In early December 2020, one of the largest cybersecurity firms in the United States, FireEye, was hacked. This came on the heels of increasing false emergency calls as well as holiday scams. Since then, SolarWinds, a Texas company, has been hacked and is believed to have been targeted by Russia.
Senator Mark Warner told The New York Times, “This is looking much worse than I first feared. The size of it keeps expanding. It’s clear the United States government missed it.”
The New York Times reports that about 250 government agencies, as well as additional organizations, are believed to have been compromised by the cyber attack. Microsoft specifically noted that the SolarWinds Orion monitoring and management software was compromised; however, there has yet to be a report of Microsoft’s software being used to do harm.
CBS Sunday Morning’s report on the SolarWinds hacking paints the picture in a much clearer light – noting that the hacking (which did involve malicious updates) can be likened to a “cyber virus” infecting over 18,000 computer systems, putting a number of customers and their data at risk.
The cyberattack itself is a big deal given that hackers now have access to government agency information as well as other organizations’ information. The matter is much larger than just access, it’s also a matter of control.
David Sanger, a correspondent for The New York Times, told CBS News, “So, once you were inside, if you had the right access, you could do all kinds of things. If the network was connected to an electric power grid, to a gas pipeline, to a water distribution system, to a nuclear centrifuge plant, you might be able to manipulate the data and cause havoc in those systems. And that’s much more than mere espionage.”
The more significant concern centers around control once access has been “granted.”
The hackers targeted government agencies like the National Institutes of Health, the National Department of Homeland Security, and even U.S. nuclear programs. While the scope of the cyber attack has been widened, it’s especially important from a consumer perspective to consider how we’re managing our digital safety to help prevent attacks on our personal information.
Consumer Safety: 7 Digital Safety Tips to Remember for Your Security
Never share your passwords. The Zebra reports that 79% of Americans share their passwords, proving plenty of opportunities for this digital information to slip into the wrong hands. Never share your passwords, not even with your spouse. Let them create their own passwords to use.
Use complex passwords. Use a range of cases, numbers, and symbols whenever possible.
Change your passwords every 90 days. It’s recommended to create a new password for your accounts every 90 days.
Consider two-factor authentication. Whenever this option is made available to you, use it to put an additional step between potential hackers and your account information.
Don’t be so trusting of seemingly harmless social media games. While some games may genuinely be harmless, others could potentially be a way of stealing your personal information. Be wary about playing games on social media and sharing your account information.
Beware of email phishing attacks. Be wary of emails with misspellings, odd links, and requests for money or account information. Cyber attackers could be looking for ways to exploit your information or steal your funds.
Properly store information like your passwords, social security cards, and other sensitive information. Don’t keep your passwords taped underneath your keyboard (or worse yet on your monitor). Also, keep social security cards tucked away in a safe place at home, not in your wallet.