Fear. A feeling that probably all of us are familiar with. Especially around Halloween, the potential for scares increases. Be it the fear of disguised, made-up figures or even the worry that your sensitive data will fall into the hands of unauthorized persons. Perhaps it’s no coincidence that October of all months is IT Security Month? In this article, we take a look at a few “IT horror stories”, how you can protect yourself from them and share some interesting figures.
1. Data Breaches
Let’s start with our initial scenario: to prevent personal data from falling into the hands of third parties, a strong password is essential, but in this day and age it requires even more protective measures. The use of multi-factor authentication (MFA) is crucial here. This has already been implemented in the RWTH Single Sign-On and some RWTH services, for example. It makes it more difficult for hackers to access accounts and limits access to sensitive information. It also makes it easier to identify the source of an attack in the event of a security breach. The fact is, increased protection is essential, as over 24 billion passwords and access data were circulating on the dark web in 2022 [1].
2. Loss of Data
We often put our trust in the wrong place. But how sure can we be that our password manager won’t be hacked? Hackers are always looking for the weakest point in the system. That’s why it’s crucial to protect every link in the security chain. An important step here is to grant each person only as much access as they actually need. This means that an infected account cannot cause too much damage and accidental disclosure of information is avoided.
If you are affected by an incident or even if you just suspect something, for example because emails were sent from your address that you did not send, you should definitely change your passwords. However, a study from 2021 shows that less than half of those affected (48%) change their password after a security incident – an unnecessary risk. [2]
3. Blackmail
Another threat in the digital world is blackmailers who use ransomware to hack into systems and demand a ransom.
Many victims mistakenly believe that everything will be fine again after paying the ransom. But even if you comply with the demands, there is still a risk that the data has been compromised in the meantime. The hacker could have copied it or made it accessible to others – possibly without even knowing it. In many cases, even the attackers lose control over what happens to the stolen data.
In the beginning, it is always important to keep a cool head. Often the reasons for the blackmail are not true. If it is about a specific service, you can simply ask again whether what is in the blackmail email is actually true. Is the company aware of such a data leak? It is always good to have a backup of your data in case something is stolen and can no longer be accessed.
4. Phishing Campaigns
Phishing campaigns are one of the most common methods used to steal sensitive information such as login details, credit card numbers or other personal data. Criminals often disguise themselves as reputable companies or lure their victims with supposed promises of winnings in order to deceive them. Indications could include an unclear sender, unexpected links or formatting and spelling errors.
In 2023, social media platforms were used as bait particularly frequently, accounting for 37.5% of reported phishing cases. [3]
Note on dealing with phishing at RWTH:
If you receive suspicious emails to your email address, it is better to play it safe and not click on any links or attachments provided.
We have summarized how you can better protect your account and what you can do in the event of a compromise in a blog post. You can also find help and instructions on IT Center Help.
5. No Technical Attacks
One type of attack that is often overlooked, but should not be underestimated, are those that do not require any technical tools. Criminals don’t always have to hack into systems – it’s often enough to simply look over your shoulder. While you are sitting outside in a café or on the train using your phone, tablet or laptop, unauthorized persons can simply take a look at the screen and view sensitive information. Disposed devices also harbor dangers: Smartphones, laptops or hard drives that end up unsecured in the trash can be recovered and exploited by criminals. If you want to avoid this, put protective film on your screens, only do the bare minimum outside and have your devices disposed of properly.
It’s scary what can happen, isn’t it? As you can see, IT security is not just a sensitive issue at Halloween, but all year round. Cyber threats are omnipresent.
So protect yourself and don’t let this nightmare come true.
Responsible for the content of this article is Julia Topp.
The following sources served as the basis for this article:
- [1] CPOMagazine
- [2] Identity Theft Resource Center
- [3] Welivesecurity
Leave a Reply