Note: This is a guest post written by Alan Clyde
Think about it. How many times recently has your private information been exposed? Target, Facebook, the federal government, Disney, LinkedIn… the list goes on and on of companies breached and hacked. In one attack alone, thieves stole 2.7 billion records including medical records, bank accounts, 401(k), nearly everything.
They used the stolen information to hack into other accounts and steal even more money. (Find out if your email has been compromised.) While the businesses that were attacked always promise to tighten security, let’s face it, the horse is out of the barn. Your data is long gone.
Cybercrime is out of control. It’s now considered a serious national security threat and a public health and safety concern. It’s growing and evolving. One major reason is that more companies paid in ransom increased more than 300 percent from 2019 to 2020, according to a report by the Institute for Security and Technology (IST).
Experts say businesses fall into a downward spiral that they’re unable to escape; where the business pays the ransom, gets bad publicity, more criminals learn about the payout and attack again.
Another reason for the spike in attacks is the majority of criminals never get caught. They often get paid in untraceable cryptocurrency. It’s costly and difficult to track them down and many jurisdictions are unable or unwilling to prosecute. Finally, technology, such as “ransomware as a service,” makes it easy for unsophisticated criminals to conduct attacks.
So, what can we do? The Texas-based company Red Maple™ set its mind on solving the problem. After years of research, the company has released a new software called Clever Division™ that protects businesses and their customers. The key to its security is simple. Clever Division never stores customers’ credit card numbers in their entirety. Instead, the software divides, scrambles and locks up the data in separate, secure vaults.
“Clever Division offers a breakthrough solution for merchants worldwide. It eliminates one of the main reasons hackers target websites – to access credit card data. All they will find now are partial numbers. In addition to protecting cardholder data, Clever Division greatly reduces the risk of ransomware attacks,” said Patrick Hodo, CTO of Red Maple.
While nothing can stop bots from random attacks, if a business is using Clever Division, they won’t find anything valuable to steal. With data scrambled and divided, there’s no reason for anyone to breach a business. The new software also protects companies from internal fraud and theft. No one in the business, including the merchant and employees, can access the full account and credit card information.
That’s a big relief for owners who don’t want the hassle, cost and responsibility of collecting and storing critical credit card information
While businesses can find protection, there is no silver bullet for government, academic and medical institutions or for personal accounts.
The IST says the only answer to stopping cybercrime is an “all hands-on-deck” approach, with support from the top, down. A Ransomware Task Force outlined 48 steps industry and officials can use to disrupt and mitigate the impact of attacks. Here are some of the top recommendations:
- Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- Governments should establish cyber response and recovery funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
- The cryptocurrency sector that enables ransomware crime should be more closely regulated.
- An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks.
Let’s be honest, passwords are hard to remember. Often you use the same one for different accounts. You’re not alone. More than half of the population uses the same password for work and personal accounts, according to a DataProt 2021 study. Even 57% of people who have been scammed still haven’t changed their passwords. Twenty-three million people still use the password “123456”.
“Using the same password for more than one account is a huge mistake,” says Troy Hunt, a Microsoft Regional Director and owner of the free site Haveibeenpwnd.com. He says once hackers breach one account, they use your credentials to try to break into your other accounts. It’s called “credential stuffing.” To make matters worse, they then sell your credentials on the dark web to other cybercriminals. You’ll get scammed again and again and again.
“When you use one unique password for each email, bank, investment, social media account, you turn each account into a fortress. Bad guys can’t access your other accounts, because even if your user name is the same, each password is unique. You’re essentially turning each account into a silo that’s tough to hack,” said Hunt.
Here are the best tips for creating strong passwords:
- Use a combination of at least eight characters that include a mix of numbers, symbols, capital and lower-case letters. These are the hardest passwords to crack.
- Create a phrase that’s easy to remember, replacing key letters with numbers or symbols like this: [email protected][email protected][email protected][email protected]
- Tap on “suggest strong password” and then use two-factor authentication like a fingerprint or face I.D.
- Consider using a password service such as Last Pass to manage your passwords across many devices.
A Digital Guardian survey found the average person has 90 online accounts. That’s a lot of passwords to remember. Troy Hunt advises people use password managers to help out. Password managers usually require people to only remember one master password to access all of their accounts.
Again, nothing will stop random, growing cyberattacks. But these recommended steps for businesses, institutions and individuals can prevent debilitating, lasting damage.