What, if anything, do you need to do in light of the massive SolarWinds compromise?
The details from one of the biggest hacks in history continue to come out, but we may never know just how much information was compromised.
The hackers used what is known as a “supply chain attack” on a tool used by tens of thousands of large companies and many government agencies, which potentially provided some form of access to them all.
As it pertains to the SolarWinds incident, there’s really nothing you can do directly since the compromise is widespread and had nothing to do with your computers or other devices under your control.
The biggest threat to you will likely be future attempts to target you based on the personal data that has been acquired from the hack.
The good news is that all of the existing cybersecurity advice designed to provide layers of protection still apply.
Passwords continue to be one of the weakest links in the security chain, especially when they are too short and used on multiple accounts.
No matter how well you manage your passwords, if the website you’re using it on gets breached, the bad guys will have it and potentially try to use it without you knowing.
The only way to keep them from using your password and simultaneously alert you to the fact that someone has acquired your password is by turning on two-factor authentication on every important account that you use.
One of the biggest targets in your home or business is the router, which is connected to every device on your network. If the bad guys can gain access to your router, they can potentially compromise any or all of your devices.
There are two major updates you need to make: The administrator’s password and the firmware, which is the software that controls the hardware.
If your router still has the factory default administrator’s password, it’s known by every hacker on the planet, so change it. The firmware update is how security updates are added to your router.
Spear-phishing scams are still one of the most efficient ways to start any “hack,” so treat every email or text message you get as “guilty, until proven innocent.”
Ransomware attacks are expected to become more sophisticated and prevalent, and the only way to avoid paying to get your data back is from a secure backup. Online backups are the best protection as they aren’t accessible like a local backup would be.
Review all your social media accounts for personal information such as phone numbers, your home address, date of birth, mother’s maiden name and purge it.
Credit Check Regularly
To reduce account and credit fraud, review your online accounts regularly, and if you have no plans to apply for credit, freeze your credit files.