, websites, bank accounts or other online services. Overwhelmed by the requests, the system will either crash or begin limiting access to all users, even those who are permitted and registered to use it. While administrators and security professionals try to get back in, the attackers have free reign of all the host’s information, security controls, and functions and can do with it what they please.³

Some types of DoS attacks are: Packet Flood (SYN, UDP,ICMP), Zero-day, CharGen, Protocol Amplification, Slowloris, Ping of Death, Applications Levels attacks, IP Null, Multi-vector, and Multiple Fake Session.³ You can find out more about these attack types here.

Social Engineering

Social engineering scams are built around how people think and act. Preying upon a user’s human behavior, cyber criminals manipulate them to gain private information, access or valuables.⁴ A common form of this is requesting an older family member for money, saying that a younger family member needs it. These “human hacking” scams tend to lure unsuspecting users into exposing private data, spreading malware infections or giving access to restricted systems. Attacks can happen online, in-person and via other interactions, like a phone call.⁴

In addition, hackers try to exploit a user's lack of knowledge. Older generations who are less familiar with cybersecurity and best practices for mobile devices are a prime target, because they didn’t grow up with training on cyber risk and safety. Or, if someone is using a new software or website, they might try to convince them that sharing sensitive data is part of the process.

Privacy Concerns

Although cybersecurity issues can take many forms, there are some issues that specifically affect privacy. Most people value and protect their privacy, and there are numerous laws and regulations that protect it as well, so it’s important to stay aware of any cyber threats to your personal information.

Data Breaches and Data Leaks

A cybersecurity data breach occurs when someone gains unauthorized access to an organization's sensitive information. Once they force their way into a system, they can freeze, steal, alter or delete whatever they want.⁵ Data breaches are a boon for hackers, as they can collect enormous amounts of valuable information from one source very quickly. Cybercriminals use a diverse array of methods to do this; in 2022, they most commonly gained access through compromised passwords and phishing scams.⁶

A data leak, on the other hand, is usually not purposeful and happens from an error or accident.⁵ For companies, it’s usually an employee that inadvertently adds a private link somewhere or attaches confidential information to an email. Although it’s not ideal, a data leak can typically be resolved without major incident.

Surveillance and Online Tracking

Just as a surveillance camera tracks the comings and goings of anyone who enters its view, online surveillance is the act of tracking people and collecting information on them—with or without their consent.⁷ Online surveillance is like having someone look over your shoulder as you browse the Internet; they may not always do anything with what they’ve seen, but they have an awareness and knowledge of you that previously was private. The federal government and corporations who advertise are the primary purveyors of online surveillance.

The Department of Homeland Security, the FBI and the State Department are some of the many federal agencies that routinely monitor social platforms. From active investigations to screening immigrants, these agencies can use everything from Facebook posts to credit card statements to support their case.⁷ Most of this stems from the USA Patriot Act. Enacted in 2001, the Patriot Act grants the government extensive surveillance liberties, including access to phone, email, social media communications, bank and credit records and activity tracking online.⁸

In advertising, companies and brands can track the demographic information of anyone who clicks on their ad, how long they spend on the ad’s related website, what pages they look at, what places they visit afterward and much more. They then use this information to send you more targeted ads in the future. They can also track between your devices; if you look at an Instagram ad on your phone, you’ll receive ads or sponsored content from the same brand on your computer.

Best Practices for Protecting Against Cyber Threats

With all of the cyberattack options listed above, it can feel overwhelming and almost impossible to defend against them. But with the right information and tools, like what’s listed below, everyone can help stop cyber crime from spreading and creating too much damage.⁹

1. Create strong and unique passwords

If your password is easy to guess, then your accounts will be easy to hack. Most websites suggest or even mandate that your password has at least one capital letter, one number and one symbol ($, &, *, #) to make it more difficult to decipher. It’s also a good practice to create a password that is different from what you have on other sites.⁹ Although it would be convenient to use the same password for your personal and work emails, it increases the chance that someone could break into all of your most sensitive data once they learn the first password.

2. Use two-factor authentication

Having a two-step verification process creates one more barrier that outsiders must overcome to access your accounts and information. In two-factor authentication, you will log in or prove your identity through one method, then follow up with another.¹⁰ For example, you might log in to your bank’s mobile app with your password on your phone, and then they would email you a code to input as well. This way, even if someone knows your first password, they might not be able to get into your email to receive the code and pass the second point of entry.

3. Perform regular software updates and patches

Sometimes, companies will detect vulnerabilities in their systems, or become aware of a cyber attack, and must act quickly to address it. They will usually issue updates or “patches” to resolve the issue without overhauling every system. For Apple products, for example, users will receive a notification to make the latest software update, along with a description of what the update is addressing.

If you see that your mobile device, software, computer or security provider is asking you to perform an update, first check with an IT or cybersecurity professional to validate its authenticity. Then, perform the update as soon as you can. It’s also recommended that you check for updates manually whenever you know that there are fixes available.⁹

4. Employ safe browsing habits

Links with malware and other malicious code are rampant in hacking attempts. Even if the sender seems reputable, you can never be sure if someone is being impersonated. Always double check the links you click on: do they start with https or http? Are there any words misspelled? Are they unusually long, with several numbers and symbols?

Similarly, if a warning shows up on your browser to warn you that the site you’re visiting may be unsafe, or if it asks you to provide personal information or take immediate action on something, stop and ask a cybersecurity professional.

5. Think twice about what you share

Be wary of what information you share on the internet, especially if you have a public profile. Sharing locations, family member names, details on work and other personal identifiable information can work against you in several ways. Minor situations can arise, like a friend trying to guess your password from your pet’s name, or something more severe, like someone using your image and likeness to impersonate or blackmail you.

Protect Yourself & Your Organization

If you're interested in helping shape a smarter, safer world as a cybersecurity professional, consider how an online MS in Cybersecurity from the Katz School of Science and Health at Yeshiva University can accelerate your career and fast-track you to a leadership position.

Our 100% online Master of Science (MS) in Cybersecurity program focuses on the technical aspects of cybersecurity and its role in the business environment. With coursework in management strategy and training to excel on industry-standard certification exams, we prepare you to assume a leadership role and assemble a world-class team of experienced cyber professionals ready to defend today's complex business world.