Protecting yourself against cyberattacks involves adopting simple and effective methods such as long and unique passwords on each website. I reveal in this article my simple and effective method to remember all your passwords without writing them in a notebook and without saving them in a password manager like Lockpass.
But first, do you know why your data is wanted by hackers?
What data hackers are looking for
At first glance you think that hackers want to steal your bank card numbers and this is the case. But this having become more complicated in recent years, hackers are looking to steal all types of easier data such as:
- email addresses (to try to find the password)
- passwords (to access all your private information)
- copy of identity card, lastnames and first names, birthdates, physical addresses, telephone number (to impersonate and take out credits in your name)
- copy of driving license (to impersonate your identity)
- social security number (same reason)
That’s why when you hear that a company has had its data stolen, it’s serious. The fact that they minimize by saying that it “only” leaked names, date of birth and addresses stolen, contrary to what may seem, it is a start or sometimes enough to usurp your identity by phone to call a bank, pick up a package or target an attack on a specific person to recover even more data.
To find out if your data has been stolen, enter your email on this site which lists the websites that have had attacks. You will see a message if your email appears in the databases of files for sale on the internet, which sites are concerned and which data has been stolen and are found online.
If you see a “Oh no — pwned!” alert, don’t worry too quickly but remember to change your passwords on these sites and activate the double authentication factor if your data is sensitive.
How to Protect Yourself From Cyber Attacks
Several simple and effective methods.
Make regular backups
Do you store your data, photos or other files online only? or only on computer? or on your phone? What if you lose access?
Save your datas on at least 2 different media.
It’s good to have confidence in the quality of your computer’s hard drive, it’s good to believe that a big company like Google or the cloud will keep your data online and won’t allow anyone to stole it or lose it, but that’s not enough.
Proof of this is that OVH the web host lost a datacenter which burned down in March 2021. 14,000 computer servers and 3.6 million websites were impacted, including 120,000 without backups. Backups burned. Thousands of companies have lost their customer data, orders, accounts…
This is why it is important to make backups on at least 2 media (3 recommended) and at regular intervals. Online (cloud) and offline if possible (external hard drive).
Over 15,000 attacks. This is the number of attempted intrusions blocked on this website at the time of writing this article.
Attacks are rarely manual and targeted at one person. They are most often large-scale attacks sent over the Internet with a script that tries to penetrate through a loophole on websites that are not up to date in terms of security. It’s like a car thief going to a large parking lot and touching all the car handles until he finds one unlocked. He can get in, the owner was negligent.
Softwares to update are Windows, MacOS, internet browsers, Android, mobile applications to secure them… It is therefore advisable to update as soon as the notifications appear.
Create strong passwords
“123456” or “Rocky” or your date of birth are not good passwords.
Hackers use software to crack passwords. They don’t guess it manually. When they have found your email address or website login ID, they will launch attacks to try to find the password. These attacks are:
- by attempt to try all the words in the dictionary
- and all dates of birth
Once the password is found, the hacker can access your account and collect other data that will be useful for hacking other services you use.
A good password is:
- unique (the password should be different on all sites)
- a sentence instead of a word
- long (minimum 8 letters but more than 15 is recommended)
- with lowercase, uppercase, numbers and special characters
- with double authentication (sending code by email or text message)
There are password managers so you don’t have to remember them all, but if you’re not confident, here’s my method to memorize all your different passwords from all sites without writing them down on a notebook.
Examples of bad passwords:
- 123456 (default)
- 03021998 (date of birth)
- Rocky (dog’s name)
- Joe2015 (name + year of birth)
- qwerty (current)
- Bigboss (video game account)
Examples of good passwords:
- hq4T3i8~$YZj*6 (good but hard to remember)
Method to have different passwords on each site without forgetting them
The method is:
- Choose a single password as the basis for all your sites
- This password will have uppercase, lowercase and numbers
- add at the end of this password (for each site) the first letter and the last letter of the name of the site to which you connect
- add a number (this number can be the same from one site to another)
- add a special character (can be identical too)
If my password was “IeatbigCRAKERS” and I created an account on the tartempion.com website, I would create a password like this:
The goal is not to be predictable so that if one of your passwords is hacked, it is not usable elsewhere, nor easily guessed. But I assure you, there are so many too simple passwords that hackers do not waste time in the details. They go to the easiest and hack the easy passwords. Thousands a day.
Trojan horse, malware, keylogger, spyware, ransomware… Each of them can do very, very badly and potentially destroy your memories or put your identity at risk.
- Trojan is a useful and free software that you install yourself but which hides a secret malicious function to connect remotely on your computer. You know the Greek legend, well it’s the same. It installs on your computer. 73% of computers have a Trojan horse according to a 2014 study by the Association of Internet Security Professionals.
- the malware can spy on your computer. It is installed during the installation of software, or by clicking on an infected internet link or an infected attachment.
- the keylogger allows you to record all your keystrokes. Thus a hacker can recover all the information typed and recover the identifiers and passwords of websites. It is to avoid the theft of passwords that some websites ask to click with the mouse on numbers instead of typing them on the keyboard (bank for example)
- spyware records what you do on the internet. It does not always have bad intentions, it sometimes has its uses to offer you targeted advertisements on your browsing history.
- Ransomware blocks access to your files with a password. You must then pay a ransom to recover the decryption key. You usually have to pay in Bitcoin, know how to act and quickly, which is complicated. Ransomware is usually caught by clicking on an email attachment from a stranger.
An Avast-type antivirus (free) is already a good start. A more complete paid antivirus makes it possible to limit viruses and hacking such as ransomware even better. A Windows Defender-type firewall also makes it possible to limit attacks.
Educate yourself and learn the traps of hackers
The number 1 problem is unfortunately not IT and security breaches.
Although website hacking exists and your data entrusted to an online third party is stolen, most hacks involve the people between the mouse and the chair (that’s you!).
Indeed, the lack of information in computer hygiene means that the weak link in the hacking chain is often the person who will “open the door” by clicking on a link, installing a utility software, downloading an attachment or by entering their details on a fake imitator website. You have to understand hackers and pay attention to their tricks.
This is the number 1 reason for hacking and no one is immune.
Phishing is an online fraud technique used to obtain sensitive datas such as passwords, credit card numbers or banking information. Hackers generally use e-mails, text messages or instant messages on social networks that appear to come from reliable sources (banks, paid services, etc.) or friends, such as a trusted company or organization, to encourage users to provide personal information.
Phishing emails use cybersquatting. They imitate real legitimate sites (often with misspellings in the web address) but which have been created to deceive and collect personal information. Users who click on these links and provide information on these sites may become victims of identity theft or fraud.
You have to protect yourself against phishing, in particular by being vigilant when you receive e-mails or messages that request personal information. Checking the sender’s email address is a good practice (ex: wellfargo.com is not a bank. did you see that missing letter?). It is important never to provide personal information to companies that are supposed to already have this information and to educate your children and older parents to better identify fraud.
If your data gets lost, stolen, deleted, or encrypted, you need to find a way to recover it in several ways. This is why you need backups. It is important to make regular backups on different media.
But to avoid getting hacked and stay safe, prevention is best. It’s best to update the software and mobile apps you use, create unique and hard-to-guess passwords, install antivirus, and do not share your private information with misidentified companies.
Now, you should be able to know what to do to better protect yourself from cyberattacks and to ensure you have a plan B to recover your data in case it is compromised.