Cultivate Cybersecurity Awareness
After completing this unit, you’ll be able to:
- Describe common types of cyberattacks.
- List the impacts of cyberattacks.
- Define your own digital footprint.
What Do Hackers Actually Do?
In the previous unit, we provided a general overview of what hackers do (steal unauthorized information) and what they are generally after (assets). We also described the three biggest categories of data that hackers hunt for: personal payment information (PPI), personally identifiable information (PII), and personal health information (PHI).
We hear about large-scale data breaches impacting organizations, communities, and countries on the news. But what are some examples of common cyberattacks individuals might experience? Remember: Anything digitized is vulnerable to attack, and that includes the technology we use to go about our daily lives, such as cell phones, laptops, mobile devices, and even modes of transportation.
Let’s look at some of the most prevalent cyberattacks. As we learn more about these, we can better understand the best ways to protect ourselves from them.
- Email attacks
- Malware, ransomware, and viruses
- Social network hacking
- Cyberattacks while traveling
Digital communication channels of any kind are vulnerable to attack, including email. There’s a reason why most email platforms include a Spam folder, designed to automatically stow suspicious messages that could contain viruses or other forms of malware. However, some malicious emails can slip past these basic security checkpoints and land in your inbox.
Phishing refers to any attempt to steal user data by compelling that user to open an email, click a malicious link, or download malware, which we define next. It’s the most common type of email attack out there, and for good reason, such emails can be incredibly convincing. A well-constructed phishing email can dupe a user into believing that they’re receiving communication from their bank, for example, or that there’s an issue with their car insurance plan.
Malware, Ransomware, and Viruses
Malware is malicious software designed to damage or disrupt a system. Malware can grant unauthorized access to a system or network. Viruses are the most common type of malware attack. These damage target systems by hijacking browsers, corrupting data, reformatting hardware, infecting files, or otherwise altering the way a computer operates. Such viruses are designed to spread from system to system, especially after an unsuspecting user grants them access, such as through clicking a suspicious URL, downloading a file, or running a program.
Viruses are very common. You’ve likely heard of them already or even had to deal with one yourself! It’s why antivirus software exists, programs designed to catch and prevent the spread of malware in the form of viruses.
Ransomware is also malicious software. Ransomware blocks access to a computer system by encrypting and essentially locking the data. Attackers who implement ransomware then demand a large sum of money to enable access again. Ransomware can be particularly harmful, and not just from a financial perspective. It can compromise important data and keep people from accessing and using that data.
Social Network Hacking
Many of us use social networks and media platforms to connect with friends, family, colleagues, and communities. We send messages through these platforms, post public information, and exchange and consume media.
One of the most common types of social network hacking is spoofing, which occurs when attackers hack into an account to post—or take other action—as that group or individual. There are many examples in recent history of hackers who have spoofed high-profile accounts of public figures using social media. Some social hacking efforts have even leaked classified government information.
Cyberattacks While Traveling
Travel in today’s digital age often involves carting our devices along with us to our final destination. You might bring your tablet on an airplane, for example, or send emails from your laptop as you travel by train. Let’s review some of the ways you may be at risk while traveling.
Juice jacking occurs when a public charging port secretly doubles as a data connection. When users plug in a cell phone or other device to such a port, their sensitive data flows into that port and is compromised in some way. In some cases, charge ports may require users to input sensitive information to access power, which is always a red flag!
Cyberattacks while traveling aren’t always complex, however. They can be as simple as a malicious actor stealing your cell phone while you’re waiting to board a plane. Or it can be a fellow traveler peeking over your shoulder as you’re accessing your online banking profile, potentially putting your financial data at risk. Let’s follow Qiara again to see how she puts cybersecurity mindfulness into practice as she travels for spring break.
While Qiara waits to board her flight at the airport terminal, she realizes her cell phone is nearly out of battery. She searches for the nearest plug-in and finds a USB charger at a public charging station. When she plugs her phone in, she notices a strange popup message requesting her to input her name, email address, and gmail password in order to use the station.
She remembers from her cybersecurity seminar that suspicious requests like this are a good indication of hacking risk. Plus, she shouldn’t have to enter personal information just to charge a device! She unplugs her phone without entering any details, feeling relieved that she just avoided a potential incident of juice jacking. She resolves to invest in her own portable charge pack so that she can securely power her devices when she’s on the go.
The Impact of Cybercrime
What happens when attackers are successful in their efforts? In many cases, successful cybercrime poses immense cost, both financial and nonfinancial, to those impacted.
Outside of the financial cost of cybercrime, organizations face harm to their reputation, damage to physical property, lost productivity, theft of intellectual property, and much more. Attacks on organizations can also impact those companies’ customers if hackers are after customer data.
What could happen if you personally fall victim to any of the cyberattacks that we’ve described in this unit, such as phishing, ransomware, or juice jacking? It depends on the attack and the hacker’s intent, but such cyberattacks could lead to identity theft, which occurs when a malicious actor uses personally identifying information to commit fraud or other crimes in your name. Cyberattacks on individuals can also compromise personal finances, device hardware and files, and social reputation.
There’s good news in all of this, however: Knowing the risk and possible impact of such attacks is the first step to guarding against them! Cybersecurity impacts everyone, and good cybersecurity begins with solid awareness. Let’s explore ways that you can build awareness so that you can effectively mitigate risk.
Your Digital Footprint
Take a moment now to assess your digital footprint. Your digital footprint consists of the data tracks you leave online and across devices on a daily basis. Identifying the scope of your digital footprint is critical to staying cyber safe. In many cases, we don’t realize just how much information about ourselves we’re putting out there on the web!
Here are some great example questions to ask when evaluating your digital footprint.
- What is my social media usage like?
- What social networks do I use?
- How do I typically engage with these networks?
- What are my privacy settings on these networks?
- What could somebody learn about me based on what I post online?
- Which mobile devices do I use, and how do I typically use them?
- Where do I input sensitive information, such as credit card information, social security numbers, or medical data?
- What other technology do I engage with daily, and how do I engage with it?
- Who has access to my sensitive information?
- Does my digital footprint allow for anyone to learn about my hobbies, family, location, educational background, or career?
- What appears when I Google myself?
Identifying the extent of your digital footprint can be illuminating! It’s also important for building a solid cyber hygiene framework, which we discuss in the next unit. For now, let’s learn how Qiara tracks her own digital footprint to stay cyber safe.
Qiara knows that technology is a big part of her world, but she has never actually identified just how much data she’s putting out there via the devices she regularly uses. As homework for her cybersafety seminar, she lists out the data trails that make up her digital footprint.
She figures out that she has 30 sets of usernames and passwords for various online accounts, three email addresses she doesn’t use, and saved payment information on her Google account for four personal credit cards. She’s also most active on two of the four social media platforms she uses, and does not have security settings in place for either. Qiara inspects recent posts on these two platforms and finds that she’s actively shared information about her spring break travel plans, family members, and university enrollment.
There’s more to add to her list, but for now, she has a solid awareness of her data tracks. She's eager to learn about how to protect those data tracks more effectively, which we dive into in the next unit.
We covered a lot of ground in this unit! Ready to review what you’ve learned? The following knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the term in the left column next to the appropriate scenario in the right column. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Great work! It's time to learn about cyber safety in the next unit. Let's go!